You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@continuum.apache.org by "Maria Catherine Tan (JIRA)" <ji...@codehaus.org> on 2009/06/18 12:01:15 UTC
[jira] Created: (CONTINUUM-2272) Able to add secured projects
without credentials
Able to add secured projects without credentials
------------------------------------------------
Key: CONTINUUM-2272
URL: http://jira.codehaus.org/browse/CONTINUUM-2272
Project: Continuum
Issue Type: Bug
Components: Core system
Affects Versions: 1.2
Reporter: Maria Catherine Tan
1. add a secured project without entering any credentials and do not click 'use scm credentials'
2. click add button
--> Will have an authorization error while trying to add the project
3. Repeat steps above but this time with credentials
--> Successfully added the project
4. Repeat steps #1&2 but this time choose a different group (continuum does not allow adding the same project to the same group)
--> Successfully added the project
#4 should still show an authorization error instead of successfully adding the project.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (CONTINUUM-2272) Able to add secured projects
without credentials
Posted by "Wendy Smoak (JIRA)" <ji...@codehaus.org>.
[ http://jira.codehaus.org/browse/CONTINUUM-2272?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=181179#action_181179 ]
Wendy Smoak commented on CONTINUUM-2272:
----------------------------------------
Added requirements doc in r787528. It should show up here shortly: http://continuum.apache.org/ref/1.4.0-SNAPSHOT/credentials.html
> Able to add secured projects without credentials
> ------------------------------------------------
>
> Key: CONTINUUM-2272
> URL: http://jira.codehaus.org/browse/CONTINUUM-2272
> Project: Continuum
> Issue Type: Bug
> Components: Core system
> Affects Versions: 1.2
> Reporter: Maria Catherine Tan
> Assignee: Maria Catherine Tan
> Fix For: 1.3.4
>
> Attachments: CONTINUUM-2272-credentials_handling.pdf
>
>
> 1. add a secured project without entering any credentials and do not click 'use scm credentials'
> 2. click add button
> --> Will have an authorization error while trying to add the project
> 3. Repeat steps above but this time with credentials
> --> Successfully added the project
> 4. Repeat steps #1&2 but this time choose a different group (continuum does not allow adding the same project to the same group)
> --> Successfully added the project
> #4 should still show an authorization error instead of successfully adding the project.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (CONTINUUM-2272) Able to add secured projects
without credentials
Posted by "Maria Catherine Tan (JIRA)" <ji...@codehaus.org>.
[ http://jira.codehaus.org/browse/CONTINUUM-2272?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=181044#action_181044 ]
Maria Catherine Tan commented on CONTINUUM-2272:
------------------------------------------------
For this issue, I did not perform any build or release. Just try to add the same project without credentials.
The disabled test is in AbstractContinuumProjectBuilderTest
> Able to add secured projects without credentials
> ------------------------------------------------
>
> Key: CONTINUUM-2272
> URL: http://jira.codehaus.org/browse/CONTINUUM-2272
> Project: Continuum
> Issue Type: Bug
> Components: Core system
> Affects Versions: 1.2
> Reporter: Maria Catherine Tan
> Assignee: Maria Catherine Tan
> Fix For: 1.3.4
>
>
> 1. add a secured project without entering any credentials and do not click 'use scm credentials'
> 2. click add button
> --> Will have an authorization error while trying to add the project
> 3. Repeat steps above but this time with credentials
> --> Successfully added the project
> 4. Repeat steps #1&2 but this time choose a different group (continuum does not allow adding the same project to the same group)
> --> Successfully added the project
> #4 should still show an authorization error instead of successfully adding the project.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (CONTINUUM-2272) Able to add secured projects
without credentials
Posted by "Wendy Smoak (JIRA)" <ji...@codehaus.org>.
[ http://jira.codehaus.org/browse/CONTINUUM-2272?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=180822#action_180822 ]
Wendy Smoak commented on CONTINUUM-2272:
----------------------------------------
Has the documentation been updated for this change?
Also, I don't see that any tests were added/updated for this change?
> Able to add secured projects without credentials
> ------------------------------------------------
>
> Key: CONTINUUM-2272
> URL: http://jira.codehaus.org/browse/CONTINUUM-2272
> Project: Continuum
> Issue Type: Bug
> Components: Core system
> Affects Versions: 1.2
> Reporter: Maria Catherine Tan
> Assignee: Maria Catherine Tan
> Fix For: 1.3.4
>
>
> 1. add a secured project without entering any credentials and do not click 'use scm credentials'
> 2. click add button
> --> Will have an authorization error while trying to add the project
> 3. Repeat steps above but this time with credentials
> --> Successfully added the project
> 4. Repeat steps #1&2 but this time choose a different group (continuum does not allow adding the same project to the same group)
> --> Successfully added the project
> #4 should still show an authorization error instead of successfully adding the project.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Closed: (CONTINUUM-2272) Able to add secured projects
without credentials
Posted by "Maria Catherine Tan (JIRA)" <ji...@codehaus.org>.
[ http://jira.codehaus.org/browse/CONTINUUM-2272?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Maria Catherine Tan closed CONTINUUM-2272.
------------------------------------------
Assignee: Maria Catherine Tan
Resolution: Fixed
Fix Version/s: 1.3.4
clear httpclient credentials when adding project
fixed in:
r786035 in 1.3.x branch
r786036 in trunk
> Able to add secured projects without credentials
> ------------------------------------------------
>
> Key: CONTINUUM-2272
> URL: http://jira.codehaus.org/browse/CONTINUUM-2272
> Project: Continuum
> Issue Type: Bug
> Components: Core system
> Affects Versions: 1.2
> Reporter: Maria Catherine Tan
> Assignee: Maria Catherine Tan
> Fix For: 1.3.4
>
>
> 1. add a secured project without entering any credentials and do not click 'use scm credentials'
> 2. click add button
> --> Will have an authorization error while trying to add the project
> 3. Repeat steps above but this time with credentials
> --> Successfully added the project
> 4. Repeat steps #1&2 but this time choose a different group (continuum does not allow adding the same project to the same group)
> --> Successfully added the project
> #4 should still show an authorization error instead of successfully adding the project.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Closed: (CONTINUUM-2272) Able to add secured projects
without credentials
Posted by "Wendy Smoak (JIRA)" <ji...@codehaus.org>.
[ http://jira.codehaus.org/browse/CONTINUUM-2272?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Wendy Smoak closed CONTINUUM-2272.
----------------------------------
Resolution: Fixed
Thanks for the additional info, Marica! I updated user docs in r787534 to clarify that the credentials are stored in plain text in the database and reused later for scm checkout and update.
> Able to add secured projects without credentials
> ------------------------------------------------
>
> Key: CONTINUUM-2272
> URL: http://jira.codehaus.org/browse/CONTINUUM-2272
> Project: Continuum
> Issue Type: Bug
> Components: Core system
> Affects Versions: 1.2
> Reporter: Maria Catherine Tan
> Assignee: Maria Catherine Tan
> Fix For: 1.3.4
>
> Attachments: CONTINUUM-2272-credentials_handling.pdf
>
>
> 1. add a secured project without entering any credentials and do not click 'use scm credentials'
> 2. click add button
> --> Will have an authorization error while trying to add the project
> 3. Repeat steps above but this time with credentials
> --> Successfully added the project
> 4. Repeat steps #1&2 but this time choose a different group (continuum does not allow adding the same project to the same group)
> --> Successfully added the project
> #4 should still show an authorization error instead of successfully adding the project.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Reopened: (CONTINUUM-2272) Able to add secured projects
without credentials
Posted by "Wendy Smoak (JIRA)" <ji...@codehaus.org>.
[ http://jira.codehaus.org/browse/CONTINUUM-2272?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Wendy Smoak reopened CONTINUUM-2272:
------------------------------------
Reopening for more info and docs/tests.
In step 1, where do you get the error?
- when it tries to retrieve the pom?
- when it tries to check out the source code?
In step 2, what does Continuum do with the credentials? I think it
- uses them for the HTTP GET to retrieve the pom
- stores them in the database
- uses them for the svn checkout
... and this will naturally cache the svn credentials for that svn repo for the user running Continuum. (This always happens unless you put --no-cache-credentials on the command line.)
In step 4, what part succeeds that you think should fail?
I am currently working through the 16 combinations of the following yes/no questions to define the requirements for Continuum's behavior wrt cached credentials:
Q1. Were credentials provided when the project was added?
Q2. Was 'Use cached credentials if available' checked when the project was added?
Q3. Were there Subversion credentials cached for the user running Continuum prior to adding the project?
Q4. Were credentials provided during release prepare?
> Able to add secured projects without credentials
> ------------------------------------------------
>
> Key: CONTINUUM-2272
> URL: http://jira.codehaus.org/browse/CONTINUUM-2272
> Project: Continuum
> Issue Type: Bug
> Components: Core system
> Affects Versions: 1.2
> Reporter: Maria Catherine Tan
> Assignee: Maria Catherine Tan
> Fix For: 1.3.4
>
>
> 1. add a secured project without entering any credentials and do not click 'use scm credentials'
> 2. click add button
> --> Will have an authorization error while trying to add the project
> 3. Repeat steps above but this time with credentials
> --> Successfully added the project
> 4. Repeat steps #1&2 but this time choose a different group (continuum does not allow adding the same project to the same group)
> --> Successfully added the project
> #4 should still show an authorization error instead of successfully adding the project.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (CONTINUUM-2272) Able to add secured projects
without credentials
Posted by "Maria Catherine Tan (JIRA)" <ji...@codehaus.org>.
[ http://jira.codehaus.org/browse/CONTINUUM-2272?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=181041#action_181041 ]
Maria Catherine Tan commented on CONTINUUM-2272:
------------------------------------------------
> In step1, where do you get the error
when continuum tries to retrieve the pom.
> In step 2, what does Continuum do with the credentials?
just like you said, and store it in the database if not 'use scm credentials cache'
> In step 4, what part succeeds that you think should fail?
when it tries to retrieve the pom using HTTP GET
In step 4
Q1. No
Q2. No
Q3. No. I tried adding the same project using a newly created user.
Q4. No (I don't think CONTINUUM-2251 is a bug)
In my opinion, this is not related to subversion at all but to the HttpClient. When I restarted continuum, and do step 1 again, I will still get the authentication error when trying to add a project without credentials.
So what I did is to clear the credentials from the HttpClient everytime we try to add a project, which does not affect svn credentials caching.
> Able to add secured projects without credentials
> ------------------------------------------------
>
> Key: CONTINUUM-2272
> URL: http://jira.codehaus.org/browse/CONTINUUM-2272
> Project: Continuum
> Issue Type: Bug
> Components: Core system
> Affects Versions: 1.2
> Reporter: Maria Catherine Tan
> Assignee: Maria Catherine Tan
> Fix For: 1.3.4
>
>
> 1. add a secured project without entering any credentials and do not click 'use scm credentials'
> 2. click add button
> --> Will have an authorization error while trying to add the project
> 3. Repeat steps above but this time with credentials
> --> Successfully added the project
> 4. Repeat steps #1&2 but this time choose a different group (continuum does not allow adding the same project to the same group)
> --> Successfully added the project
> #4 should still show an authorization error instead of successfully adding the project.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (CONTINUUM-2272) Able to add secured projects
without credentials
Posted by "Wendy Smoak (JIRA)" <ji...@codehaus.org>.
[ http://jira.codehaus.org/browse/CONTINUUM-2272?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=181043#action_181043 ]
Wendy Smoak commented on CONTINUUM-2272:
----------------------------------------
I want to document the expected behavior for the various cases. It's not clear how the credentials you supply when adding a project are used later. (And [unrelated to this issue] I think it might be caching the credentials supplied during the release, which IMO it shouldn't.)
Where is the disabled test you mentioned? Even if we can't automate it we can define the prerequisites and the steps to test it manually. I can work on that.
> Able to add secured projects without credentials
> ------------------------------------------------
>
> Key: CONTINUUM-2272
> URL: http://jira.codehaus.org/browse/CONTINUUM-2272
> Project: Continuum
> Issue Type: Bug
> Components: Core system
> Affects Versions: 1.2
> Reporter: Maria Catherine Tan
> Assignee: Maria Catherine Tan
> Fix For: 1.3.4
>
>
> 1. add a secured project without entering any credentials and do not click 'use scm credentials'
> 2. click add button
> --> Will have an authorization error while trying to add the project
> 3. Repeat steps above but this time with credentials
> --> Successfully added the project
> 4. Repeat steps #1&2 but this time choose a different group (continuum does not allow adding the same project to the same group)
> --> Successfully added the project
> #4 should still show an authorization error instead of successfully adding the project.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (CONTINUUM-2272) Able to add secured projects
without credentials
Posted by "Maria Catherine Tan (JIRA)" <ji...@codehaus.org>.
[ http://jira.codehaus.org/browse/CONTINUUM-2272?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=181042#action_181042 ]
Maria Catherine Tan commented on CONTINUUM-2272:
------------------------------------------------
I think there is no need to update the documentation for this. There's already a line in addProject.apt that says "You can define username/password if the POM URL requires authentication".
As for the test, do we happen to have a sample project that requires authentication when reading? There is a test that was disabled because it requires username/password that's why i did not create one for this for the mean time.
> Able to add secured projects without credentials
> ------------------------------------------------
>
> Key: CONTINUUM-2272
> URL: http://jira.codehaus.org/browse/CONTINUUM-2272
> Project: Continuum
> Issue Type: Bug
> Components: Core system
> Affects Versions: 1.2
> Reporter: Maria Catherine Tan
> Assignee: Maria Catherine Tan
> Fix For: 1.3.4
>
>
> 1. add a secured project without entering any credentials and do not click 'use scm credentials'
> 2. click add button
> --> Will have an authorization error while trying to add the project
> 3. Repeat steps above but this time with credentials
> --> Successfully added the project
> 4. Repeat steps #1&2 but this time choose a different group (continuum does not allow adding the same project to the same group)
> --> Successfully added the project
> #4 should still show an authorization error instead of successfully adding the project.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Updated: (CONTINUUM-2272) Able to add secured projects
without credentials
Posted by "Wendy Smoak (JIRA)" <ji...@codehaus.org>.
[ http://jira.codehaus.org/browse/CONTINUUM-2272?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Wendy Smoak updated CONTINUUM-2272:
-----------------------------------
Attachment: CONTINUUM-2272-credentials_handling.pdf
Attaching work in progress - defining requirements for what Continuum does with the credentials you provide when you add a project. Because of the checkbox on the add project form, cached svn credentials also come into play.
It's currently in a spreadsheet, so this is a pdf export. I want to get it into plain text, but I know working with a table in APT would be painful. Maybe xdoc will work better...
> Able to add secured projects without credentials
> ------------------------------------------------
>
> Key: CONTINUUM-2272
> URL: http://jira.codehaus.org/browse/CONTINUUM-2272
> Project: Continuum
> Issue Type: Bug
> Components: Core system
> Affects Versions: 1.2
> Reporter: Maria Catherine Tan
> Assignee: Maria Catherine Tan
> Fix For: 1.3.4
>
> Attachments: CONTINUUM-2272-credentials_handling.pdf
>
>
> 1. add a secured project without entering any credentials and do not click 'use scm credentials'
> 2. click add button
> --> Will have an authorization error while trying to add the project
> 3. Repeat steps above but this time with credentials
> --> Successfully added the project
> 4. Repeat steps #1&2 but this time choose a different group (continuum does not allow adding the same project to the same group)
> --> Successfully added the project
> #4 should still show an authorization error instead of successfully adding the project.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira