Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-29320

Audit information for authentication failures fail to be sent via webhook

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: New
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 3.34.1
    • Fix Version/s: None
    • Component/s: Audit, Webhooks
    • Labels:
    • Notability:
      3

      Description

      Problem
      With auditing and webhooks enabled, audit entries are not sent to the webhook endpoint. In the event of an authentication failure, the webhook isn't sent - following exception reported in the logging:

      2021-10-15 17:34:54,842+0100 ERROR [webhookService-3-thread-2] *UNKNOWN org.sonatype.nexus.internal.webhooks.WebhookServiceImpl - Failed to send webhook request:WebhookRequest{id='bd746d95-a85c-4e50-adbf-cf3a7faa80a2', webhook=rm:global:audit, payload=org.sonatype.nexus.audit.internal.GlobalAuditWebhook$AuditWebhookPayload@280e8cb7, url=http://10.211.55.9:50001}
      com.fasterxml.jackson.databind.JsonMappingException: com.google.common.collect.Sets$2 cannot be cast to java.lang.String (through reference chain: org.sonatype.nexus.audit.internal.GlobalAuditWebhook$AuditWebhookPayload["audit"]->org.sonatype.nexus.audit.internal.GlobalAuditWebhook$AuditWebhookPayload$Audit["attributes"]->java.util.LinkedHashMap["failureReasons"])
      ...
      Caused by: java.lang.ClassCastException: com.google.common.collect.Sets$2 cannot be cast to java.lang.String
              at com.fasterxml.jackson.databind.ser.std.StringSerializer.serialize(StringSerializer.java:41)
              at com.fasterxml.jackson.databind.ser.std.MapSerializer.serializeOptionalFields(MapSerializer.java:786)

      The authentication failure is logged in the auditing log as expected:

      {"timestamp":"2021-10-15 17:34:54,838+0100","nodeId":"C8D18386-5583175E-CC0B4B60-36CF98E0-0645E669","initiator":"*UNKNOWN/10.211.55.2","domain":"security.user","type":"authentication","thread":"qtp251208233-521","attributes":{"failureReasons":["INCORRECT_CREDENTIALS"],"wasSuccessful":false,"userId":"admin","remoteIp":"10.211.55.2","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.0 Safari/605.1.15","path":"/service/rapture/session"}}

      Steps to reproduce

      • enable auditing capability
      • set up a webhook capability for auditing
      • ensure that you have an endpoint for the webhook, i.e. nc or 'Hercules' for Windows
      • attempt to authenticate using an existing user with an incorrect password (this is the only authentication related auditing we get).

      Observed behaviour
      The failed authentication is not sent to the webhook endpoint, java.lang.ClassCastException reported in the NxRM logging (logging.txt)

        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            astrachan Alex Strachan
            CC:
            Andreas Galek
            Last Updated By:
            Rich Seddon Rich Seddon
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Date of First Response:

                tigCommentSecurity.panel-title