file-server icon indicating copy to clipboard operation
file-server copied to clipboard
verified publisher icon jveverka

Anonymous access returns 403 HTTP code

Open sebaslavigne opened this issue 3 years ago • 1 comments

Running file-server:1.3.0-amd64 via Docker on Windows. Logged in access to different directories with different roles works correctly. However, when trying to download a file or listing files to a directory with the "anonymous" role without logging in doesn't work, not even sending the cookie returned after the first try.

Using the default application.yml configuration:

     - path: 'anonymous-read/*'
       access: READ
       roles:
         - anonymous

Docker log, when logging in as "joe" and calling http://localhost:8888/services/files/list/anonymous-read:

2022-12-01 13:18:12.890  INFO 7 --- [nio-8888-exec-1] itx.fileserver.controler.AuthController  : login: joe AE3F9075EB87F2E8450F8B65AB65FB94
2022-12-01 13:18:12.890  INFO 7 --- [nio-8888-exec-1] i.f.s.d.inmemory.AuditServiceInmemory    : storeAudit: 1669900692 joe LOGIN
2022-12-01 13:18:16.947  INFO 7 --- [nio-8888-exec-3] i.f.controler.FileServerController       : getFiles: anonymous-read
2022-12-01 13:18:16.947  INFO 7 --- [nio-8888-exec-3] itx.fileserver.services.FileServiceImpl  : getFilesInfo: anonymous-read
2022-12-01 13:18:16.947  INFO 7 --- [nio-8888-exec-3] i.f.services.FileAccessServiceImpl       : checkAccess: public anonymous-read/* public/* READ/READ_WRITE
2022-12-01 13:18:16.949  INFO 7 --- [nio-8888-exec-3] i.f.services.FileAccessServiceImpl       : checkAccess: public anonymous-read/* joe/for-everybody/* READ/READ
2022-12-01 13:18:16.949  INFO 7 --- [nio-8888-exec-3] i.f.services.FileAccessServiceImpl       : checkAccess: anonymous anonymous-read/* * READ/READ_WRITE
2022-12-01 13:18:16.950  INFO 7 --- [nio-8888-exec-3] i.f.services.FileAccessServiceImpl       : checkAccess: anonymous anonymous-read/* anonymous-read/* READ/READ
2022-12-01 13:18:16.950  INFO 7 --- [nio-8888-exec-3] i.f.services.FileAccessServiceImpl       : checkAccess: anonymous anonymous-read/* anonymous-readwrite/* READ/READ_WRITE
2022-12-01 13:18:16.955  INFO 7 --- [nio-8888-exec-3] i.f.services.FileAccessServiceImpl       : checkAccess: public anonymous-read/anonymous-read public/* READ/READ_WRITE
2022-12-01 13:18:16.955  INFO 7 --- [nio-8888-exec-3] i.f.services.FileAccessServiceImpl       : checkAccess: public anonymous-read/anonymous-read joe/for-everybody/* READ/READ
2022-12-01 13:18:16.955  INFO 7 --- [nio-8888-exec-3] i.f.services.FileAccessServiceImpl       : checkAccess: anonymous anonymous-read/anonymous-read * READ/READ_WRITE
2022-12-01 13:18:16.955  INFO 7 --- [nio-8888-exec-3] i.f.services.FileAccessServiceImpl       : checkAccess: anonymous anonymous-read/anonymous-read anonymous-read/* READ/READ
2022-12-01 13:18:16.955  INFO 7 --- [nio-8888-exec-3] i.f.services.FileAccessServiceImpl       : checkAccess: anonymous anonymous-read/anonymous-read anonymous-readwrite/* READ/READ_WRITE
2022-12-01 13:18:16.958  INFO 7 --- [nio-8888-exec-3] i.f.services.FileAccessServiceImpl       : checkAccess: public anonymous-read/test.txt public/* READ/READ_WRITE
2022-12-01 13:18:16.958  INFO 7 --- [nio-8888-exec-3] i.f.services.FileAccessServiceImpl       : checkAccess: public anonymous-read/test.txt joe/for-everybody/* READ/READ
2022-12-01 13:18:16.958  INFO 7 --- [nio-8888-exec-3] i.f.services.FileAccessServiceImpl       : checkAccess: anonymous anonymous-read/test.txt * READ/READ_WRITE
2022-12-01 13:18:16.959  INFO 7 --- [nio-8888-exec-3] i.f.services.FileAccessServiceImpl       : checkAccess: anonymous anonymous-read/test.txt anonymous-read/* READ/READ
2022-12-01 13:18:16.959  INFO 7 --- [nio-8888-exec-3] i.f.services.FileAccessServiceImpl       : checkAccess: anonymous anonymous-read/test.txt anonymous-readwrite/* READ/READ_WRITE

...
[more files]
...

2022-12-01 13:18:16.988  INFO 7 --- [nio-8888-exec-3] i.f.s.d.inmemory.AuditServiceInmemory    : storeAudit: 1669900696 joe LIST_DIR

and the response:

{
    "path": "anonymous-read",
    "fileInfo": [
        {
            "filePath": "text.txt",
            "size": 203,
            "lastModified": 1669630057251
        },
        {
            "more":"files"
        }
    ],
    "directoryInfo": []
}

But when logging out and then calling the endpoint it seems an "anonymous" session is created without further action:

2022-12-01 13:18:16.988  INFO 7 --- [nio-8888-exec-3] i.f.s.d.inmemory.AuditServiceInmemory    : storeAudit: 1669900696 joe LIST_DIR
2022-12-01 13:22:59.403  INFO 7 --- [nio-8888-exec-6] itx.fileserver.controler.AuthController  : logout: AE3F9075EB87F2E8450F8B65AB65FB94
2022-12-01 13:22:59.403  INFO 7 --- [nio-8888-exec-6] i.f.s.d.inmemory.AuditServiceInmemory    : storeAudit: 1669900979 joe LOGOUT
2022-12-01 13:22:59.403  INFO 7 --- [nio-8888-exec-6] itx.fileserver.config.SessionListener    : sessionDestroyed: AE3F9075EB87F2E8450F8B65AB65FB94
2022-12-01 13:23:02.020  INFO 7 --- [nio-8888-exec-7] itx.fileserver.config.SessionListener    : sessionCreated: 514697DDA3BAE65EDCF9A5A708FC97E6
2022-12-01 13:23:02.020  INFO 7 --- [nio-8888-exec-7] i.f.s.d.inmemory.AuditServiceInmemory    : storeAudit: 1669900982 ANONYMOUS LOGIN

There are no new logs when calling the endpoint again with the session cookie.

sebaslavigne avatar Dec 01 '22 13:12 sebaslavigne

add

if (anonymousSessions.containsKey(sessionId)) {
            return Optional.ofNullable(anonymousSessions.get(sessionId));
        }

in to SecurityServiceImpl#isAuthorized

nooblong avatar Oct 09 '23 07:10 nooblong