-
Type:
Bug
-
Status: Closed
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: 2.14.4, 3.3.1, 3.15.2
-
Component/s: Crowd
-
Labels:
-
Notability:2
Have a Crowd application where user names contain spaces or other non-URL safe characters.
Try to use this Crowd Application to authenticate and authorize into Nexus. This will not work because the REST call made to the crowd server will form a non-safe URL that is not encoded properly.
This is what you see in logs when you try to map a "user name" user id into Nexus:
jvm 1 | 2017-06-01 17:57:08,818-0300 WARN [qtp1928274996-126] admin com.sonatype.nexus.crowd.internal.CrowdUserManager - Unable to look up Crowd user user name due to java.lang.IllegalArgumentException/java.net.URISyntaxException: Illegal character in query at index 68: http://localhost:8095/crowd/rest/usermanagement/1/user?username=user name jvm 1 | 2017-06-01 17:57:08,820-0300 INFO [qtp1928274996-126] admin org.sonatype.nexus.configuration.ModelUtils - Loading model /app/nexus-testing/2.14.4-03/nexus-professional-2.14.4-03-bundle/sonatype-work/nexus/conf/ldap.xml jvm 1 | 2017-06-01 17:57:32,340-0300 WARN [qtp1928274996-134] admin com.sonatype.nexus.crowd.internal.CrowdUserManager - Unable to look up Crowd user user name due to java.lang.IllegalArgumentException/java.net.URISyntaxException: Illegal character in query at index 68: http://localhost:8095/crowd/rest/usermanagement/1/user?username=user name
Similar exceptions occur if you try to map a Crowd group and then authenticate the user "user name".
java.lang.IllegalArgumentException java.netURISyntaxException Illegal character in query at index 94 com.atlassian.crowd.integration.rest.service.RestExecutor.buildURI(RestExecutor.java:223) com.atlassian.crowd.integration.rest.service.RestExecutor.getURI(RestExecutor.java:132) com.atlassian.crowd.integration.rest.service.RestCrowdClient.getUser(RestCrowdClient.java:104) com.sonatype.nexus.crowd.internal.CrowdUserManager.getUser (CrowdUserManager.java:93) com.sonatype.nexus.rutauthinternal.RutAuthRealm.doGetAuthenInfo (RutAuthRealm.java:88) nexus-rutauth-plugin 2.14.4-03
Possible Workarounds
- use user ids that do not contain non-url safe characters
- use the LDAP realm instead which does not use REST API and properly escapes the relevant LDAP queries