[RTFACT-8666] It is possible to change anonymous user's credentials and details through the UI Created: 24/Nov/15  Updated: 14/Nov/17  Resolved: 28/Dec/15

Status: Resolved
Project: Artifactory Binary Repository
Component/s: Web UI
Affects Version/s: None
Fix Version/s: 4.4.0

Type: Bug Priority: Normal
Reporter: Eran Blumenthal Assignee: Shay Yaakov (Inactive)
Resolution: Fixed Votes: 0
Labels: None

Assigned QA: Gal Raif

 Description   

Steps to reproduce:
1. open two tabs with the same admin user
2. go to edit the admin users details (email/credentials)
3. start changing the email and/or password
4. go to the second tab and logout
5. go back to the original tab and save

result:
the anonymous password now have an email and/or password. If you will try to browse AR you will get exception:
org.springframework.security.authentication.BadCredentialsException: Bad credentials
org.springframework.security.authentication.dao.DaoAuthenticationProvider.additionalAuthenticationChecks(DaoAuthenticationProvider.java:87)
org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:149)
org.artifactory.security.db.DbAuthenticationProvider.authenticate(DbAuthenticationProvider.java:47)
org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:156)
org.artifactory.security.RealmAwareAuthenticationManager.authenticate(RealmAwareAuthenticationManager.java:64)
org.artifactory.webapp.servlet.AccessFilter.useAnonymousIfPossible(AccessFilter.java:295)
org.artifactory.webapp.servlet.AccessFilter.doFilterInternal(AccessFilter.java:191)
org.artifactory.webapp.servlet.AccessFilter.doFilter(AccessFilter.java:155)
org.artifactory.webapp.servlet.RequestFilter.doFilter(RequestFilter.java:65)
org.artifactory.webapp.servlet.ArtifactoryFilter.doFilter(ArtifactoryFilter.java:116)

Current workaround is to delete the anonymous user from etc/security.xml and restart AR.


Generated at Mon Aug 26 07:20:20 UTC 2019 using JIRA 7.6.3#76005-sha1:8a4e38d34af948780dbf52044e7aafb13a7cae58.