Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-17616

On browse w/ LDAP, if no perms, a bunch of warns are fired

    XMLWordPrintable

    Details

    • Story Points:
      1

      Description

      With an LDAP user with just analytics permission, I logged in and clicked Browse (as it was clickable) and while nothing showed (proper since I have no permission), I noticed a bunch of WARNs in the nexus.log (see below, for example, attached for full nexus.log snip).
      It seems to be looking through various groups, not sure why. I didn't think this was all of them but looking at the size, it might be.

      2018-07-13 16:44:01,422-0400 WARN  [pool-21-thread-1] aaron.cheever org.sonatype.nexus.internal.selector.SelectorManagerImpl - Unable to find role for roleId=wolves_of_phalloz, continue searching for roles
      org.sonatype.nexus.security.role.NoSuchRoleException: Role not found: wolves_of_phalloz
      	at org.sonatype.nexus.security.internal.SecurityConfigurationManagerImpl.readRole(SecurityConfigurationManagerImpl.java:198)
      	at org.sonatype.nexus.security.internal.AuthorizationManagerImpl.getRole(AuthorizationManagerImpl.java:179)
      	at org.sonatype.nexus.internal.selector.SelectorManagerImpl.getRoles(SelectorManagerImpl.java:244)
      	at org.sonatype.nexus.internal.selector.SelectorManagerImpl.lambda$3(SelectorManagerImpl.java:236)
      	at java.util.ArrayList.forEach(ArrayList.java:1257)
      	at org.sonatype.nexus.internal.selector.SelectorManagerImpl.getRoles(SelectorManagerImpl.java:236)
      	at org.sonatype.nexus.internal.selector.SelectorManagerImpl.browseActive(SelectorManagerImpl.java:194)
      	at org.sonatype.nexus.internal.selector.SelectorManagerImpl$$EnhancerByGuice$$203d3c94.CGLIB$browseActive$8(<generated>)
      	at org.sonatype.nexus.internal.selector.SelectorManagerImpl$$EnhancerByGuice$$203d3c94$$FastClassByGuice$$bcb2d656.invoke(<generated>)
      	at com.google.inject.internal.cglib.proxy.$MethodProxy.invokeSuper(MethodProxy.java:228)
      	at com.google.inject.internal.InterceptorStackCallback$InterceptedMethodInvocation.proceed(InterceptorStackCallback.java:76)
      	at org.sonatype.nexus.common.stateguard.MethodInvocationAction.run(MethodInvocationAction.java:39)
      	at org.sonatype.nexus.common.stateguard.StateGuard$GuardImpl.run(StateGuard.java:270)
      	at org.sonatype.nexus.common.stateguard.GuardedInterceptor.invoke(GuardedInterceptor.java:53)
      	at com.google.inject.internal.InterceptorStackCallback$InterceptedMethodInvocation.proceed(InterceptorStackCallback.java:77)
      	at com.google.inject.internal.InterceptorStackCallback.intercept(InterceptorStackCallback.java:55)
      	at org.sonatype.nexus.internal.selector.SelectorManagerImpl$$EnhancerByGuice$$203d3c94.browseActive(<generated>)
      	at org.sonatype.nexus.repository.security.RepositoryPermissionChecker.subjectHasAnyContentSelectorAccessTo(RepositoryPermissionChecker.java:106)
      	at org.sonatype.nexus.repository.security.RepositoryPermissionChecker.userCanBrowseRepositories(RepositoryPermissionChecker.java:94)
      	at org.sonatype.nexus.repository.security.RepositoryPermissionChecker$userCanBrowseRepositories.call(Unknown Source)
      	at org.sonatype.nexus.coreui.RepositoryComponent.filter(RepositoryComponent.groovy:368)
      	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
      	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      	at java.lang.reflect.Method.invoke(Method.java:498)
      	at org.codehaus.groovy.runtime.callsite.PogoMetaMethodSite$PogoCachedMethodSiteNoUnwrapNoCoerce.invoke(PogoMetaMethodSite.java:210)
      	at org.codehaus.groovy.runtime.callsite.PogoMetaMethodSite.callCurrent(PogoMetaMethodSite.java:59)
      	at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callCurrent(AbstractCallSite.java:169)
      	at org.sonatype.nexus.coreui.RepositoryComponent.readReferences(RepositoryComponent.groovy:153)
      	at org.sonatype.nexus.coreui.RepositoryComponent$$EnhancerByGuice$$6c9743ea.CGLIB$readReferences$39(<generated>)
      	at org.sonatype.nexus.coreui.RepositoryComponent$$EnhancerByGuice$$6c9743ea$$FastClassByGuice$$dd30d766.invoke(<generated>)
      	at com.google.inject.internal.cglib.proxy.$MethodProxy.invokeSuper(MethodProxy.java:228)
      	at com.google.inject.internal.InterceptorStackCallback$InterceptedMethodInvocation.proceed(InterceptorStackCallback.java:76)
      	at com.palominolabs.metrics.guice.ExceptionMeteredInterceptor.invoke(ExceptionMeteredInterceptor.java:49)
      	at com.google.inject.internal.InterceptorStackCallback$InterceptedMethodInvocation.proceed(InterceptorStackCallback.java:77)
      	at com.palominolabs.metrics.guice.TimedInterceptor.invoke(TimedInterceptor.java:47)
      	at com.google.inject.internal.InterceptorStackCallback$InterceptedMethodInvocation.proceed(InterceptorStackCallback.java:77)
      	at com.google.inject.internal.InterceptorStackCallback.intercept(InterceptorStackCallback.java:55)
      	at org.sonatype.nexus.coreui.RepositoryComponent$$EnhancerByGuice$$6c9743ea.readReferences(<generated>)
      	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
      	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      	at java.lang.reflect.Method.invoke(Method.java:498)
      	at com.softwarementors.extjs.djn.router.dispatcher.DispatcherBase.invokeJavaMethod(DispatcherBase.java:142)
      	at com.softwarementors.extjs.djn.router.dispatcher.DispatcherBase.invokeMethod(DispatcherBase.java:133)
      	at org.sonatype.nexus.extdirect.internal.ExtDirectServlet$3.invokeMethod(ExtDirectServlet.java:236)
      	at com.softwarementors.extjs.djn.router.dispatcher.DispatcherBase.dispatch(DispatcherBase.java:63)
      	at com.softwarementors.extjs.djn.router.processor.standard.StandardRequestProcessorBase.dispatchStandardMethod(StandardRequestProcessorBase.java:73)
      	at com.softwarementors.extjs.djn.router.processor.standard.json.JsonRequestProcessor.processIndividualRequest(JsonRequestProcessor.java:502)
      	at com.softwarementors.extjs.djn.router.processor.standard.json.DefaultJsonRequestProcessorThread.processRequest(DefaultJsonRequestProcessorThread.java:72)
      	at com.softwarementors.extjs.djn.servlet.ssm.SsmJsonRequestProcessorThread.processRequest(SsmJsonRequestProcessorThread.java:43)
      	at org.sonatype.nexus.extdirect.internal.ExtDirectJsonRequestProcessorThread.access$1(ExtDirectJsonRequestProcessorThread.java:1)
      	at org.sonatype.nexus.extdirect.internal.ExtDirectJsonRequestProcessorThread$1.call(ExtDirectJsonRequestProcessorThread.java:61)
      	at org.sonatype.nexus.extdirect.internal.ExtDirectJsonRequestProcessorThread$1.call(ExtDirectJsonRequestProcessorThread.java:1)
      	at com.google.inject.servlet.ServletScopes$4.call(ServletScopes.java:450)
      	at org.sonatype.nexus.extdirect.internal.ExtDirectJsonRequestProcessorThread.processRequest(ExtDirectJsonRequestProcessorThread.java:75)
      	at com.softwarementors.extjs.djn.router.processor.standard.json.DefaultJsonRequestProcessorThread.call(DefaultJsonRequestProcessorThread.java:56)
      	at com.softwarementors.extjs.djn.router.processor.standard.json.DefaultJsonRequestProcessorThread.call(DefaultJsonRequestProcessorThread.java:30)
      	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
      	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
      	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
      	at java.lang.Thread.run(Thread.java:748)
      

      While not a functional issue, I left minor given the unknown of how much log bloat this would cause. It's a lot for the number it seemed to hit here.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              ataylor Andrew Taylor
              Reporter:
              jtom Joe Tom
              Last Updated By:
              Peter Lynch
              Team:
              NXRM - Morpheus
              Votes:
              3 Vote for this issue
              Watchers:
              8 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Date of First Response:

                  tigCommentSecurity.panel-title