Details
-
Type:
Bug
-
Status: Open
-
Priority:
Major
-
Resolution: Unresolved
-
Affects Version/s: 3.12.1, 3.19.1
-
Fix Version/s: None
-
Labels:
-
Story Points:3
-
Notability:4
Description
Reproduce #1
Do not add Crowd realm as active.
Do not configure a crowd server.
Have LDAP realm enabled.
Have one LDAP server configured.
If there is a problem authenticating the LDAP user, the Crowd realm is tried anyways despite all this:
2018-06-20 15:09:38,770-0300 WARN [pool-21-thread-2] *UNKNOWN com.sonatype.nexus.crowd.internal.CrowdUserManager - Unable to look up Crowd user null due to java.lang.IllegalStateException/Crowd not configured
Reproduce #2
Boot a vanilla Nexus 3.13.0 instance. Signin as the default admin user. Enable user Token and realm. View you user token a few times. Sign-out. The nexus.log shows WARN messages seemingly for every outreach related request made as the anonymous user.
nexus.log
2018-06-29 16:17:06,859-0300 INFO [qtp1106547043-64] admin org.sonatype.nexus.rapture.internal.security.SessionServlet - Deleting session for user: admin 2018-06-29 16:17:07,667-0300 INFO [pool-21-thread-14] *UNKNOWN org.ehcache.jsr107.ConfigurationMerger - Configuration of cache enterprise-ldap will be supplemented by template nexus-default 2018-06-29 16:17:07,669-0300 INFO [pool-21-thread-14] *UNKNOWN org.ehcache.core.EhcacheManager - Cache 'enterprise-ldap' created in EhcacheManager. 2018-06-29 16:17:07,670-0300 INFO [pool-21-thread-14] *UNKNOWN org.ehcache.jsr107.Eh107CacheManager - Registering Ehcache MBean javax.cache:type=CacheConfiguration,CacheManager=file./app/nexus-testing/3.13.0-01/nexus-installer-3.13.0-20180628.151433-87-mac-archive/nexus-3.13.0-SNAPSHOT/etc/fabric/ehcache.xml,Cache=enterprise-ldap 2018-06-29 16:17:07,670-0300 INFO [pool-21-thread-14] *UNKNOWN org.ehcache.jsr107.Eh107CacheManager - Registering Ehcache MBean javax.cache:type=CacheStatistics,CacheManager=file./app/nexus-testing/3.13.0-01/nexus-installer-3.13.0-20180628.151433-87-mac-archive/nexus-3.13.0-SNAPSHOT/etc/fabric/ehcache.xml,Cache=enterprise-ldap 2018-06-29 16:17:07,689-0300 WARN [pool-21-thread-14] *UNKNOWN com.sonatype.nexus.crowd.internal.CrowdUserManager - Unable to look up Crowd user null due to java.lang.IllegalStateException/Crowd not configured 2018-06-29 16:17:07,750-0300 WARN [qtp1106547043-61] *UNKNOWN com.sonatype.nexus.crowd.internal.CrowdUserManager - Unable to look up Crowd user null due to java.lang.IllegalStateException/Crowd not configured 2018-06-29 16:17:07,802-0300 WARN [qtp1106547043-64] *UNKNOWN com.sonatype.nexus.crowd.internal.CrowdUserManager - Unable to look up Crowd user null due to java.lang.IllegalStateException/Crowd not configured 2018-06-29 16:17:07,804-0300 WARN [qtp1106547043-65] *UNKNOWN com.sonatype.nexus.crowd.internal.CrowdUserManager - Unable to look up Crowd user null due to java.lang.IllegalStateException/Crowd not configured 2018-06-29 16:17:07,806-0300 WARN [qtp1106547043-190] *UNKNOWN com.sonatype.nexus.crowd.internal.CrowdUserManager - Unable to look up Crowd user null due to java.lang.IllegalStateException/Crowd not configured 2018-06-29 16:17:07,910-0300 WARN [qtp1106547043-61] *UNKNOWN com.sonatype.nexus.crowd.internal.CrowdUserManager - Unable to look up Crowd user null due to java.lang.IllegalStateException/Crowd not configured
request.log
127.0.0.1 - admin [29/Jun/2018:16:17:06 -0300] "DELETE /service/rapture/session HTTP/1.1" 204 0 9 "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36" 127.0.0.1 - - [29/Jun/2018:16:17:06 -0300] "GET /static/rapture/resources/icons/x32/sonatype.png?_v=3.13.0-SNAPSHOT&_dc=1530297890543 HTTP/1.1" 200 331 1 "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36" 127.0.0.1 - - [29/Jun/2018:16:17:07 -0300] "GET /service/extdirect/poll/rapture_State_get?_dc=1530299827639 HTTP/1.1" 200 10122 5 "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36" 127.0.0.1 - - [29/Jun/2018:16:17:07 -0300] "POST /service/extdirect HTTP/1.1" 200 390 73 "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36" 127.0.0.1 - - [29/Jun/2018:16:17:07 -0300] "GET /service/outreach/?version=3.13.0-SNAPSHOT&versionMm=3.13&edition=PRO&usertype=anonymous HTTP/1.1" 200 14493 60 "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36" 127.0.0.1 - - [29/Jun/2018:16:17:07 -0300] "GET /service/outreach/analytics.js HTTP/1.1" 200 4080 7 "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36" 127.0.0.1 - - [29/Jun/2018:16:17:07 -0300] "GET /service/outreach/nexus.js HTTP/1.1" 200 7836 10 "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36" 127.0.0.1 - - [29/Jun/2018:16:17:07 -0300] "GET /service/outreach/nexusSpaces.css HTTP/1.1" 200 1933 12 "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36" 127.0.0.1 - - [29/Jun/2018:16:17:07 -0300] "GET /service/outreach/images/nexus-user-conference.png HTTP/1.1" 200 1064 3 "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36"
Expected
- realms that are not enabled should not be tried
- do not add WARN logging for user not found in realm not enabled
- reconsider not WARN log level if simply a user cannot be found anyways - INFO better
- outreach resource should not perform user lookup for all realms, especially disabled realms - outreach in theory just needs to know if you are an administrator or anonymous user ti display appropriate content
Attachments
Issue Links
- relates
-
-
- Closed
-