Uploaded image for project: 'Artifactory Binary Repository'
  1. Artifactory Binary Repository
  2. RTFACT-18499

Password for access-admin and admin changed by the security import api

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Normal
    • Resolution: Fixed
    • Affects Version/s: 6.7.3
    • Fix Version/s: 6.8.0, 6.7.5
    • Component/s: None
    • Labels:
      None
    • Regression:
      Yes

      Description

      Customer is using security.xml export/import APIs as following. And after the exported security.xml is imported into the target, it is noticed that the original passwords for admin and access-admin users become invalid.

      Other observation: LDAP credentials are working fine.  And the password for another local user(with admin priv) in the target did not become invalid in the same import.

      https://www.jfrog.com/confluence/display/RTF/Artifactory+REST+API#ArtifactoryRESTAPI-SecurityConfiguration(Deprecated)

      curl -uadmin:<password> -X GET http://localhost:8081/artifactory/api/system/security -o source_security.xml
      

      https://www.jfrog.com/confluence/display/RTF/Artifactory+REST+API#ArtifactoryRESTAPI-SaveSecurityConfiguration(Deprecated)

      curl -X POST -uadmin:<password> "http://localhost:8081/artifactory/api/system/security" -T source_security.xml
      

      This issue exists with and without 'overwrite=true' flag in the above import api(POST)

      This issue behavior did not exist in 6.5.x

       

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              pradnyas Pradnya Shinde
            • Votes:
              2 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: