Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-11869

Repository Administration shows errors with limited privileges

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 3.1.0, 3.2.0, 3.2.1, 3.7.0
    • Fix Version/s: 3.17.0
    • Component/s: Security, UI
    • Labels:
    • Environment:
      Chrome MacOSX

      Description

      I made myself a role with nx-repository-admin-* and assigned to a user and when I logged in and navigated to repository admin, I got the attached error as well as the below from nexus.log. I am suspect this is because I didn't have healthcheck privileges (as it says) and I know we want people to use healthcheck but I am skeptical we want them to use it so bad we throw errors down their throats.

      This seemed familiar but I only saw one issue with this error and it was regarding anonymous access.

      I didn't check NX2 at this time. I checked also against NX3.1 and this is not recent regression.

      Nexus.log snip:

      2016-12-07 10:50:36,581-0500 ERROR [pool-41-thread-14] joedragons org.sonatype.nexus.extdirect.internal.ExtDirectServlet - Failed to invoke action method: healthcheck_Status.read, java-method: com.sonatype.nexus.plugins.healthcheck.ui.HealthCheckStatusComponent.read
      org.apache.shiro.authz.AuthorizationException: User is not permitted: nexus:healthcheck:read
      	at org.sonatype.nexus.security.authz.ExceptionCatchingModularRealmAuthorizer.checkPermission(ExceptionCatchingModularRealmAuthorizer.java:66) [na:na]
      	at org.apache.shiro.mgt.AuthorizingSecurityManager.checkPermission(AuthorizingSecurityManager.java:137) [na:na]
      	at org.apache.shiro.subject.support.DelegatingSubject.checkPermission(DelegatingSubject.java:205) [org.apache.shiro.core:1.3.2]
      	at org.apache.shiro.authz.aop.PermissionAnnotationHandler.assertAuthorized(PermissionAnnotationHandler.java:74) [na:na]
      	at org.apache.shiro.authz.aop.AuthorizingAnnotationMethodInterceptor.assertAuthorized(AuthorizingAnnotationMethodInterceptor.java:84) [na:na]
      	at org.apache.shiro.authz.aop.AuthorizingAnnotationMethodInterceptor.invoke(AuthorizingAnnotationMethodInterceptor.java:67) [na:na]
      	at org.apache.shiro.guice.aop.AopAllianceMethodInterceptorAdapter.invoke(AopAllianceMethodInterceptorAdapter.java:36) [na:na]
      	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [na:1.8.0_102]
      	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) [na:1.8.0_102]
      	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [na:1.8.0_102]
      	at java.lang.reflect.Method.invoke(Method.java:498) [na:1.8.0_102]
      	at com.softwarementors.extjs.djn.router.dispatcher.DispatcherBase.invokeJavaMethod(DispatcherBase.java:142) [org.sonatype.nexus.extdirect:3.1.0.04]
      	at com.softwarementors.extjs.djn.router.dispatcher.DispatcherBase.invokeMethod(DispatcherBase.java:133) [org.sonatype.nexus.extdirect:3.1.0.04]
      	at org.sonatype.nexus.extdirect.internal.ExtDirectServlet$3.invokeMethod(ExtDirectServlet.java:221) [org.sonatype.nexus.extdirect:3.1.0.04]
      	at com.softwarementors.extjs.djn.router.dispatcher.DispatcherBase.dispatch(DispatcherBase.java:63) [org.sonatype.nexus.extdirect:3.1.0.04]
      	at com.softwarementors.extjs.djn.router.processor.standard.StandardRequestProcessorBase.dispatchStandardMethod(StandardRequestProcessorBase.java:73) [org.sonatype.nexus.extdirect:3.1.0.04]
      	at com.softwarementors.extjs.djn.router.processor.standard.json.JsonRequestProcessor.processIndividualRequest(JsonRequestProcessor.java:502) [org.sonatype.nexus.extdirect:3.1.0.04]
      	at com.softwarementors.extjs.djn.router.processor.standard.json.DefaultJsonRequestProcessorThread.processRequest(DefaultJsonRequestProcessorThread.java:72) [org.sonatype.nexus.extdirect:3.1.0.04]
      	at com.softwarementors.extjs.djn.servlet.ssm.SsmJsonRequestProcessorThread.processRequest(SsmJsonRequestProcessorThread.java:43) [org.sonatype.nexus.extdirect:3.1.0.04]
      	at org.sonatype.nexus.extdirect.internal.ExtDirectJsonRequestProcessorThread.access$1(ExtDirectJsonRequestProcessorThread.java:1) [org.sonatype.nexus.extdirect:3.1.0.04]
      	at org.sonatype.nexus.extdirect.internal.ExtDirectJsonRequestProcessorThread$1.call(ExtDirectJsonRequestProcessorThread.java:61) [org.sonatype.nexus.extdirect:3.1.0.04]
      	at org.sonatype.nexus.extdirect.internal.ExtDirectJsonRequestProcessorThread$1.call(ExtDirectJsonRequestProcessorThread.java:1) [org.sonatype.nexus.extdirect:3.1.0.04]
      	at com.google.inject.servlet.GuiceFilter$Context.call(GuiceFilter.java:203) [com.google.inject:4.0.0]
      	at com.google.inject.servlet.ServletScopes$4.call(ServletScopes.java:274) [com.google.inject:4.0.0]
      	at org.sonatype.nexus.extdirect.internal.ExtDirectJsonRequestProcessorThread.processRequest(ExtDirectJsonRequestProcessorThread.java:75) [org.sonatype.nexus.extdirect:3.1.0.04]
      	at com.softwarementors.extjs.djn.router.processor.standard.json.DefaultJsonRequestProcessorThread.call(DefaultJsonRequestProcessorThread.java:56) [org.sonatype.nexus.extdirect:3.1.0.04]
      	at com.softwarementors.extjs.djn.router.processor.standard.json.DefaultJsonRequestProcessorThread.call(DefaultJsonRequestProcessorThread.java:30) [org.sonatype.nexus.extdirect:3.1.0.04]
      	at java.util.concurrent.FutureTask.run(FutureTask.java:266) [na:1.8.0_102]
      	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [na:1.8.0_102]
      	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [na:1.8.0_102]
      	at java.lang.Thread.run(Thread.java:745) [na:1.8.0_102]
      Caused by: org.apache.shiro.authz.AuthorizationException: Not authorized to invoke method: public java.util.List com.sonatype.nexus.plugins.healthcheck.ui.HealthCheckStatusComponent.read()
      	at org.apache.shiro.authz.aop.AuthorizingAnnotationMethodInterceptor.assertAuthorized(AuthorizingAnnotationMethodInterceptor.java:90) [na:na]
      	... 26 common frames omitted
      2016-12-07 10:50:36,583-0500 ERROR [pool-41-thread-2] joedragons org.sonatype.nexus.extdirect.internal.ExtDirectServlet - Failed to invoke action method: healthcheck_Status.read, java-method: com.sonatype.nexus.plugins.healthcheck.ui.HealthCheckStatusComponent.read
      org.apache.shiro.authz.AuthorizationException: User is not permitted: nexus:healthcheck:read
      	at org.sonatype.nexus.security.authz.ExceptionCatchingModularRealmAuthorizer.checkPermission(ExceptionCatchingModularRealmAuthorizer.java:66) [na:na]
      	at org.apache.shiro.mgt.AuthorizingSecurityManager.checkPermission(AuthorizingSecurityManager.java:137) [na:na]
      	at org.apache.shiro.subject.support.DelegatingSubject.checkPermission(DelegatingSubject.java:205) [org.apache.shiro.core:1.3.2]
      	at org.apache.shiro.authz.aop.PermissionAnnotationHandler.assertAuthorized(PermissionAnnotationHandler.java:74) [na:na]
      	at org.apache.shiro.authz.aop.AuthorizingAnnotationMethodInterceptor.assertAuthorized(AuthorizingAnnotationMethodInterceptor.java:84) [na:na]
      	at org.apache.shiro.authz.aop.AuthorizingAnnotationMethodInterceptor.invoke(AuthorizingAnnotationMethodInterceptor.java:67) [na:na]
      	at org.apache.shiro.guice.aop.AopAllianceMethodInterceptorAdapter.invoke(AopAllianceMethodInterceptorAdapter.java:36) [na:na]
      	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [na:1.8.0_102]
      	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) [na:1.8.0_102]
      	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [na:1.8.0_102]
      	at java.lang.reflect.Method.invoke(Method.java:498) [na:1.8.0_102]
      	at com.softwarementors.extjs.djn.router.dispatcher.DispatcherBase.invokeJavaMethod(DispatcherBase.java:142) [org.sonatype.nexus.extdirect:3.1.0.04]
      	at com.softwarementors.extjs.djn.router.dispatcher.DispatcherBase.invokeMethod(DispatcherBase.java:133) [org.sonatype.nexus.extdirect:3.1.0.04]
      	at org.sonatype.nexus.extdirect.internal.ExtDirectServlet$3.invokeMethod(ExtDirectServlet.java:221) [org.sonatype.nexus.extdirect:3.1.0.04]
      	at com.softwarementors.extjs.djn.router.dispatcher.DispatcherBase.dispatch(DispatcherBase.java:63) [org.sonatype.nexus.extdirect:3.1.0.04]
      	at com.softwarementors.extjs.djn.router.processor.standard.StandardRequestProcessorBase.dispatchStandardMethod(StandardRequestProcessorBase.java:73) [org.sonatype.nexus.extdirect:3.1.0.04]
      	at com.softwarementors.extjs.djn.router.processor.standard.json.JsonRequestProcessor.processIndividualRequest(JsonRequestProcessor.java:502) [org.sonatype.nexus.extdirect:3.1.0.04]
      	at com.softwarementors.extjs.djn.router.processor.standard.json.DefaultJsonRequestProcessorThread.processRequest(DefaultJsonRequestProcessorThread.java:72) [org.sonatype.nexus.extdirect:3.1.0.04]
      	at com.softwarementors.extjs.djn.servlet.ssm.SsmJsonRequestProcessorThread.processRequest(SsmJsonRequestProcessorThread.java:43) [org.sonatype.nexus.extdirect:3.1.0.04]
      	at org.sonatype.nexus.extdirect.internal.ExtDirectJsonRequestProcessorThread.access$1(ExtDirectJsonRequestProcessorThread.java:1) [org.sonatype.nexus.extdirect:3.1.0.04]
      	at org.sonatype.nexus.extdirect.internal.ExtDirectJsonRequestProcessorThread$1.call(ExtDirectJsonRequestProcessorThread.java:61) [org.sonatype.nexus.extdirect:3.1.0.04]
      	at org.sonatype.nexus.extdirect.internal.ExtDirectJsonRequestProcessorThread$1.call(ExtDirectJsonRequestProcessorThread.java:1) [org.sonatype.nexus.extdirect:3.1.0.04]
      	at com.google.inject.servlet.GuiceFilter$Context.call(GuiceFilter.java:203) [com.google.inject:4.0.0]
      	at com.google.inject.servlet.ServletScopes$4.call(ServletScopes.java:274) [com.google.inject:4.0.0]
      	at org.sonatype.nexus.extdirect.internal.ExtDirectJsonRequestProcessorThread.processRequest(ExtDirectJsonRequestProcessorThread.java:75) [org.sonatype.nexus.extdirect:3.1.0.04]
      	at com.softwarementors.extjs.djn.router.processor.standard.json.DefaultJsonRequestProcessorThread.call(DefaultJsonRequestProcessorThread.java:56) [org.sonatype.nexus.extdirect:3.1.0.04]
      	at com.softwarementors.extjs.djn.router.processor.standard.json.DefaultJsonRequestProcessorThread.call(DefaultJsonRequestProcessorThread.java:30) [org.sonatype.nexus.extdirect:3.1.0.04]
      	at java.util.concurrent.FutureTask.run(FutureTask.java:266) [na:1.8.0_102]
      	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [na:1.8.0_102]
      	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [na:1.8.0_102]
      	at java.lang.Thread.run(Thread.java:745) [na:1.8.0_102]
      Caused by: org.apache.shiro.authz.AuthorizationException: Not authorized to invoke method: public java.util.List com.sonatype.nexus.plugins.healthcheck.ui.HealthCheckStatusComponent.read()
      	at org.apache.shiro.authz.aop.AuthorizingAnnotationMethodInterceptor.assertAuthorized(AuthorizingAnnotationMethodInterceptor.java:90) [na:na]
      	... 26 common frames omitted
      

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              mpiggott Matthew Piggott
              Reporter:
              jtom Joe Tom
              Last Updated By:
              Joe Tom
              Team:
              NXRM - Tron
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Date of First Response:

                  tigCommentSecurity.panel-title