1. Sebastian Sebastian
  2. scm-manager

Issues

Issue #18 resolved

User able to pull files without having rights on this repository

Anonymous created an issue

When pulling and pushing data to a remote repository I uses a user (LDAP) which is set up in the system and is part of a Group but which is not set up to the repository (maybe earlier but removed from the list).

By accident this user have access to these files.

10:59:49.117 [qtp1377187-20] DEBUG sonia.scm.web.security.ChainAuthenticatonMana ger - authenticator sonia.scm.web.security.XmlAuthenticationHandler ends with result, user: null, state: NOT_FOUND

10:59:50.055 [qtp1377187-20] DEBUG sonia.scm.web.security.ChainAuthenticatonMana ger - authenticator sonia.scm.auth.ldap.LDAPAuthenticationHandler ends with result, user: xxx, state: SUCCESS

10:59:50.055 [qtp1377187-20] DEBUG sonia.scm.web.security.BasicSecurityContext - user xxx is member of yyy, zzz

Comments (3)

  1. Anonymous

    looks like this was an update problem on repository.xml

    Web page was not showing user xxx with rights on test repository but after refreshing list user exists again

    User xxx was still in the list for test repository. After removing this user a second time he is removed from repository.xml and access was denied.

    Web page is not showing user xxx with rights on test repository even after refreshing list user is not existing again.

    yyy and zzz are local groups.

    Will check if problem comes back again......

  2. Log in to comment