[ https://issues.apache.org/jira/browse/SSHD-731?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Boris Fridland updated SSHD-731: -------------------------------- Description: After implementing sftp access control by overriding SimpleAccessControlSftpEventListener and adding it to SftpSubsystemFactory: Scenario: 1.set isModificationAllowed to return false 2. Establish connection with WinScp 3. try to create new file expected result: access denied message + no influence on file system actual: access denied message, + empty file is written to server disc. in addition if existing file is opened, and being saved --> result is that file content is removed. It is huge variability Attached configuration code: SftpSubsystemFactory.Builder builder = new SftpSubsystemFactory.Builder(); builder.addSftpEventListener(new SimpleAccessControlSftpEventListener() { protected boolean isAccessAllowed(ServerSession session, String remoteHandle, Path localPath) throws IOException { EUserAccessLevel level = authorizationManager.getAccessLevel(session.getUsername()); if(level.hasReadAccess()) { return true; } return false; } protected boolean isModificationAllowed(ServerSession session, String remoteHandle, Path localPath) throws IOException { EUserAccessLevel level = authorizationManager.getAccessLevel(session.getUsername()); if(level.hasWriteAccess()) { return true; } return false; } }); sshd.setSubsystemFactories(Collections.singletonList(builder.build())); sshd.setCommandFactory(new ScpCommandFactory()); following was: After implementing sftp access control by overriding SimpleAccessControlSftpEventListener and adding it to SftpSubsystemFactory: even when isModificationAllowed function returns fals Scenario: 1.set isModificationAllowed to return false 2. Establish connection with WinScp 3. try to create new file expected result: access denied message + no influence on file system actual: access denied message, + empty file is written to server disc. in addition if existing file is opened, and being saved --> result is that file content is removed. It is huge variability Attached configuration code: SftpSubsystemFactory.Builder builder = new SftpSubsystemFactory.Builder(); builder.addSftpEventListener(new SimpleAccessControlSftpEventListener() { protected boolean isAccessAllowed(ServerSession session, String remoteHandle, Path localPath) throws IOException { EUserAccessLevel level = authorizationManager.getAccessLevel(session.getUsername()); if(level.hasReadAccess()) { return true; } return false; } protected boolean isModificationAllowed(ServerSession session, String remoteHandle, Path localPath) throws IOException { EUserAccessLevel level = authorizationManager.getAccessLevel(session.getUsername()); if(level.hasWriteAccess()) { return true; } return false; } }); sshd.setSubsystemFactories(Collections.singletonList(builder.build())); sshd.setCommandFactory(new ScpCommandFactory()); following > Vanorability in SimpleAccessControlSftpEventListener implementation > -------------------------------------------------------------------- > > Key: SSHD-731 > URL: https://issues.apache.org/jira/browse/SSHD-731 > Project: MINA SSHD > Issue Type: Bug > Environment: <dependency> > <groupId>org.apache.sshd</groupId> > <artifactId>sshd-core</artifactId> > <version>1.3.0</version> > </dependency> > <dependency> > <groupId>org.apache.sshd</groupId> > <artifactId>sshd-contrib</artifactId> > <version>1.3.0</version> > </dependency> > Reporter: Boris Fridland > > After implementing sftp access control by overriding > SimpleAccessControlSftpEventListener and adding it to SftpSubsystemFactory: > Scenario: > 1.set isModificationAllowed to return false > 2. Establish connection with WinScp > 3. try to create new file > expected result: access denied message + no influence on file system > actual: access denied message, + empty file is written to server disc. > in addition if existing file is opened, and being saved --> result is that > file content is removed. > It is huge variability > Attached configuration code: > SftpSubsystemFactory.Builder builder = new SftpSubsystemFactory.Builder(); > builder.addSftpEventListener(new > SimpleAccessControlSftpEventListener() { > protected boolean isAccessAllowed(ServerSession session, String > remoteHandle, Path localPath) > throws IOException { > EUserAccessLevel level = > authorizationManager.getAccessLevel(session.getUsername()); > if(level.hasReadAccess()) { > return true; > } > return false; > } > protected boolean isModificationAllowed(ServerSession session, > String remoteHandle, Path localPath) > throws IOException { > EUserAccessLevel level = > authorizationManager.getAccessLevel(session.getUsername()); > if(level.hasWriteAccess()) { > return true; > } > return false; > } > }); > > sshd.setSubsystemFactories(Collections.singletonList(builder.build())); > sshd.setCommandFactory(new ScpCommandFactory()); > > following -- This message was sent by Atlassian JIRA (v6.3.15#6346)