Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-30850

Default realm users that differ only by case break the user administration screen in new DB

    Details

    • Story Points:
      3
    • Sprint:
      NXRM Neo Sprint 28, NXRM Neo Sprint 27
    • Notability:
      1
    • InvestmentLayer:
      support-escalated
    • Aha Concept:
      non-concept

      Description

      1. Fire up Nexus 3.37.3 against a PostgreSQL database.
      2. Make two default realm users, one with user ID "test", the other with "Test".
      3. Try loading the security--> users screen

      The screen will not load, it says "a database error occurred". The logs show the stack below.

      Expected: Default realm user ID's are case sensitive. This is by design, and can't be changed at this point since existing users are depending on this behavior. So the above should not break the UI both users should be visible.

      Workaround: The only way to fix this is to manually remove one of the users from the database.

      # delete from security_user where id='Test';
      # delete from user_role_mapping where user_id='Test';
      

      2022-01-07 13:08:28,631-0600 ERROR [qtp1321848228-678] admin org.sonatype.nexus.extdirect.internal.ExtDirectExceptionHandler - Failed to invoke action method: coreui_User.read, java-method: org.sonatype.nexus.coreui.UserComponent.read
      org.apache.ibatis.exceptions.TooManyResultsException: Expected one result (or null) to be returned by selectOne(), but found: 2
      at org.apache.ibatis.session.defaults.DefaultSqlSession.selectOne(DefaultSqlSession.java:80)
      at org.apache.ibatis.binding.MapperMethod.execute(MapperMethod.java:87)
      at org.apache.ibatis.binding.MapperProxy$PlainMethodInvoker.invoke(MapperProxy.java:145)
      at org.apache.ibatis.binding.MapperProxy.invoke(MapperProxy.java:86)
      at com.sun.proxy.$Proxy149.read(Unknown Source)
      at org.sonatype.nexus.internal.security.model.CUserRoleMappingDAO.read(CUserRoleMappingDAO.java:42)
      at java.lang.invoke.MethodHandle.invokeWithArguments(MethodHandle.java:627)
      at org.apache.ibatis.binding.MapperProxy$DefaultMethodInvoker.invoke(MapperProxy.java:159)
      at org.apache.ibatis.binding.MapperProxy.invoke(MapperProxy.java:86)
      at com.sun.proxy.$Proxy149.read(Unknown Source)
      at org.sonatype.nexus.internal.security.model.SecurityConfigurationImpl.getUserRoleMapping(SecurityConfigurationImpl.java:323)
      at org.sonatype.nexus.transaction.TransactionalWrapper.proceedWithTransaction(TransactionalWrapper.java:58)
      at org.sonatype.nexus.transaction.TransactionInterceptor.proceedWithTransaction(TransactionInterceptor.java:66)
      at org.sonatype.nexus.transaction.TransactionInterceptor.invoke(TransactionInterceptor.java:55)
      at org.sonatype.nexus.security.internal.SecurityConfigurationManagerImpl.readUserRoleMapping(SecurityConfigurationManagerImpl.java:314)
      at org.sonatype.nexus.security.internal.UserManagerImpl.getUsersRoles(UserManagerImpl.java:239)
      at org.sonatype.nexus.security.internal.UserManagerImpl.toUser(UserManagerImpl.java:123)
      at org.sonatype.nexus.security.internal.UserManagerImpl.listUsers(UserManagerImpl.java:154)
      at org.sonatype.nexus.security.internal.UserManagerImpl.searchUsers(UserManagerImpl.java:260)
      at org.sonatype.nexus.security.internal.DefaultSecuritySystem.searchUsers(DefaultSecuritySystem.java:423)
      at org.sonatype.nexus.security.SecuritySystem$searchUsers$0.call(Unknown Source)
      at org.sonatype.nexus.coreui.UserComponent.read(UserComponent.groovy:104)
      at com.palominolabs.metrics.guice.ExceptionMeteredInterceptor.invoke(ExceptionMeteredInterceptor.java:23)
      at com.palominolabs.metrics.guice.TimedInterceptor.invoke(TimedInterceptor.java:26)
      at org.apache.shiro.guice.aop.AopAllianceMethodInvocationAdapter.proceed(AopAllianceMethodInvocationAdapter.java:49)
      at org.apache.shiro.authz.aop.AuthorizingAnnotationMethodInterceptor.invoke(AuthorizingAnnotationMethodInterceptor.java:68)
      at org.apache.shiro.guice.aop.AopAllianceMethodInterceptorAdapter.invoke(AopAllianceMethodInterceptorAdapter.java:36)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      at java.lang.reflect.Method.invoke(Method.java:498)

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              tahir.awan Tahir Awan
              Reporter:
              rseddon Rich Seddon
              Last Updated By:
              Nicholas Blair Nicholas Blair
              Team:
              NXRM - Neo
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Date of First Response:

                  tigCommentSecurity.panel-title