[RTFACT-15441] Repo listing request is not accepted (403) with access token Created: 08/Dec/17  Updated: 19/Nov/18  Resolved: 05/Nov/18

Status: Resolved
Project: Artifactory Binary Repository
Component/s: None
Affects Version/s: None
Fix Version/s: 6.6.0

Type: Bug Priority: Normal
Reporter: Ariel Kabov Assignee: Yoaz Menda (Inactive)
Resolution: Fixed Votes: 2
Labels: None

Issue Links:
Duplicate
is duplicated by RTFACT-16369 Access tokens created a for a user ar... Resolved
Assigned QA: Barak Hacham
Sprint: Leap 34

 Description   

While there is no issue at all to go to the following path un-authenticated:

http://localhost:8081/artifactory/jcenter

Also with cURL:

curl -vvv -L http://localhost:8081/artifactory/jcenter/

results in 200

The following also returns with '200':

curl -uadmin:password -vvv -L http://localhost:8081/artifactory/jcenter/

When using an Access Token as password with basic authentication or putting access token into the header, this returns:

{
  "errors" : [ {
    "status" : 403,
    "message" : "Request path not allowed"
  } ]

In the request.log I see:

20171208145035|164|REQUEST|82.81.195.5|token:arielk|GET|/jcenter|HTTP/1.1|302|0
20171208145035|25|REQUEST|82.81.195.5|token:arielk|GET|/ui/nativeBrowser|HTTP/1.1|403|0
20171208145035|65|REQUEST|82.81.195.5|non_authenticated_user|GET|/jcenter/|HTTP/1.1|403|0

However without the token I get:

20171208145758|545|REQUEST|82.81.195.5|arielk|GET|/ui/nativeBrowser|HTTP/1.1|200|0
20171208145758|592|REQUEST|82.81.195.5|non_authenticated_user|GET|/jcenter/|HTTP/1.1|200|0


 Comments   
Comment by Edd Grant [ 02/May/18 ]

We're hitting this issue too. Would be great if someone from JFrog could comment on any advised workarounds and/ or an rough estimate for when this might be looked at. 

Using Artifactory OSS, Version: 5.10.1, Revision: 51001900

Generated at Sun Oct 20 11:54:56 UTC 2019 using JIRA 7.6.16#76018-sha1:9ed376192612a49536ac834c64177a0fed6290f5.