Inconsistent Token Permissions After Changing rest.write.access.usergroup Property

[sameed20]

Description

After changing the value of the rest.write.access.usergroup property in sw360.properties from USER to ADMIN, there is an inconsistency in token permissions. Newly generated tokens for normal users do not have write access as expected. However, tokens that were generated by normal users before changing the property still retain write access.

How to reproduce

1. Set rest.write.access.usergroup=USER in the application's property file.
2. Generate tokens for normal users and observe write access.
3. Change rest.write.access.usergroup to ADMIN in the property file.
4. Generate new tokens for normal users and check the write access.
5. Verify tokens generated before the property change – they still have write access.

[sameed20]

For this issue a script has been written, which will remove the WRITE access to REST API from the USERS.

[heliocastro]

@sameed20 Did this solve the bug ? Afaik, you are just fixing the database, but the error can happens again. @smrutis1 I think this is a bug in the rest rest service that need to be looked, because old tokens never vanish or changed automatically

[ag4ums]

@heliocastro, this does not looks like a bug, as the check for the token access privilege is working fine, 'Verify tokens generated before the property change – they still have write access.' `` is also an intended behavior .... as the tokens are created before applying the changes in the properties (rest.write.access.usergroup) I think as @sameed20 mentioned a script is better to change the users access as intended, rather than backend service to do the same.