Details
-
Bug
-
Status: Closed
-
Minor
-
Resolution: Cannot Reproduce
-
1.1
-
None
-
None
Description
steps to reproduce:
- access a repository that has read restriction, log in via the HTTP challenge response and successfully access it
- restart server
- access an artifact URL (do not browse the repository) from the same browser session.
The logs show:
2008-07-30 15:51:41,083 [btpool0-9] INFO org.apache.maven.archiva.security.ArchivaServletAuthenticator - Authorization Denied [ip=0:0:0:0:0:0:0:1%0,
isWriteRequest=false,permission=archiva-read-repository,repo=testing] : no matching permissions
This is a result of the first request coming through such that a null result is passed to isAuthenticated. The code for that is:
if ( result != null && !result.isAuthenticated() ) { throw new AuthenticationException( "User Credentials Invalid" ); } return true;
As you can see, a null result is treated as being "authenticated", though there is really no information as to whether that is the case.
The request later works, so I don't know if this is a bug or not, or just poor logging.
Attachments
Issue Links
- is duplicated by
-
-
- Closed
-