Skip to content

Anonymous access returns 403 HTTP code #6

New issue
New issue
Open
Open
Anonymous access returns 403 HTTP code#6
@sebaslavigne

Description

@sebaslavigne
sebaslavigne
opened on Dec 1, 2022

Running file-server:1.3.0-amd64 via Docker on Windows. Logged in access to different directories with different roles works correctly. However, when trying to download a file or listing files to a directory with the "anonymous" role without logging in doesn't work, not even sending the cookie returned after the first try.

Using the default application.yml configuration:

     - path: 'anonymous-read/*'
       access: READ
       roles:
         - anonymous

Docker log, when logging in as "joe" and calling http://localhost:8888/services/files/list/anonymous-read:

2022-12-01 13:18:12.890  INFO 7 --- [nio-8888-exec-1] itx.fileserver.controler.AuthController  : login: joe AE3F9075EB87F2E8450F8B65AB65FB94
2022-12-01 13:18:12.890  INFO 7 --- [nio-8888-exec-1] i.f.s.d.inmemory.AuditServiceInmemory    : storeAudit: 1669900692 joe LOGIN
2022-12-01 13:18:16.947  INFO 7 --- [nio-8888-exec-3] i.f.controler.FileServerController       : getFiles: anonymous-read
2022-12-01 13:18:16.947  INFO 7 --- [nio-8888-exec-3] itx.fileserver.services.FileServiceImpl  : getFilesInfo: anonymous-read
2022-12-01 13:18:16.947  INFO 7 --- [nio-8888-exec-3] i.f.services.FileAccessServiceImpl       : checkAccess: public anonymous-read/* public/* READ/READ_WRITE
2022-12-01 13:18:16.949  INFO 7 --- [nio-8888-exec-3] i.f.services.FileAccessServiceImpl       : checkAccess: public anonymous-read/* joe/for-everybody/* READ/READ
2022-12-01 13:18:16.949  INFO 7 --- [nio-8888-exec-3] i.f.services.FileAccessServiceImpl       : checkAccess: anonymous anonymous-read/* * READ/READ_WRITE
2022-12-01 13:18:16.950  INFO 7 --- [nio-8888-exec-3] i.f.services.FileAccessServiceImpl       : checkAccess: anonymous anonymous-read/* anonymous-read/* READ/READ
2022-12-01 13:18:16.950  INFO 7 --- [nio-8888-exec-3] i.f.services.FileAccessServiceImpl       : checkAccess: anonymous anonymous-read/* anonymous-readwrite/* READ/READ_WRITE
2022-12-01 13:18:16.955  INFO 7 --- [nio-8888-exec-3] i.f.services.FileAccessServiceImpl       : checkAccess: public anonymous-read/anonymous-read public/* READ/READ_WRITE
2022-12-01 13:18:16.955  INFO 7 --- [nio-8888-exec-3] i.f.services.FileAccessServiceImpl       : checkAccess: public anonymous-read/anonymous-read joe/for-everybody/* READ/READ
2022-12-01 13:18:16.955  INFO 7 --- [nio-8888-exec-3] i.f.services.FileAccessServiceImpl       : checkAccess: anonymous anonymous-read/anonymous-read * READ/READ_WRITE
2022-12-01 13:18:16.955  INFO 7 --- [nio-8888-exec-3] i.f.services.FileAccessServiceImpl       : checkAccess: anonymous anonymous-read/anonymous-read anonymous-read/* READ/READ
2022-12-01 13:18:16.955  INFO 7 --- [nio-8888-exec-3] i.f.services.FileAccessServiceImpl       : checkAccess: anonymous anonymous-read/anonymous-read anonymous-readwrite/* READ/READ_WRITE
2022-12-01 13:18:16.958  INFO 7 --- [nio-8888-exec-3] i.f.services.FileAccessServiceImpl       : checkAccess: public anonymous-read/test.txt public/* READ/READ_WRITE
2022-12-01 13:18:16.958  INFO 7 --- [nio-8888-exec-3] i.f.services.FileAccessServiceImpl       : checkAccess: public anonymous-read/test.txt joe/for-everybody/* READ/READ
2022-12-01 13:18:16.958  INFO 7 --- [nio-8888-exec-3] i.f.services.FileAccessServiceImpl       : checkAccess: anonymous anonymous-read/test.txt * READ/READ_WRITE
2022-12-01 13:18:16.959  INFO 7 --- [nio-8888-exec-3] i.f.services.FileAccessServiceImpl       : checkAccess: anonymous anonymous-read/test.txt anonymous-read/* READ/READ
2022-12-01 13:18:16.959  INFO 7 --- [nio-8888-exec-3] i.f.services.FileAccessServiceImpl       : checkAccess: anonymous anonymous-read/test.txt anonymous-readwrite/* READ/READ_WRITE

...
[more files]
...

2022-12-01 13:18:16.988  INFO 7 --- [nio-8888-exec-3] i.f.s.d.inmemory.AuditServiceInmemory    : storeAudit: 1669900696 joe LIST_DIR

and the response:

{
    "path": "anonymous-read",
    "fileInfo": [
        {
            "filePath": "text.txt",
            "size": 203,
            "lastModified": 1669630057251
        },
        {
            "more":"files"
        }
    ],
    "directoryInfo": []
}

But when logging out and then calling the endpoint it seems an "anonymous" session is created without further action:

2022-12-01 13:18:16.988  INFO 7 --- [nio-8888-exec-3] i.f.s.d.inmemory.AuditServiceInmemory    : storeAudit: 1669900696 joe LIST_DIR
2022-12-01 13:22:59.403  INFO 7 --- [nio-8888-exec-6] itx.fileserver.controler.AuthController  : logout: AE3F9075EB87F2E8450F8B65AB65FB94
2022-12-01 13:22:59.403  INFO 7 --- [nio-8888-exec-6] i.f.s.d.inmemory.AuditServiceInmemory    : storeAudit: 1669900979 joe LOGOUT
2022-12-01 13:22:59.403  INFO 7 --- [nio-8888-exec-6] itx.fileserver.config.SessionListener    : sessionDestroyed: AE3F9075EB87F2E8450F8B65AB65FB94
2022-12-01 13:23:02.020  INFO 7 --- [nio-8888-exec-7] itx.fileserver.config.SessionListener    : sessionCreated: 514697DDA3BAE65EDCF9A5A708FC97E6
2022-12-01 13:23:02.020  INFO 7 --- [nio-8888-exec-7] i.f.s.d.inmemory.AuditServiceInmemory    : storeAudit: 1669900982 ANONYMOUS LOGIN

There are no new logs when calling the endpoint again with the session cookie.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions