Details
-
Bug
-
Status: Resolved
-
Minor
-
Resolution: Fixed
-
1.3.0
-
None
-
Important
Description
After implementing sftp access control by overriding SimpleAccessControlSftpEventListener and adding it to SftpSubsystemFactory:
Scenario:
1.set SimpleAccessControlSftpEventListener.isModificationAllowed to return false
2. Establish connection with WinScp
3. try to create new file
expected result: access denied message + no influence on file system
actual: access denied message, + empty file is written to server disc.
in addition if existing file is opened, and being saved --> result is that file content of is removed.
Attached configuration code:
SftpSubsystemFactory.Builder builder = new SftpSubsystemFactory.Builder(); builder.addSftpEventListener(new SimpleAccessControlSftpEventListener() { protected boolean isAccessAllowed(ServerSession session, String remoteHandle, Path localPath) throws IOException { EUserAccessLevel level = authorizationManager.getAccessLevel(session.getUsername()); return level.hasReadAccess(); } protected boolean isModificationAllowed(ServerSession session, String remoteHandle, Path localPath) throws IOException { EUserAccessLevel level = authorizationManager.getAccessLevel(session.getUsername()); return level.hasWriteAccess(); } }); sshd.setSubsystemFactories(Collections.singletonList(builder.build())); sshd.setCommandFactory(new ScpCommandFactory());