Uploaded image for project: 'Bitbucket Data Center'
  1. Bitbucket Data Center
  2. BSERV-7536

DefaultEscalatedSecurityContext does not (always) retain the authenticated user when running with elevated permissions

    XMLWordPrintable

Details

    Description

      When an EscalatedSecurityContext is created through the SecurityService, it captures the currently authenticated user and uses that as the run-as user. This meant that any security contexts with elevated permissions that are created during initialization capture a null user and run anonymously.

      Code like this would trigger the error:

      public class MyComponent {
    private final EscalatedSecurityContext withRead;

    public MyComponent(SecurityService securityService) {
        // bug: the run-as user is captured here, in this case null
        withRead = securityService.withPermission(Permission.REPO_READ, "some reason");
    }
    
    public void fancyLogicHere() {
        withRead.call(new UncheckedOperation<Void>() {
            public Void perform() {
                // bug: the 'null' run-as user captured in the constructor is set as the current user (but with REPO_READ permissions)
                ....
            }
        });
    }

      Attachments

        Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. BSERV-7395 Access key auth information needed in StashAuthenticationContext for plugin development

          • Medium - Medium priority issues
          • Closed

          Activity

            People

              mheemskerk Michael Heemskerk (Inactive)
              mheemskerk Michael Heemskerk (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: