[ 
https://issues.apache.org/jira/browse/SSHD-731?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Boris Fridland updated SSHD-731:
--------------------------------
    Description: 
After implementing sftp access control by overriding 
SimpleAccessControlSftpEventListener and adding it to SftpSubsystemFactory:
Scenario:
1.set SimpleAccessControlSftpEventListener.isModificationAllowed to return false
2.  Establish connection with WinScp
3. try to create new file
expected result: access denied  message + no influence on file system
actual: access denied  message, + empty file is written to server disc.
in addition if existing file is opened, and being saved --> result is that file 
content of is removed.


Attached configuration code:
SftpSubsystemFactory.Builder builder = new SftpSubsystemFactory.Builder();
        builder.addSftpEventListener(new SimpleAccessControlSftpEventListener() 
{
            protected boolean isAccessAllowed(ServerSession session, String 
remoteHandle, Path localPath)
                    throws IOException {
                EUserAccessLevel level = 
authorizationManager.getAccessLevel(session.getUsername());
                if(level.hasReadAccess()) {
                    return true;
                }
                return false;
            }

            protected boolean isModificationAllowed(ServerSession session, 
String remoteHandle, Path localPath)
                    throws IOException {
                EUserAccessLevel level = 
authorizationManager.getAccessLevel(session.getUsername());
                if(level.hasWriteAccess()) {
                    return true;
                }
                return false;
            }
        });
        sshd.setSubsystemFactories(Collections.singletonList(builder.build()));
        sshd.setCommandFactory(new ScpCommandFactory());



 
following 



  was:
After implementing sftp access control by overriding 
SimpleAccessControlSftpEventListener and adding it to SftpSubsystemFactory:
Scenario:
1.set isModificationAllowed to return false
2.  Establish connection with WinScp
3. try to create new file
expected result: access denied  message + no influence on file system
actual: access denied  message, + empty file is written to server disc.
in addition if existing file is opened, and being saved --> result is that file 
content is removed.
It is huge variability

Attached configuration code:
SftpSubsystemFactory.Builder builder = new SftpSubsystemFactory.Builder();
        builder.addSftpEventListener(new SimpleAccessControlSftpEventListener() 
{
            protected boolean isAccessAllowed(ServerSession session, String 
remoteHandle, Path localPath)
                    throws IOException {
                EUserAccessLevel level = 
authorizationManager.getAccessLevel(session.getUsername());
                if(level.hasReadAccess()) {
                    return true;
                }
                return false;
            }

            protected boolean isModificationAllowed(ServerSession session, 
String remoteHandle, Path localPath)
                    throws IOException {
                EUserAccessLevel level = 
authorizationManager.getAccessLevel(session.getUsername());
                if(level.hasWriteAccess()) {
                    return true;
                }
                return false;
            }
        });
        sshd.setSubsystemFactories(Collections.singletonList(builder.build()));
        sshd.setCommandFactory(new ScpCommandFactory());



 
following 




> Vanorability in SimpleAccessControlSftpEventListener  implementation
> --------------------------------------------------------------------
>
>                 Key: SSHD-731
>                 URL: https://issues.apache.org/jira/browse/SSHD-731
>             Project: MINA SSHD
>          Issue Type: Bug
>         Environment: <dependency>
>                 <groupId>org.apache.sshd</groupId>
>                 <artifactId>sshd-core</artifactId>
>                 <version>1.3.0</version>
>             </dependency>
> <dependency>
>                 <groupId>org.apache.sshd</groupId>
>                 <artifactId>sshd-contrib</artifactId>
>                 <version>1.3.0</version>
>             </dependency>
>            Reporter: Boris Fridland
>
> After implementing sftp access control by overriding 
> SimpleAccessControlSftpEventListener and adding it to SftpSubsystemFactory:
> Scenario:
> 1.set SimpleAccessControlSftpEventListener.isModificationAllowed to return 
> false
> 2.  Establish connection with WinScp
> 3. try to create new file
> expected result: access denied  message + no influence on file system
> actual: access denied  message, + empty file is written to server disc.
> in addition if existing file is opened, and being saved --> result is that 
> file content of is removed.
> Attached configuration code:
> SftpSubsystemFactory.Builder builder = new SftpSubsystemFactory.Builder();
>         builder.addSftpEventListener(new 
> SimpleAccessControlSftpEventListener() {
>             protected boolean isAccessAllowed(ServerSession session, String 
> remoteHandle, Path localPath)
>                     throws IOException {
>                 EUserAccessLevel level = 
> authorizationManager.getAccessLevel(session.getUsername());
>                 if(level.hasReadAccess()) {
>                     return true;
>                 }
>                 return false;
>             }
>             protected boolean isModificationAllowed(ServerSession session, 
> String remoteHandle, Path localPath)
>                     throws IOException {
>                 EUserAccessLevel level = 
> authorizationManager.getAccessLevel(session.getUsername());
>                 if(level.hasWriteAccess()) {
>                     return true;
>                 }
>                 return false;
>             }
>         });
>         
> sshd.setSubsystemFactories(Collections.singletonList(builder.build()));
>         sshd.setCommandFactory(new ScpCommandFactory());
>  
> following 



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Reply via email to