[
http://jira.codehaus.org/browse/MRM-911?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Maria Odea Ching closed MRM-911.
--------------------------------
Resolution: Fixed
Fixed in trunk -r693694:
- check first if guest is enabled for the repository before failing the
authentication
For repositories which require authentication though, Archiva is still getting
the RP credentials instead of the Archiva credentials you entered. I'll file
this one as a separate issue..
> Archiva checks user's credentials before guest's rights on the repository
> -------------------------------------------------------------------------
>
> Key: MRM-911
> URL: http://jira.codehaus.org/browse/MRM-911
> Project: Archiva
> Issue Type: Bug
> Components: Users/Security
> Affects Versions: 1.1.1
> Environment: Apache 2.2, Tomcat 5.5.26, Archiva 1.1.1, JDK 1.6
> Reporter: Arnaud Heritier
> Assignee: Maria Odea Ching
> Fix For: 1.1.2
>
>
> In a corporate environment we installed archiva on tomcat & mysql.
> A reverse proxy (Apache) is used to protect our intranet applications. (I
> tried to use mod_proxy and mod_jk to connect apache & tomcat and the behavior
> is the same.)
> To access to our intranet thought the reverse proxy I have to give my
> credentials (the RP is using a ldap directory and accessed only in HTTPS).
> When I access to the archiva UI, everything is fine. After giving my
> credentials, I can logon or logout with accounts created in archiva (admin
> for example).
> I configured the guest to be a global Repository Manager & Observer on all
> our repositories (we don't need to readd a security level in archiva. It's
> already done by apache).
> When I access to a repository (to browse it for example) I receive an
> authentication dialog box (basic authent) like :
> {{A user name and password are being requested by https://xxx.yyy.com. The
> site says: "Repository Archiva Managed 3rd-parties Repository"}}
> It shouldn't be because guest can browse and write on repositories.
> What I suppose is that archiva is retreiving my credentials from apache and
> tries to logon me, which is failing (i don't have this account in archiva).
> After having fail it proposes to me to reenter new credentials.
> I tried to create a user in archiva as the one I have to logon in apache and
> it works.
> I think archiva should check guest rights before to try to logon the user.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
