Archiva
  1. Archiva
  2. MRM-728

After successful admin login archiva reacts as if user is guest

    Details

    • Type: Bug Bug
    • Status: Closed Closed
    • Priority: Critical Critical
    • Resolution: Won't Fix
    • Affects Version/s: 1.0.1
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None
    • Environment:
      linux
    • Number of attachments :
      3

      Description

      I ran Archiva on my windows box and, after configuring the admin user, I was able to login. The header of the web page identified me as Administrator (admin) and I could see all the expected functions on the left hand frame. So far so good.

      I had Archiva installed on a linux box and started. I surfed to the box from Windows and configured the admin user. But when I logged in as admin I got a page with only Search/FindArtifact/Browse functions. The header page reads "Login - Register". It is as if I am not logged in and am seeing the guest functions. Note that if I log in with a deliberately incorrect password then I get an error message as expected. But logging in with the right credentials appears to fail silently.

      As a result I cannot deploy any artifacts into Archiva, I cannot roll out the maven/subversion/archiva based edition of our in-house project, and I fear my time is limited!

      1. archiva.log
        13 kB
        Robin Roos
      2. archiva.log.debug.signon.txt
        3 kB
        Robin Roos
      1. advancedprivacysettings.jpg
        20 kB

        Activity

        Hide
        Mario Parra added a comment -

        Does anybody has any update or idea about this?

        I'm still finding this issue with Archiva 1.3.1 and IE7. I think it is a problem with the "rbkSignon" cookie, because its been created on Firefox, but not on IE.

        I'm recommending my users to use Firefox, but the official browser in the company is IE, so it is starting to be a really issue here.

        Here are the logs:

        On Firefox:
        2011-01-20 08:33:42,256 [btpool0-18] DEBUG org.codehaus.plexus.redback.system.DefaultSecuritySystem - User: org.codehaus.plexus.redback.common.ldap.LdapUser@b7e998
        2011-01-20 08:33:42,635 [btpool0-18] DEBUG org.codehaus.plexus.redback.struts2.interceptor.AutoLoginInterceptor - Returning Security Session: org.codehaus.plexus.redback.system.DefaultSecuritySession@47fb00
        2011-01-20 08:33:42,635 [btpool0-18] DEBUG org.codehaus.plexus.redback.struts2.interceptor.AutoLoginInterceptor - User already authenticated.
        2011-01-20 08:33:42,817 [btpool0-18] DEBUG org.codehaus.plexus.redback.struts2.interceptor.SecureActionInterceptor - SecureActionInterceptor: processing org.codehaus.plexus.redback.struts2.action.SecurityRedirectAction
        2011-01-20 08:33:42,818 [btpool0-18] DEBUG org.codehaus.plexus.redback.struts2.interceptor.SecureActionInterceptor - SecureActionInterceptor: org.codehaus.plexus.redback.struts2.action.SecurityRedirectAction not a secure action
        2011-01-20 08:33:42,818 [btpool0-18] DEBUG org.codehaus.plexus.redback.struts2.interceptor.SecureActionInterceptor - not a secure action org.codehaus.plexus.redback.struts2.action.SecurityRedirectAction
        2011-01-20 08:33:42,818 [btpool0-18] DEBUG org.codehaus.plexus.redback.struts2.interceptor.PolicyEnforcementInterceptor - Enforcement: not processing per click security policies.
        2011-01-20 08:33:42,832 [btpool0-18] DEBUG org.codehaus.plexus.redback.struts2.interceptor.SecureActionInterceptor - Passing invocation up, result is [security-login-success] on call org.codehaus.plexus.redback.struts2.action.SecurityRedirectAction
        2011-01-20 08:33:42,916 [btpool0-5] DEBUG org.codehaus.plexus.redback.struts2.interceptor.AutoLoginInterceptor - Returning Security Session: org.codehaus.plexus.redback.system.DefaultSecuritySession@47fb00
        2011-01-20 08:33:42,916 [btpool0-5] DEBUG org.codehaus.plexus.redback.struts2.interceptor.AutoLoginInterceptor - User already authenticated.
        2011-01-20 08:33:43,014 [btpool0-5] DEBUG org.codehaus.plexus.redback.struts2.interceptor.SecureActionInterceptor - SecureActionInterceptor: processing org.apache.maven.continuum.web.action.GroupSummaryAction
        2011-01-20 08:33:43,014 [btpool0-5] DEBUG org.codehaus.plexus.redback.struts2.interceptor.SecureActionInterceptor - SecureActionInterceptor: org.apache.maven.continuum.web.action.GroupSummaryAction not a secure action
        2011-01-20 08:33:43,014 [btpool0-5] DEBUG org.codehaus.plexus.redback.struts2.interceptor.SecureActionInterceptor - not a secure action org.apache.maven.continuum.web.action.GroupSummaryAction
        2011-01-20 08:33:43,015 [btpool0-5] DEBUG org.codehaus.plexus.redback.struts2.interceptor.PolicyEnforcementInterceptor - Enforcement: not processing per click security policies.
        2011-01-20 08:33:43,032 [btpool0-5] DEBUG org.codehaus.plexus.redback.rbac.cached.CachedRbacManager - building user permission map
        2011-01-20 08:33:46,880 [btpool0-5] DEBUG org.codehaus.plexus.redback.struts2.interceptor.SecureActionInterceptor - Passing invocation up, result is [success] on call org.apache.maven.continuum.web.action.GroupSummaryAction

        On IE7:
        2011-01-20 08:03:21,729 [btpool0-6] DEBUG org.codehaus.plexus.redback.system.DefaultSecuritySystem - User: org.codehaus.plexus.redback.common.ldap.LdapUser@2ea871
        2011-01-20 08:03:22,404 [btpool0-3] DEBUG org.codehaus.plexus.redback.struts2.interceptor.AutoLoginInterceptor - Returning Security Session: org.codehaus.plexus.redback.system.DefaultSecuritySession@1a2ac44
        2011-01-20 08:03:22,404 [btpool0-3] DEBUG org.codehaus.plexus.redback.struts2.interceptor.AutoLoginInterceptor - User already authenticated.
        2011-01-20 08:03:22,404 [btpool0-3] DEBUG org.codehaus.plexus.redback.struts2.interceptor.AutoLoginInterceptor - Login invalidated: signon cookie was removed
        2011-01-20 08:03:22,451 [btpool0-3] DEBUG org.codehaus.plexus.redback.struts2.interceptor.SecureActionInterceptor - SecureActionInterceptor: processing org.codehaus.plexus.redback.struts2.action.SecurityRedirectAction
        2011-01-20 08:03:22,451 [btpool0-3] DEBUG org.codehaus.plexus.redback.struts2.interceptor.SecureActionInterceptor - SecureActionInterceptor: org.codehaus.plexus.redback.struts2.action.SecurityRedirectAction not a secure action
        2011-01-20 08:03:22,451 [btpool0-3] DEBUG org.codehaus.plexus.redback.struts2.interceptor.SecureActionInterceptor - not a secure action org.codehaus.plexus.redback.struts2.action.SecurityRedirectAction
        2011-01-20 08:03:22,451 [btpool0-3] DEBUG org.codehaus.plexus.redback.struts2.interceptor.PolicyEnforcementInterceptor - Enforcement: not processing per click security policies.
        2011-01-20 08:03:22,472 [btpool0-3] DEBUG org.codehaus.plexus.redback.struts2.interceptor.SecureActionInterceptor - Passing invocation up, result is [security-login-success] on call org.codehaus.plexus.redback.struts2.action.SecurityRedirectAction
        2011-01-20 08:03:22,545 [btpool0-6] DEBUG org.codehaus.plexus.redback.struts2.interceptor.AutoLoginInterceptor - Returning Security Session: null
        2011-01-20 08:03:22,545 [btpool0-6] DEBUG org.codehaus.plexus.redback.struts2.interceptor.SecureActionInterceptor - SecureActionInterceptor: processing org.apache.maven.continuum.web.action.GroupSummaryAction
        2011-01-20 08:03:22,545 [btpool0-6] DEBUG org.codehaus.plexus.redback.struts2.interceptor.SecureActionInterceptor - SecureActionInterceptor: org.apache.maven.continuum.web.action.GroupSummaryAction not a secure action
        2011-01-20 08:03:22,545 [btpool0-6] DEBUG org.codehaus.plexus.redback.struts2.interceptor.SecureActionInterceptor - not a secure action org.apache.maven.continuum.web.action.GroupSummaryAction
        2011-01-20 08:03:22,545 [btpool0-6] DEBUG org.codehaus.plexus.redback.struts2.interceptor.PolicyEnforcementInterceptor - Enforcement: not processing per click security policies.
        2011-01-20 08:03:22,576 [btpool0-6] DEBUG org.codehaus.plexus.redback.struts2.interceptor.SecureActionInterceptor - Passing invocation up, result is [success] on call org.apache.maven.continuum.web.action.GroupSummaryAction

        Show
        Mario Parra added a comment - Does anybody has any update or idea about this? I'm still finding this issue with Archiva 1.3.1 and IE7. I think it is a problem with the "rbkSignon" cookie, because its been created on Firefox, but not on IE. I'm recommending my users to use Firefox, but the official browser in the company is IE, so it is starting to be a really issue here. Here are the logs: On Firefox: 2011-01-20 08:33:42,256 [btpool0-18] DEBUG org.codehaus.plexus.redback.system.DefaultSecuritySystem - User: org.codehaus.plexus.redback.common.ldap.LdapUser@b7e998 2011-01-20 08:33:42,635 [btpool0-18] DEBUG org.codehaus.plexus.redback.struts2.interceptor.AutoLoginInterceptor - Returning Security Session: org.codehaus.plexus.redback.system.DefaultSecuritySession@47fb00 2011-01-20 08:33:42,635 [btpool0-18] DEBUG org.codehaus.plexus.redback.struts2.interceptor.AutoLoginInterceptor - User already authenticated. 2011-01-20 08:33:42,817 [btpool0-18] DEBUG org.codehaus.plexus.redback.struts2.interceptor.SecureActionInterceptor - SecureActionInterceptor: processing org.codehaus.plexus.redback.struts2.action.SecurityRedirectAction 2011-01-20 08:33:42,818 [btpool0-18] DEBUG org.codehaus.plexus.redback.struts2.interceptor.SecureActionInterceptor - SecureActionInterceptor: org.codehaus.plexus.redback.struts2.action.SecurityRedirectAction not a secure action 2011-01-20 08:33:42,818 [btpool0-18] DEBUG org.codehaus.plexus.redback.struts2.interceptor.SecureActionInterceptor - not a secure action org.codehaus.plexus.redback.struts2.action.SecurityRedirectAction 2011-01-20 08:33:42,818 [btpool0-18] DEBUG org.codehaus.plexus.redback.struts2.interceptor.PolicyEnforcementInterceptor - Enforcement: not processing per click security policies. 2011-01-20 08:33:42,832 [btpool0-18] DEBUG org.codehaus.plexus.redback.struts2.interceptor.SecureActionInterceptor - Passing invocation up, result is [security-login-success] on call org.codehaus.plexus.redback.struts2.action.SecurityRedirectAction 2011-01-20 08:33:42,916 [btpool0-5] DEBUG org.codehaus.plexus.redback.struts2.interceptor.AutoLoginInterceptor - Returning Security Session: org.codehaus.plexus.redback.system.DefaultSecuritySession@47fb00 2011-01-20 08:33:42,916 [btpool0-5] DEBUG org.codehaus.plexus.redback.struts2.interceptor.AutoLoginInterceptor - User already authenticated. 2011-01-20 08:33:43,014 [btpool0-5] DEBUG org.codehaus.plexus.redback.struts2.interceptor.SecureActionInterceptor - SecureActionInterceptor: processing org.apache.maven.continuum.web.action.GroupSummaryAction 2011-01-20 08:33:43,014 [btpool0-5] DEBUG org.codehaus.plexus.redback.struts2.interceptor.SecureActionInterceptor - SecureActionInterceptor: org.apache.maven.continuum.web.action.GroupSummaryAction not a secure action 2011-01-20 08:33:43,014 [btpool0-5] DEBUG org.codehaus.plexus.redback.struts2.interceptor.SecureActionInterceptor - not a secure action org.apache.maven.continuum.web.action.GroupSummaryAction 2011-01-20 08:33:43,015 [btpool0-5] DEBUG org.codehaus.plexus.redback.struts2.interceptor.PolicyEnforcementInterceptor - Enforcement: not processing per click security policies. 2011-01-20 08:33:43,032 [btpool0-5] DEBUG org.codehaus.plexus.redback.rbac.cached.CachedRbacManager - building user permission map 2011-01-20 08:33:46,880 [btpool0-5] DEBUG org.codehaus.plexus.redback.struts2.interceptor.SecureActionInterceptor - Passing invocation up, result is [success] on call org.apache.maven.continuum.web.action.GroupSummaryAction On IE7: 2011-01-20 08:03:21,729 [btpool0-6] DEBUG org.codehaus.plexus.redback.system.DefaultSecuritySystem - User: org.codehaus.plexus.redback.common.ldap.LdapUser@2ea871 2011-01-20 08:03:22,404 [btpool0-3] DEBUG org.codehaus.plexus.redback.struts2.interceptor.AutoLoginInterceptor - Returning Security Session: org.codehaus.plexus.redback.system.DefaultSecuritySession@1a2ac44 2011-01-20 08:03:22,404 [btpool0-3] DEBUG org.codehaus.plexus.redback.struts2.interceptor.AutoLoginInterceptor - User already authenticated. 2011-01-20 08:03:22,404 [btpool0-3] DEBUG org.codehaus.plexus.redback.struts2.interceptor.AutoLoginInterceptor - Login invalidated: signon cookie was removed 2011-01-20 08:03:22,451 [btpool0-3] DEBUG org.codehaus.plexus.redback.struts2.interceptor.SecureActionInterceptor - SecureActionInterceptor: processing org.codehaus.plexus.redback.struts2.action.SecurityRedirectAction 2011-01-20 08:03:22,451 [btpool0-3] DEBUG org.codehaus.plexus.redback.struts2.interceptor.SecureActionInterceptor - SecureActionInterceptor: org.codehaus.plexus.redback.struts2.action.SecurityRedirectAction not a secure action 2011-01-20 08:03:22,451 [btpool0-3] DEBUG org.codehaus.plexus.redback.struts2.interceptor.SecureActionInterceptor - not a secure action org.codehaus.plexus.redback.struts2.action.SecurityRedirectAction 2011-01-20 08:03:22,451 [btpool0-3] DEBUG org.codehaus.plexus.redback.struts2.interceptor.PolicyEnforcementInterceptor - Enforcement: not processing per click security policies. 2011-01-20 08:03:22,472 [btpool0-3] DEBUG org.codehaus.plexus.redback.struts2.interceptor.SecureActionInterceptor - Passing invocation up, result is [security-login-success] on call org.codehaus.plexus.redback.struts2.action.SecurityRedirectAction 2011-01-20 08:03:22,545 [btpool0-6] DEBUG org.codehaus.plexus.redback.struts2.interceptor.AutoLoginInterceptor - Returning Security Session: null 2011-01-20 08:03:22,545 [btpool0-6] DEBUG org.codehaus.plexus.redback.struts2.interceptor.SecureActionInterceptor - SecureActionInterceptor: processing org.apache.maven.continuum.web.action.GroupSummaryAction 2011-01-20 08:03:22,545 [btpool0-6] DEBUG org.codehaus.plexus.redback.struts2.interceptor.SecureActionInterceptor - SecureActionInterceptor: org.apache.maven.continuum.web.action.GroupSummaryAction not a secure action 2011-01-20 08:03:22,545 [btpool0-6] DEBUG org.codehaus.plexus.redback.struts2.interceptor.SecureActionInterceptor - not a secure action org.apache.maven.continuum.web.action.GroupSummaryAction 2011-01-20 08:03:22,545 [btpool0-6] DEBUG org.codehaus.plexus.redback.struts2.interceptor.PolicyEnforcementInterceptor - Enforcement: not processing per click security policies. 2011-01-20 08:03:22,576 [btpool0-6] DEBUG org.codehaus.plexus.redback.struts2.interceptor.SecureActionInterceptor - Passing invocation up, result is [success] on call org.apache.maven.continuum.web.action.GroupSummaryAction
        Hide
        Brett Porter added a comment -

        thanks for the data Mario.

        Is Stephen's advice about the clock skew relevant to you here?

        What security level is the browser set at? Does the user see it as an intranet site, or an internet site?

        Show
        Brett Porter added a comment - thanks for the data Mario. Is Stephen's advice about the clock skew relevant to you here? What security level is the browser set at? Does the user see it as an intranet site, or an internet site?
        Hide
        Brett Porter added a comment - - edited

        I saw this myself today. Here's what I had that was being sent:

        • 2 JSESSIONID cookies (path: / and /archiva)
        • rbkRememberMe (path: /archiva)
        • rbkSignon (path: /)

        The server responded clearing both cookies, then setting both cookies on /. It redirects to the redbackRedirect action which sends both, twice, with an empty value and 1970 expiry (4 cookie setting lines). Some other actions continue to unset the two cookies.

        Deleting the above cookies fixed the problem after I logged in again.

        I think it might be the incorrect JSESSIONID, but it may have been the incorrect "remember me" cookie that was never unset.

        Show
        Brett Porter added a comment - - edited I saw this myself today. Here's what I had that was being sent: 2 JSESSIONID cookies (path: / and /archiva) rbkRememberMe (path: /archiva) rbkSignon (path: /) The server responded clearing both cookies, then setting both cookies on /. It redirects to the redbackRedirect action which sends both, twice, with an empty value and 1970 expiry (4 cookie setting lines). Some other actions continue to unset the two cookies. Deleting the above cookies fixed the problem after I logged in again. I think it might be the incorrect JSESSIONID, but it may have been the incorrect "remember me" cookie that was never unset.
        Hide
        Leonardo Penczek added a comment -

        I do not know how to resolve this problem, but i think i found the cause.
        My Firefox was accessing without problems, but my IE wasn't (same problem as above).
        The only difference was that my Firerfox has a rule to skip the web-proxy (it was directly accessing the archiva server) and my IE was using the proxy (because it's configured via WPAD).
        In every machine that i configured to skip the proxy the archiva has returned to work correctly.
        It is an issue with the proxy, it probably was removing/adding/changing some header that archiva is expecting and causing the malfunction.

        Show
        Leonardo Penczek added a comment - I do not know how to resolve this problem, but i think i found the cause. My Firefox was accessing without problems, but my IE wasn't (same problem as above). The only difference was that my Firerfox has a rule to skip the web-proxy (it was directly accessing the archiva server) and my IE was using the proxy (because it's configured via WPAD). In every machine that i configured to skip the proxy the archiva has returned to work correctly. It is an issue with the proxy, it probably was removing/adding/changing some header that archiva is expecting and causing the malfunction.
        Hide
        Olivier Lamy added a comment -

        no more issues fix for 1.3.x except security. Please use 2.x

        Show
        Olivier Lamy added a comment - no more issues fix for 1.3.x except security. Please use 2.x

          People

          • Assignee:
            Olivier Lamy
            Reporter:
            Robin Roos
          • Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: