Uploaded image for project: 'Dev - Nexus'
  1. Dev - Nexus
  2. NEXUS-12230

User token is deleted if external server cannot be reached

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.11.4, 3.2.0
    • Fix Version/s: 3.2.1, 2.14.3
    • Component/s: Crowd, LDAP, User Token
    • Labels:
      None
    • Environment:
      PRO
    • Story Points:
      2
    • Sprint:
      Sprint 88

      Description

      An error occurred when trying to contact a Crowd server to look up the user ID associated with a user token:

      2017-01-17 17:59:19,293-0600 WARN [qtp1976642001-174945] *UNKNOWN com.atlassian.crowd.integration.rest.service.RestExecutor - The following URL does not specify a valid Crowd User Management REST service: https://com.server.com/crowd/rest/usermanagement/1/user?username=USERNAME
      2017-01-17 17:59:19,355-0600 WARN [qtp1976642001-174945] *UNKNOWN com.sonatype.nexus.crowd.internal.CrowdUserManager - Unable to look up Crowd user USERNAME due to javax.xml.bind.DataBindingException/javax.xml.bind.UnmarshalException

      • with linked exception:
        [org.xml.sax.SAXParseException; lineNumber: 1; columnNumber: 1; Premature end of file.]
        2017-01-17 17:59:19,355-0600 DEBUG [qtp1976642001-174945] *UNKNOWN com.sonatype.nexus.usertoken.plugin.realm.UserTokenRealm - Removing stale user-token, target principals are no longer valid
        2017-01-17 17:59:19,355-0600 DEBUG [qtp1976642001-174945] *UNKNOWN com.sonatype.nexus.usertoken.plugin.internal.UserTokenServiceImpl - Removing record for: USERNAME
        2017-01-17 17:59:19,371-0600 TRACE [qtp1976642001-174945] *UNKNOWN org.sonatype.security.internal.UserIdMdcHelper - Set: USERNAME

      In response to this Nexus removed the user token.

      Expected:

      1. Nexus should not remove the token unless the server can be reached, and the user can't be found
      2. Nexus should return a 401 if the server can't be reached.

        Issue Links

          Activity

          Hide
          jtom Joe Tom added a comment -

          Verified the tokens in LDAP and Crowd for both NXRM2 and NXRM3 remain intact through failed connection and the error message is now less severe. Thanks!

          Show
          jtom Joe Tom added a comment - Verified the tokens in LDAP and Crowd for both NXRM2 and NXRM3 remain intact through failed connection and the error message is now less severe. Thanks!

            People

            • Assignee:
              jtom Joe Tom
              Reporter:
              rseddon Rich Seddon
              Last Updated By:
              Joe Tom
            • Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Date of First Response:

                Agile