Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-21389

REST /security/users resource is documented to return max 100 users but can return more

    XMLWordPrintable

    Details

    • Notability:
      4

      Description

      The REST API to list users /security/users is documented to return no more than 100 users at a time for anything other than the 'default' realm ( user-source ).

      The criteria is set in code here.

      However when the source=LDAP and there are more than one LDAP servers configured, then the actual limit is 100 users per LDAP server queried.

      So the general contract currently implemented is

      if user source not set

      • then return max 100 users for each realm (user-source) and for LDAP source, max 100 per defined LDAP server

      else if source is LDAP

      • max 100 per defined LDAP server

      else if other source

      • max 100 users

      Expected

      Any limits we impose on the REST API should be documented and enforced correctly on realms we maintain.

      The javadoc for UserSearchCriteria public API getLimit() should document how to impose the limit for custom realms/user sources third parties may implement. Currently there is none there.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned
              Reporter:
              plynch Peter Lynch
              Last Updated By:
              Joe Tom
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Dates

                Created:
                Updated:
                Date of First Response:

                  tigCommentSecurity.panel-title