Hello Dave,
Thank you for contacting us.
From what you are describing, unauthenticated users have permission to
deploy/cache. So what is probably occurring is that these unauthenticated users
are using GET from the virtual repository → the GET request has dependencies
which are not yet cached in Artifactory → Artifactory goes out to a remote
endpoint to get these dependencies, which then creates a deployment, since
caching files is the same as deploying files.
This of course can be avoided by disabling the deploy/cache permissions for
unauthenticated users but would cause the expected issues of GET responses
failing when dependencies are missing in the current local/remote cache
repository.
Regarding users showing as unauthenticated when deploying jobs which their
settings.xml is configured, would it be possible to share with us a
settings.xml example? (with password encrypted) Please verify the configuration
is set properly as explained our online wiki for working with Maven especially
the setting up security section.
For reference, you can see projects which are ready for usage examples on our
Github page, which can be found here.
Best regards,
Mor
JFrog Support
On Fri, 4 Dec at 8:20 PM
, Dave Pierce <[email protected]> wrote:
We seem to have two separate problems but I'm suspicious that they're
related.
We have anonymous access enabled, which allow read-only access for
unauthenticated users as well as deploy/cache permissions for -cache
repositories. Additionally, we have a couple service accounts that different
dev teams are supposed to use in their maven settings.xml files to deploy
artifacts.
What's weird is that in the access.log file, I see a LOT of "ACCEPTED
DEPLOY" lines for anonymous users at various IPs. Also, they're deploying
into virtual repositories. (?) What's weirder, is that they're all for .pom
files which are one or more weeks old - they've long since been deployed
already. Are they being overwritten? How is anonymous able to deploy
anything anyway? Especially to a virtual repo?
Secondly, there seem to be a number of users with credentials in their
settings.xml files which, for whatever reason, are showing up as
unauthenticated when they try to deploy a snapshot or release artifact.
(They have their team account in their settings.xml file, and maven is
recognizing it, but when the attempt to deploy shows up in the access.log,
it shows "DENIED DEPLOY" and "for anonymous/IPA.DD.RE.SS")
Any thoughts on either of these issues would be appreciated.
Thanks,
Dave
--
View this message in context:
http://forums.jfrog.org/Anonymous-Deploying-Settings-xml-ignored-tp7580638.html
Sent from the Artifactory - Users mailing list archive at Nabble.com.
------------------------------------------------------------------------------
Go from Idea to Many App Stores Faster with Intel(R) XDK
Give your users amazing mobile app experiences with Intel(R) XDK.
Use one codebase in this all-in-one HTML5 development environment.
Design, debug & build mobile apps & 2D/3D high-impact games for multiple OSs.
http://pubads.g.doubleclick.net/gampad/clk?id=254741911&iu=/4140
_______________________________________________
Artifactory-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/artifactory-users
------------------------------------------------------------------------------
Go from Idea to Many App Stores Faster with Intel(R) XDK
Give your users amazing mobile app experiences with Intel(R) XDK.
Use one codebase in this all-in-one HTML5 development environment.
Design, debug & build mobile apps & 2D/3D high-impact games for multiple OSs.
http://pubads.g.doubleclick.net/gampad/clk?id=254741911&iu=/4140
_______________________________________________
Artifactory-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/artifactory-users
