Uploaded image for project: 'Artifactory Binary Repository'
  1. Artifactory Binary Repository
  2. RTFACT-8666

It is possible to change anonymous user's credentials and details through the UI

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Normal
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 4.4.0
    • Component/s: Web UI
    • Labels:
      None

      Description

      Steps to reproduce:
      1. open two tabs with the same admin user
      2. go to edit the admin users details (email/credentials)
      3. start changing the email and/or password
      4. go to the second tab and logout
      5. go back to the original tab and save

      result:
      the anonymous password now have an email and/or password. If you will try to browse AR you will get exception:
      org.springframework.security.authentication.BadCredentialsException: Bad credentials
      org.springframework.security.authentication.dao.DaoAuthenticationProvider.additionalAuthenticationChecks(DaoAuthenticationProvider.java:87)
      org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:149)
      org.artifactory.security.db.DbAuthenticationProvider.authenticate(DbAuthenticationProvider.java:47)
      org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:156)
      org.artifactory.security.RealmAwareAuthenticationManager.authenticate(RealmAwareAuthenticationManager.java:64)
      org.artifactory.webapp.servlet.AccessFilter.useAnonymousIfPossible(AccessFilter.java:295)
      org.artifactory.webapp.servlet.AccessFilter.doFilterInternal(AccessFilter.java:191)
      org.artifactory.webapp.servlet.AccessFilter.doFilter(AccessFilter.java:155)
      org.artifactory.webapp.servlet.RequestFilter.doFilter(RequestFilter.java:65)
      org.artifactory.webapp.servlet.ArtifactoryFilter.doFilter(ArtifactoryFilter.java:116)

      Current workaround is to delete the anonymous user from etc/security.xml and restart AR.

        Attachments

          Activity

            People

            • Assignee:
              shayy Shay Yaakov (Inactive)
              Reporter:
              eranb Eran Blumenthal
              Assigned QA:
              Gal Raif
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: