Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-17448

WARN Unable to look up Crowd user null due to java.lang.IllegalStateException/Crowd not configured even when Crowd realm is not active

    Details

    • Story Points:
      3
    • Notability:
      4

      Description

      Reproduce #1

      Do not add Crowd realm as active.
      Do not configure a crowd server.
      Have LDAP realm enabled.
      Have one LDAP server configured.
      If there is a problem authenticating the LDAP user, the Crowd realm is tried anyways despite all this:

      2018-06-20 15:09:38,770-0300 WARN [pool-21-thread-2] *UNKNOWN com.sonatype.nexus.crowd.internal.CrowdUserManager - Unable to look up Crowd user null due to java.lang.IllegalStateException/Crowd not configured

      Reproduce #2

      Boot a vanilla Nexus 3.13.0 instance. Signin as the default admin user. Enable user Token and realm. View you user token a few times. Sign-out. The nexus.log shows WARN messages seemingly for every outreach related request made as the anonymous user.

      nexus.log
      2018-06-29 16:17:06,859-0300 INFO  [qtp1106547043-64] admin org.sonatype.nexus.rapture.internal.security.SessionServlet - Deleting session for user: admin
      2018-06-29 16:17:07,667-0300 INFO  [pool-21-thread-14] *UNKNOWN org.ehcache.jsr107.ConfigurationMerger - Configuration of cache enterprise-ldap will be supplemented by template nexus-default
      2018-06-29 16:17:07,669-0300 INFO  [pool-21-thread-14] *UNKNOWN org.ehcache.core.EhcacheManager - Cache 'enterprise-ldap' created in EhcacheManager.
      2018-06-29 16:17:07,670-0300 INFO  [pool-21-thread-14] *UNKNOWN org.ehcache.jsr107.Eh107CacheManager - Registering Ehcache MBean javax.cache:type=CacheConfiguration,CacheManager=file./app/nexus-testing/3.13.0-01/nexus-installer-3.13.0-20180628.151433-87-mac-archive/nexus-3.13.0-SNAPSHOT/etc/fabric/ehcache.xml,Cache=enterprise-ldap
      2018-06-29 16:17:07,670-0300 INFO  [pool-21-thread-14] *UNKNOWN org.ehcache.jsr107.Eh107CacheManager - Registering Ehcache MBean javax.cache:type=CacheStatistics,CacheManager=file./app/nexus-testing/3.13.0-01/nexus-installer-3.13.0-20180628.151433-87-mac-archive/nexus-3.13.0-SNAPSHOT/etc/fabric/ehcache.xml,Cache=enterprise-ldap
      2018-06-29 16:17:07,689-0300 WARN  [pool-21-thread-14] *UNKNOWN com.sonatype.nexus.crowd.internal.CrowdUserManager - Unable to look up Crowd user null due to java.lang.IllegalStateException/Crowd not configured
      2018-06-29 16:17:07,750-0300 WARN  [qtp1106547043-61] *UNKNOWN com.sonatype.nexus.crowd.internal.CrowdUserManager - Unable to look up Crowd user null due to java.lang.IllegalStateException/Crowd not configured
      2018-06-29 16:17:07,802-0300 WARN  [qtp1106547043-64] *UNKNOWN com.sonatype.nexus.crowd.internal.CrowdUserManager - Unable to look up Crowd user null due to java.lang.IllegalStateException/Crowd not configured
      2018-06-29 16:17:07,804-0300 WARN  [qtp1106547043-65] *UNKNOWN com.sonatype.nexus.crowd.internal.CrowdUserManager - Unable to look up Crowd user null due to java.lang.IllegalStateException/Crowd not configured
      2018-06-29 16:17:07,806-0300 WARN  [qtp1106547043-190] *UNKNOWN com.sonatype.nexus.crowd.internal.CrowdUserManager - Unable to look up Crowd user null due to java.lang.IllegalStateException/Crowd not configured
      2018-06-29 16:17:07,910-0300 WARN  [qtp1106547043-61] *UNKNOWN com.sonatype.nexus.crowd.internal.CrowdUserManager - Unable to look up Crowd user null due to java.lang.IllegalStateException/Crowd not configured
      
      request.log
      127.0.0.1 - admin [29/Jun/2018:16:17:06 -0300] "DELETE /service/rapture/session HTTP/1.1" 204 0 9 "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36"
      127.0.0.1 - - [29/Jun/2018:16:17:06 -0300] "GET /static/rapture/resources/icons/x32/sonatype.png?_v=3.13.0-SNAPSHOT&_dc=1530297890543 HTTP/1.1" 200 331 1 "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36"
      127.0.0.1 - - [29/Jun/2018:16:17:07 -0300] "GET /service/extdirect/poll/rapture_State_get?_dc=1530299827639 HTTP/1.1" 200 10122 5 "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36"
      127.0.0.1 - - [29/Jun/2018:16:17:07 -0300] "POST /service/extdirect HTTP/1.1" 200 390 73 "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36"
      127.0.0.1 - - [29/Jun/2018:16:17:07 -0300] "GET /service/outreach/?version=3.13.0-SNAPSHOT&versionMm=3.13&edition=PRO&usertype=anonymous HTTP/1.1" 200 14493 60 "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36"
      127.0.0.1 - - [29/Jun/2018:16:17:07 -0300] "GET /service/outreach/analytics.js HTTP/1.1" 200 4080 7 "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36"
      127.0.0.1 - - [29/Jun/2018:16:17:07 -0300] "GET /service/outreach/nexus.js HTTP/1.1" 200 7836 10 "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36"
      127.0.0.1 - - [29/Jun/2018:16:17:07 -0300] "GET /service/outreach/nexusSpaces.css HTTP/1.1" 200 1933 12 "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36"
      127.0.0.1 - - [29/Jun/2018:16:17:07 -0300] "GET /service/outreach/images/nexus-user-conference.png HTTP/1.1" 200 1064 3 "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36"
      

      Expected

      • realms that are not enabled should not be tried
      • do not add WARN logging for user not found in realm not enabled
      • reconsider not WARN log level if simply a user cannot be found anyways - INFO better
      • outreach resource should not perform user lookup for all realms, especially disabled realms - outreach in theory just needs to know if you are an administrator or anonymous user ti display appropriate content

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              plynch Peter Lynch
              Last Updated By:
              Peter Lynch Peter Lynch
              Votes:
              1 Vote for this issue
              Watchers:
              7 Start watching this issue

                Dates

                Created:
                Updated:
                Date of First Response:

                  tigCommentSecurity.panel-title