Affects Version/s: 3.34.0, 3.38.0
Fix Version/s: 3.39.0
Component/s: Content Selectors
Sprint:NXRM Immortals Sprint 30, NXRM Immortals Sprint 31
Noticed the Search API slowness on the Nexus which has many content selectors / roles / privileges.
- Upload a component into maven-snapshot (eg: com.example:my-app:1.0-SNAPSHOT)
- Create three content selectors: test1, test2, test3 with just "path =~ ".*""
- Create one privileges "test-csel-priv" with above "test1" and All Repositories and "*" actions
- Create a test user (eg: testuser)
- Create a test role (eg: testRole) with "nx-search-read" and "test-csel-priv"
- Enable TRACE logging for "org.sonatype.nexus.security.SecurityHelper"
- Search the uploaded component, for example:
For above search, Nexus should check the permissions for "maven-snapshots" and for "test1" content selector.
- The TRACE log shows it checked 112 permissions:
- Also, it somehow includes test2 and test3:
- Also, most of them are duplicates (so probably checking 4 permissions would be enough?):
NOTE: If one permission returns true, remaining permissions in the same set won't be checked.