Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-13306

usernames containing non URL safe characters cannot authenticate using the Crowd realm

    XMLWordPrintable

    Details

    • Notability:
      2

      Description

      Have a Crowd application where user names contain spaces or other non-URL safe characters.
      Try to use this Crowd Application to authenticate and authorize into Nexus. This will not work because the REST call made to the crowd server will form a non-safe URL that is not encoded properly.

      This is what you see in logs when you try to map a "user name" user id into Nexus:

       jvm 1    | 2017-06-01 17:57:08,818-0300 WARN  [qtp1928274996-126] admin com.sonatype.nexus.crowd.internal.CrowdUserManager - Unable to look up Crowd user user name due to java.lang.IllegalArgumentException/java.net.URISyntaxException: Illegal character in query at index 68: http://localhost:8095/crowd/rest/usermanagement/1/user?username=user name
      jvm 1    | 2017-06-01 17:57:08,820-0300 INFO  [qtp1928274996-126] admin org.sonatype.nexus.configuration.ModelUtils - Loading model /app/nexus-testing/2.14.4-03/nexus-professional-2.14.4-03-bundle/sonatype-work/nexus/conf/ldap.xml
      jvm 1    | 2017-06-01 17:57:32,340-0300 WARN  [qtp1928274996-134] admin com.sonatype.nexus.crowd.internal.CrowdUserManager - Unable to look up Crowd user user name due to java.lang.IllegalArgumentException/java.net.URISyntaxException: Illegal character in query at index 68: http://localhost:8095/crowd/rest/usermanagement/1/user?username=user name
      

      Similar exceptions occur if you try to map a Crowd group and then authenticate the user "user name".

      java.lang.IllegalArgumentException java.netURISyntaxException Illegal character in query at index 94
      com.atlassian.crowd.integration.rest.service.RestExecutor.buildURI(RestExecutor.java:223)
      com.atlassian.crowd.integration.rest.service.RestExecutor.getURI(RestExecutor.java:132)
      com.atlassian.crowd.integration.rest.service.RestCrowdClient.getUser(RestCrowdClient.java:104)
      com.sonatype.nexus.crowd.internal.CrowdUserManager.getUser (CrowdUserManager.java:93)
      com.sonatype.nexus.rutauthinternal.RutAuthRealm.doGetAuthenInfo (RutAuthRealm.java:88) nexus-rutauth-plugin 2.14.4-03
      

      Possible Workarounds

      • use user ids that do not contain non-url safe characters
      • use the LDAP realm instead which does not use REST API and properly escapes the relevant LDAP queries

        Attachments

          Activity

            People

            Assignee:
            mpiggott Matthew Piggott
            Reporter:
            plynch Peter Lynch
            CC:
            Alvin Gunkel
            Last Updated By:
            Wes Wannemacher
            Team:
            NXRM - Operations/Groot
            Votes:
            0 Vote for this issue
            Watchers:
            7 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:
              Date of First Response:

                tigCommentSecurity.panel-title

                  PagerDuty