Uploaded image for project: 'Artifactory Binary Repository'
  1. Artifactory Binary Repository
  2. RTFACT-18499

Password for access-admin and admin changed by the security import api

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Done
    • Resolution: Fixed
    • Affects Version/s: 6.7.3
    • Fix Version/s: 6.8.0, 6.7.5
    • Component/s: None
    • Labels:
      None
    • Severity:
      Medium
    • Regression:
      Yes
    • Requirement Status:

      UNCOVERED

      Description

      Customer is using security.xml export/import APIs as following. And after the exported security.xml is imported into the target, it is noticed that the original passwords for admin and access-admin users become invalid.

      Other observation: LDAP credentials are working fine.  And the password for another local user(with admin priv) in the target did not become invalid in the same import.

      https://www.jfrog.com/confluence/display/RTF/Artifactory+REST+API#ArtifactoryRESTAPI-SecurityConfiguration(Deprecated)

      curl -uadmin:<password> -X GET http://localhost:8081/artifactory/api/system/security -o source_security.xml
      

      https://www.jfrog.com/confluence/display/RTF/Artifactory+REST+API#ArtifactoryRESTAPI-SaveSecurityConfiguration(Deprecated)

      curl -X POST -uadmin:<password> "http://localhost:8081/artifactory/api/system/security" -T source_security.xml
      

      This issue exists with and without 'overwrite=true' flag in the above import api(POST)

      This issue behavior did not exist in 6.5.x

       

        Attachments

          Activity

            People

            Assignee:
            Unassigned
            Reporter:
            pradnyas Pradnya Shinde
            Votes:
            2 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: