[RTFACT-14884] Unable to switch to system role from within a method Created: 01/Sep/17  Updated: 14/May/18  Resolved: 14/May/18

Status: Resolved
Project: Artifactory Binary Repository
Component/s: Plugins
Affects Version/s: 5.3.2
Fix Version/s: None

Type: Bug Priority: Normal
Reporter: Krzysztof Malinowski Assignee: Unassigned
Resolution: Done Votes: 0
Labels: None


 Description   

asSystem block does not work correctly when attempting to use from a method:

test-assystem.groovy
import org.artifactory.security.RealmPolicy
import org.artifactory.security.User

realms {
    testAsSystem(autoCreateUsers: false, realmPolicy: RealmPolicy.ADDITIVE) {
        authenticate { username, password ->
            log.debug('Initializing: running as {}', security.currentUsername)
            asSystem {
                log.debug('Switching context: running as {}', security.currentUsername)
            }
            try {
                doSomething()
            } catch (Exception e) {
                log.warn('Failed to do something: {}', e.message)
            }
            log.debug('Finalizing: running as {}', security.currentUsername)
            return true
        }

        userExists { username ->
            return true
        }
    }
}

void doSomething() {
    log.debug('Doing something: running as {}', security.currentUsername)
    asSystem {
        log.debug('Doing something as system: running as {}', security.currentUsername)
    }
}
artifactory.log
2017-09-01 14:42:11,781 [http-nio-8081-exec-218] [DEBUG] (test-assystem       :7) - Initializing: running as anonymous
2017-09-01 14:42:11,787 [http-nio-8081-exec-218] [DEBUG] (test-assystem       :9) - Switching context: running as _system_
2017-09-01 14:42:11,787 [http-nio-8081-exec-218] [DEBUG] (test-assystem       :27) - Doing something: running as anonymous
2017-09-01 14:42:11,789 [http-nio-8081-exec-218] [WARN ] (test-assystem       :14) - Failed to do something: No signature of method: org.artifactory.addon.plugin.DefaultMethodsDelegate.doSomething() is applicable for argument types: () values: []
Possible solutions: toString(), toString()
2017-09-01 14:42:11,789 [http-nio-8081-exec-218] [DEBUG] (test-assystem       :16) - Finalizing: running as anonymous

Please re-work asSystem support to be able to use also from methods. It is important to elevate privileges for as little work as required and not for the whole plugin.



 Comments   
Comment by Yehuda Hadad [ 14/May/18 ]

Hi Krzysztof,

The described behavior is Artifactory desired behavior, the function you have created not familiar with the "assystem" closure, and it is possible to use it only inside Artifactory's execution points (Download, Storage and etc).

Comment by Krzysztof Malinowski [ 14/May/18 ]

Fair enough. If that limitation is by design, please state it clearly in the documentation.

Still, you might want to reconsider it in future. When impossible to use asSystem within method, the only way is to run whole the code within asSystem block on the top-level, which impacts either security or code design (and maintainability).

Generated at Tue Jan 21 12:24:17 UTC 2020 using JIRA 7.6.16#76018-sha1:9ed376192612a49536ac834c64177a0fed6290f5.