[Artifactory-developers] [JFrog JIRA] Created: (RTFACT-1064) ANY Repository Permission Target necessary for repo cache downloading

[Patrick C. (JIRA) <ji...@jf...>]

ANY Repository Permission Target necessary for repo cache downloading
---------------------------------------------------------------------

                 Key: RTFACT-1064
                 URL: http://www.jfrog.org/jira/browse/RTFACT-1064
             Project: Artifactory
          Issue Type: Bug
    Affects Versions: 1.3.0-beta-6
         Environment: Windows XP SP3
Java(TM) SE Runtime Environment (build 1.6.0_06-b02)
Artifactory 1.3.0-beta-6.1 (rev. 2899)
            Reporter: Patrick Crocker
            Assignee: Yoav Landman
            Priority: Critical



The Problem:
If you delete the 'ANY' Repository Permission target, Artifactory will not download artifacts from the remote repositories (i.e.: repo1-cache).

The Explanation:
The basic idea is to make Artifactory as restrictive as possible by removing the 'ANY' Repository Permission target and add in repository specific Permission Targets as needed.  For example, If you remove the 'ANY' Permission target and add in a 'repo1-cache' permission target (with deploy and read permissions), authenticated users can 'deploy' and read from the repo1-cache, but will not have access to libs-snapshots, etc.  The problem is that if the 'ANY' target does not exist with 'read' permission for the principal, the download will fail even though the principal has deploy and read permissions on the repo1-cache Permission target.

The Steps to Reproduce:
1. Fresh Artifactory install (uncompress and run bin\artifactory.bat)
2. Disallow Anonymous Access
3. Create user "testUser"
4. Remove "Anything" Permission target
5. Create "repo1-cache" Permission target
6. Add "Read" and "Deploy" permissions to "testUser" on "repo1-cache" Permission target
7. Add username/password to server information in $HOME/.m2/settings.xml
8. Add '<mirrorOf>*</mirrorOf> mirror settings in $HOME/.m2/settings.xml
9. (With an empty local repository) Run "mvn clean"

The dependencies will not download from the Central repo as indicated by the Artifactory access.log:
...
2008-11-26 15:11:41,336 [DENIED DOWNLOAD] repo1:junit/junit/3.8.1/junit-3.8.1.jar for testUser/127.0.0.1.
...


-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://www.jfrog.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira