You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@archiva.apache.org by "Mario Parra (JIRA)" <ji...@codehaus.org> on 2011/01/20 21:24:58 UTC
[jira] Commented: (MRM-728) After successful admin login archiva
reacts as if user is guest
[ http://jira.codehaus.org/browse/MRM-728?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=252263#action_252263 ]
Mario Parra commented on MRM-728:
---------------------------------
Does anybody has any update or idea about this?
I'm still finding this issue with Archiva 1.3.1 and IE7. I think it is a problem with the "rbkSignon" cookie, because its been created on Firefox, but not on IE.
I'm recommending my users to use Firefox, but the official browser in the company is IE, so it is starting to be a really issue here.
Here are the logs:
On Firefox:
2011-01-20 08:33:42,256 [btpool0-18] DEBUG org.codehaus.plexus.redback.system.DefaultSecuritySystem - User: org.codehaus.plexus.redback.common.ldap.LdapUser@b7e998
2011-01-20 08:33:42,635 [btpool0-18] DEBUG org.codehaus.plexus.redback.struts2.interceptor.AutoLoginInterceptor - Returning Security Session: org.codehaus.plexus.redback.system.DefaultSecuritySession@47fb00
2011-01-20 08:33:42,635 [btpool0-18] DEBUG org.codehaus.plexus.redback.struts2.interceptor.AutoLoginInterceptor - User already authenticated.
2011-01-20 08:33:42,817 [btpool0-18] DEBUG org.codehaus.plexus.redback.struts2.interceptor.SecureActionInterceptor - SecureActionInterceptor: processing org.codehaus.plexus.redback.struts2.action.SecurityRedirectAction
2011-01-20 08:33:42,818 [btpool0-18] DEBUG org.codehaus.plexus.redback.struts2.interceptor.SecureActionInterceptor - SecureActionInterceptor: org.codehaus.plexus.redback.struts2.action.SecurityRedirectAction not a secure action
2011-01-20 08:33:42,818 [btpool0-18] DEBUG org.codehaus.plexus.redback.struts2.interceptor.SecureActionInterceptor - not a secure action org.codehaus.plexus.redback.struts2.action.SecurityRedirectAction
2011-01-20 08:33:42,818 [btpool0-18] DEBUG org.codehaus.plexus.redback.struts2.interceptor.PolicyEnforcementInterceptor - Enforcement: not processing per click security policies.
2011-01-20 08:33:42,832 [btpool0-18] DEBUG org.codehaus.plexus.redback.struts2.interceptor.SecureActionInterceptor - Passing invocation up, result is [security-login-success] on call org.codehaus.plexus.redback.struts2.action.SecurityRedirectAction
2011-01-20 08:33:42,916 [btpool0-5] DEBUG org.codehaus.plexus.redback.struts2.interceptor.AutoLoginInterceptor - Returning Security Session: org.codehaus.plexus.redback.system.DefaultSecuritySession@47fb00
2011-01-20 08:33:42,916 [btpool0-5] DEBUG org.codehaus.plexus.redback.struts2.interceptor.AutoLoginInterceptor - User already authenticated.
2011-01-20 08:33:43,014 [btpool0-5] DEBUG org.codehaus.plexus.redback.struts2.interceptor.SecureActionInterceptor - SecureActionInterceptor: processing org.apache.maven.continuum.web.action.GroupSummaryAction
2011-01-20 08:33:43,014 [btpool0-5] DEBUG org.codehaus.plexus.redback.struts2.interceptor.SecureActionInterceptor - SecureActionInterceptor: org.apache.maven.continuum.web.action.GroupSummaryAction not a secure action
2011-01-20 08:33:43,014 [btpool0-5] DEBUG org.codehaus.plexus.redback.struts2.interceptor.SecureActionInterceptor - not a secure action org.apache.maven.continuum.web.action.GroupSummaryAction
2011-01-20 08:33:43,015 [btpool0-5] DEBUG org.codehaus.plexus.redback.struts2.interceptor.PolicyEnforcementInterceptor - Enforcement: not processing per click security policies.
2011-01-20 08:33:43,032 [btpool0-5] DEBUG org.codehaus.plexus.redback.rbac.cached.CachedRbacManager - building user permission map
2011-01-20 08:33:46,880 [btpool0-5] DEBUG org.codehaus.plexus.redback.struts2.interceptor.SecureActionInterceptor - Passing invocation up, result is [success] on call org.apache.maven.continuum.web.action.GroupSummaryAction
On IE7:
2011-01-20 08:03:21,729 [btpool0-6] DEBUG org.codehaus.plexus.redback.system.DefaultSecuritySystem - User: org.codehaus.plexus.redback.common.ldap.LdapUser@2ea871
2011-01-20 08:03:22,404 [btpool0-3] DEBUG org.codehaus.plexus.redback.struts2.interceptor.AutoLoginInterceptor - Returning Security Session: org.codehaus.plexus.redback.system.DefaultSecuritySession@1a2ac44
2011-01-20 08:03:22,404 [btpool0-3] DEBUG org.codehaus.plexus.redback.struts2.interceptor.AutoLoginInterceptor - User already authenticated.
2011-01-20 08:03:22,404 [btpool0-3] DEBUG org.codehaus.plexus.redback.struts2.interceptor.AutoLoginInterceptor - Login invalidated: signon cookie was removed
2011-01-20 08:03:22,451 [btpool0-3] DEBUG org.codehaus.plexus.redback.struts2.interceptor.SecureActionInterceptor - SecureActionInterceptor: processing org.codehaus.plexus.redback.struts2.action.SecurityRedirectAction
2011-01-20 08:03:22,451 [btpool0-3] DEBUG org.codehaus.plexus.redback.struts2.interceptor.SecureActionInterceptor - SecureActionInterceptor: org.codehaus.plexus.redback.struts2.action.SecurityRedirectAction not a secure action
2011-01-20 08:03:22,451 [btpool0-3] DEBUG org.codehaus.plexus.redback.struts2.interceptor.SecureActionInterceptor - not a secure action org.codehaus.plexus.redback.struts2.action.SecurityRedirectAction
2011-01-20 08:03:22,451 [btpool0-3] DEBUG org.codehaus.plexus.redback.struts2.interceptor.PolicyEnforcementInterceptor - Enforcement: not processing per click security policies.
2011-01-20 08:03:22,472 [btpool0-3] DEBUG org.codehaus.plexus.redback.struts2.interceptor.SecureActionInterceptor - Passing invocation up, result is [security-login-success] on call org.codehaus.plexus.redback.struts2.action.SecurityRedirectAction
2011-01-20 08:03:22,545 [btpool0-6] DEBUG org.codehaus.plexus.redback.struts2.interceptor.AutoLoginInterceptor - Returning Security Session: null
2011-01-20 08:03:22,545 [btpool0-6] DEBUG org.codehaus.plexus.redback.struts2.interceptor.SecureActionInterceptor - SecureActionInterceptor: processing org.apache.maven.continuum.web.action.GroupSummaryAction
2011-01-20 08:03:22,545 [btpool0-6] DEBUG org.codehaus.plexus.redback.struts2.interceptor.SecureActionInterceptor - SecureActionInterceptor: org.apache.maven.continuum.web.action.GroupSummaryAction not a secure action
2011-01-20 08:03:22,545 [btpool0-6] DEBUG org.codehaus.plexus.redback.struts2.interceptor.SecureActionInterceptor - not a secure action org.apache.maven.continuum.web.action.GroupSummaryAction
2011-01-20 08:03:22,545 [btpool0-6] DEBUG org.codehaus.plexus.redback.struts2.interceptor.PolicyEnforcementInterceptor - Enforcement: not processing per click security policies.
2011-01-20 08:03:22,576 [btpool0-6] DEBUG org.codehaus.plexus.redback.struts2.interceptor.SecureActionInterceptor - Passing invocation up, result is [success] on call org.apache.maven.continuum.web.action.GroupSummaryAction
> After successful admin login archiva reacts as if user is guest
> ---------------------------------------------------------------
>
> Key: MRM-728
> URL: http://jira.codehaus.org/browse/MRM-728
> Project: Archiva
> Issue Type: Bug
> Affects Versions: 1.0.1
> Environment: linux
> Reporter: Robin Roos
> Priority: Critical
> Fix For: Backlog
>
> Attachments: advancedprivacysettings.jpg, archiva.log, archiva.log.debug.signon.txt
>
>
> I ran Archiva on my windows box and, after configuring the admin user, I was able to login. The header of the web page identified me as Administrator (admin) and I could see all the expected functions on the left hand frame. So far so good.
> I had Archiva installed on a linux box and started. I surfed to the box from Windows and configured the admin user. But when I logged in as admin I got a page with only Search/FindArtifact/Browse functions. The header page reads "Login - Register". It is as if I am not logged in and am seeing the guest functions. Note that if I log in with a deliberately incorrect password then I get an error message as expected. But logging in with the right credentials appears to fail silently.
> As a result I cannot deploy any artifacts into Archiva, I cannot roll out the maven/subversion/archiva based edition of our in-house project, and I fear my time is limited!
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira