Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-3370

Read permissions are not transitive to M1 repository which is brought into an M2 group through a virtual repo

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Won't Fix
    • Affects Version/s: 1.5.0
    • Fix Version/s: None
    • Component/s: Repository
    • Labels:
      None

      Description

      I've created an M2 group repository which has:

      1) Maven central proxy
      2) A virtual M2 repo for http://download.java.net/maven/1

      Then I created a user which has read permissions for the group.

      This user can download artifacts from central through the group. but gets a 403 error trying to access artifacts from download.java.net.

      If I explicitly grant read permission to the M1 repo, the user can download artifacts.

      Configuration is attached.

      2010-03-11 19:49:26 DEBUG [9.1/orb-9.1.jar] - o.s.s.a.ExceptionCa~          - Realm: XmlAuthenticatingRealm user: rich does NOT have permisison: nexus:target:2:m1:read
      2010-03-11 19:49:26 DEBUG [9.1/orb-9.1.jar] - o.s.s.a.ExceptionCa~          - Realm: org.sonatype.security.realms.XmlAuthorizingRealm user: rich does NOT have permisison: nexus:target:2:m1:read
      2010-03-11 19:49:26 DEBUG [9.1/orb-9.1.jar] - o.s.n.p.a.NexusItem~:default  - Subject is authenticated, but has none of the needed permissions, rejecting.
      2010-03-11 19:49:26 DEBUG [9.1/orb-9.1.jar] - o.s.p.r.r.ManagedPl~:content  - Got exception during processing GET http://localhost:8081/nexus/content/groups/agroup/com/sun/corba/orb/9.1/orb-9.1.jar
      org.sonatype.nexus.proxy.AccessDeniedException: Access denied on repository ID='m1', path='/com.sun.corba/jars/orb-9.1.jar', action='read'!
      	at org.sonatype.nexus.proxy.access.DefaultAccessManager.decide(DefaultAccessManager.java:40)
      	at org.sonatype.nexus.proxy.repository.AbstractRepository.checkConditions(AbstractRepository.java:1150)
      	at org.sonatype.nexus.proxy.repository.AbstractRepository.retrieveItem(AbstractRepository.java:527)
      	at org.sonatype.nexus.proxy.router.DefaultRepositoryRouter.dereferenceLink(DefaultRepositoryRouter.java:161)
      	at org.sonatype.nexus.proxy.router.DefaultRepositoryRouter.mangle(DefaultRepositoryRouter.java:413)
      	at org.sonatype.nexus.proxy.router.DefaultRepositoryRouter.retrieveItem(DefaultRepositoryRouter.java:179)
      	at org.sonatype.nexus.rest.AbstractResourceStoreContentPlexusResource.get(AbstractResourceStoreContentPlexusResource.java:134)
      	at org.sonatype.plexus.rest.resource.RestletResource.represent(RestletResource.java:263)
      	at org.sonatype.nexus.rest.NexusRestletResource.represent(NexusRestletResource.java:34)
      	at org.restlet.resource.Resource.getRepresentation(Resource.java:302)
      	at org.restlet.resource.Resource.handleGet(Resource.java:464)
      	at org.restlet.Finder.handle(Finder.java:353)
      	at org.restlet.Filter.doHandle(Filter.java:150)
      	at org.restlet.Filter.handle(Filter.java:195)
      	at org.restlet.Filter.doHandle(Filter.java:150)
      	at org.restlet.Filter.handle(Filter.java:195)
      	at org.restlet.Router.handle(Router.java:504)
      	at org.restlet.Filter.doHandle(Filter.java:150)
      	at org.restlet.Filter.handle(Filter.java:195)
      	at org.restlet.Filter.doHandle(Filter.java:150)
      	at org.sonatype.plexus.rest.RetargetableRestlet.doHandle(RetargetableRestlet.java:39)
      	at org.restlet.Filter.handle(Filter.java:195)
      	at org.restlet.Filter.doHandle(Filter.java:150)
      	at org.restlet.Filter.handle(Filter.java:195)
      	at org.restlet.Filter.doHandle(Filter.java:150)
      	at org.restlet.Filter.handle(Filter.java:195)
      	at org.restlet.Filter.doHandle(Filter.java:150)
      	at com.noelios.restlet.StatusFilter.doHandle(StatusFilter.java:130)
      	at org.restlet.Filter.handle(Filter.java:195)
      	at org.restlet.Filter.doHandle(Filter.java:150)
      	at org.restlet.Filter.handle(Filter.java:195)
      	at com.noelios.restlet.ChainHelper.handle(ChainHelper.java:124)
      	at com.noelios.restlet.application.ApplicationHelper.handle(ApplicationHelper.java:112)
      	at org.restlet.Application.handle(Application.java:341)
      	at org.restlet.ext.wadl.WadlApplication.handle(WadlApplication.java:705)
      	at org.restlet.Filter.doHandle(Filter.java:150)
      	at org.restlet.Filter.handle(Filter.java:195)
      	at org.restlet.Router.handle(Router.java:504)
      	at org.restlet.Filter.doHandle(Filter.java:150)
      	at org.restlet.Filter.handle(Filter.java:195)
      	at org.restlet.Router.handle(Router.java:504)
      	at org.restlet.Filter.doHandle(Filter.java:150)
      	at org.restlet.Filter.handle(Filter.java:195)
      	at com.noelios.restlet.ChainHelper.handle(ChainHelper.java:124)
      	at org.restlet.Component.handle(Component.java:673)
      	at org.restlet.Server.handle(Server.java:331)
      	at com.noelios.restlet.ServerHelper.handle(ServerHelper.java:68)
      	at com.noelios.restlet.http.HttpServerHelper.handle(HttpServerHelper.java:147)
      	at com.noelios.restlet.ext.servlet.ServerServlet.service(ServerServlet.java:881)
      	at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
      	at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:502)
      	at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
      	at org.jsecurity.web.servlet.FilterChainWrapper.doFilter(FilterChainWrapper.java:52)
      	at org.jsecurity.web.servlet.AdviceFilter.executeChain(AdviceFilter.java:105)
      	at org.jsecurity.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:135)
      	at org.jsecurity.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:180)
      	at org.jsecurity.web.servlet.FilterChainWrapper.doFilter(FilterChainWrapper.java:57)
      	at org.jsecurity.web.servlet.AdviceFilter.executeChain(AdviceFilter.java:105)
      	at org.jsecurity.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:135)
      	at org.jsecurity.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:180)
      	at org.jsecurity.web.servlet.FilterChainWrapper.doFilter(FilterChainWrapper.java:57)
      	at org.jsecurity.web.servlet.JSecurityFilter.doFilterInternal(JSecurityFilter.java:382)
      	at org.jsecurity.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:180)
      	at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1148)
      	at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:387)
      	at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
      	at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:181)
      	at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:765)
      	at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:417)
      	at org.mortbay.jetty.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:230)
      	at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
      	at org.mortbay.jetty.Server.handle(Server.java:322)
      	at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:534)
      	at org.mortbay.jetty.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:864)
      	at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:539)
      	at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:212)
      	at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:404)
      	at org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:409)
      	at org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:520)
      2010-03-11 19:49:26 DEBUG [9.1/orb-9.1.jar] - org.mortbay.log               - RESPONSE /nexus/content/groups/agroup/com/sun/corba/orb/9.1/orb-9.1.jar  403
      2010-03-11 19:49:34 DEBUG [cal/log/config?] - org.mortbay.log               - REQUEST /nexus/service/local/log/config on org.mortbay.jetty.HttpConnection@2d46a823
      2010-03-11 19:49:34 DEBUG [cal/log/config?] - org.mortbay.log               - Got Session ID 1j8cj4vr3c16j from cookie
      

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              rseddon Rich Seddon
              Last Updated By:
              Rich Seddon
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Date of First Response: