Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-12319

scripting should support mapping roles from non-default sources

    Details

    • Type: Improvement
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 3.2.0
    • Fix Version/s: None
    • Component/s: REST, Scripting
    • Labels:
      None
    • Story Points:
      2
    • Notability:
      4

      Description

      org.sonatype.nexus.security.SecurityApi has an addRole method:

       /**
         * Add a new Role to the system.
         */
        Role addRole(String id, String name, String description, List<String> privileges, List<String> roles);
      

      This method does not allow specifying the role source, the implementation uses the default source (Default Authorization realm)

      While it can work that you can create a role in the default source, and still have that picked up by LDAP or crowd, this seems to be by accident only, is not intuitive and a compatibility byproduct from Nexus 2.

      This implicit byproduct is not a good long term approach.

      Users want to map roles explicitly to LDAP and CROWD, not the default realm and providing a way to specify the role source would allow that.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              plynch Peter Lynch
              Last Updated By:
              Rich Seddon Rich Seddon
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Dates

                Created:
                Updated:
                Date of First Response:

                  tigCommentSecurity.panel-title