Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-7765

RUT Auth Realm does not authenticate in Nexus 3

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.0.0-m2, 3.0.0-m5, 3.0.0-m6, 3.0.0-m7, 3.0.0
    • Fix Version/s: 3.0.2
    • Component/s: Security
    • Labels:
    • Story Points:
      3
    • Sprint:
      Sprint 32, Sprint 33, Sprint 34, Sprint 74, Sprint 75

      Description

      Add Rut Auth to the top of the active realms list in Nexus 3, above both XML realms.
      Add the RUT Auth capability with the header value of username.
      Send the following request:

      > curl -H "Username: admin" -H "Content-Type: application/json" -d '{"action": "coreui_AnonymousSettings","method": "read","data": null,"type": "rpc","tid": 44}' -v -4 "http://localhost:8081/service/extdirect"
      * Hostname was NOT found in DNS cache
      *   Trying 127.0.0.1...
      * Connected to localhost (127.0.0.1) port 8081 (#0)
      > POST /service/extdirect HTTP/1.1
      > User-Agent: curl/7.38.0
      > Host: localhost:8081
      > Accept: */*
      > Username: admin
      > Content-Type: application/json
      > Content-Length: 92
      > 
      * upload completely sent off: 92 out of 92 bytes
      < HTTP/1.1 200 OK
      < Date: Thu, 27 Nov 2014 17:34:12 GMT
      * Server Nexus/3.0.0-b2014101001 is not blacklisted
      < Server: Nexus/3.0.0-b2014101001
      < X-Frame-Options: SAMEORIGIN
      < X-Content-Type-Options: nosniff
      < Content-Type: application/json;charset=UTF-8
      < Set-Cookie: JSESSIONID=2216dc80-e71f-419e-b604-6c0ab4594ffc; Path=/; HttpOnly
      < Set-Cookie: rememberMe=deleteMe; Path=/; Max-Age=0; Expires=Wed, 26-Nov-2014 17:34:12 GMT
      < Content-Length: 198
      < 
      * Connection #0 to host localhost left intact
      {"tid":44,"action":"coreui_AnonymousSettings","method":"read","result":{"message":"User is not permitted: nexus:settings:read","authenticationRequired":false,"success":false,"data":[]},"type":"rpc"}
      
      

      Note the "User is not permitted" message.

      Debug Logs from this request show RUT auth is not even consulted:

      2014-11-27 13:29:46,632-0400 DEBUG [qtp1529955279-190]  org.apache.shiro.session.mgt.DefaultSessionManager - Unable to resolve session ID from SessionKey [org.apache.shiro.web.session.mgt.WebSessionKey@14f7b204].  Returning null to indicate a session could not be found.
      2014-11-27 13:29:46,632-0400 DEBUG [qtp1529955279-190] *UNKNOWN com.softwarementors.extjs.djn.router.processor.standard.json.JsonRequestProcessor - Request data (JSON)=>{"action": "coreui_AnonymousSettings","method": "read","data": null,"type": "rpc","tid": 44}
      2014-11-27 13:29:46,632-0400 DEBUG [qtp1529955279-190] *UNKNOWN org.sonatype.nexus.extdirect.internal.ExtDirectServlet - Creating instance of action class 'org.sonatype.nexus.coreui.AnonymousSettingsComponent' mapped to 'coreui_AnonymousSettings
      2014-11-27 13:29:46,632-0400 DEBUG [qtp1529955279-190] *UNKNOWN org.sonatype.nexus.extdirect.internal.ExtDirectServlet - Invoking action method: coreui_AnonymousSettings.read, java-method: org.sonatype.nexus.coreui.AnonymousSettingsComponent.read
      2014-11-27 13:29:46,632-0400 DEBUG [qtp1529955279-190] *UNKNOWN org.apache.shiro.realm.AuthenticatingRealm - Looked up AuthenticationInfo [anonymous] from doGetAuthenticationInfo
      2014-11-27 13:29:46,634-0400 DEBUG [qtp1529955279-190] *UNKNOWN org.apache.shiro.authc.AbstractAuthenticator - Authentication successful for token [org.apache.shiro.authc.UsernamePasswordToken - anonymous, rememberMe=false].  Returned account [anonymous]
      2014-11-27 13:29:46,634-0400 DEBUG [qtp1529955279-190] *UNKNOWN org.apache.shiro.subject.support.DefaultSubjectContext - No SecurityManager available in subject context map.  Falling back to SecurityUtils.getSecurityManager() lookup.
      2014-11-27 13:29:46,634-0400 DEBUG [qtp1529955279-190] *UNKNOWN org.apache.shiro.subject.support.DefaultSubjectContext - No SecurityManager available in subject context map.  Falling back to SecurityUtils.getSecurityManager() lookup.
      2014-11-27 13:29:46,634-0400 DEBUG [qtp1529955279-190] *UNKNOWN org.apache.shiro.session.mgt.DefaultSessionManager - Creating new EIS record for new session instance [org.apache.shiro.session.mgt.SimpleSession,id=null]
      2014-11-27 13:29:46,634-0400 DEBUG [qtp1529955279-190] *UNKNOWN net.sf.ehcache.store.disk.Segment - put added 0 on heap
      2014-11-27 13:29:46,634-0400 DEBUG [qtp1529955279-190] *UNKNOWN net.sf.ehcache.store.disk.Segment - put added 0 on heap
      2014-11-27 13:29:46,634-0400 DEBUG [qtp1529955279-190] *UNKNOWN net.sf.ehcache.store.disk.Segment - put updated, deleted 0 on heap
      2014-11-27 13:29:46,634-0400 DEBUG [qtp1529955279-190] *UNKNOWN org.apache.shiro.web.servlet.SimpleCookie - Added HttpServletResponse Cookie [JSESSIONID=c9127c75-5986-4eef-a6d4-53eddf6edd14; Path=/; HttpOnly]
      2014-11-27 13:29:46,634-0400 DEBUG [shiro-activeSessionCache.data] *SYSTEM net.sf.ehcache.store.disk.Segment - fault removed 0 from heap
      2014-11-27 13:29:46,634-0400 DEBUG [qtp1529955279-190] *UNKNOWN net.sf.ehcache.store.disk.Segment - put added 0 on heap
      2014-11-27 13:29:46,634-0400 DEBUG [shiro-activeSessionCache.data] *SYSTEM net.sf.ehcache.store.disk.Segment - fault added 0 on disk
      2014-11-27 13:29:46,634-0400 DEBUG [shiro-activeSessionCache.data] *SYSTEM net.sf.ehcache.store.disk.Segment - fault installation failed, deleted 0 from heap
      2014-11-27 13:29:46,634-0400 DEBUG [shiro-activeSessionCache.data] *SYSTEM net.sf.ehcache.store.disk.Segment - fault installation failed deleted 0 from disk
      2014-11-27 13:29:46,634-0400 DEBUG [qtp1529955279-190] *UNKNOWN net.sf.ehcache.store.disk.Segment - put updated, deleted 0 on heap
      2014-11-27 13:29:46,634-0400 DEBUG [qtp1529955279-190] *UNKNOWN net.sf.ehcache.store.disk.Segment - put added 0 on heap
      2014-11-27 13:29:46,634-0400 DEBUG [qtp1529955279-190] *UNKNOWN net.sf.ehcache.store.disk.Segment - put updated, deleted 0 on heap
      2014-11-27 13:29:46,635-0400 DEBUG [qtp1529955279-190] *UNKNOWN org.apache.shiro.web.servlet.SimpleCookie - Added HttpServletResponse Cookie [rememberMe=deleteMe; Path=/; Max-Age=0; Expires=Wed, 26-Nov-2014 17:29:46 GMT]
      2014-11-27 13:29:46,635-0400 DEBUG [qtp1529955279-190] *UNKNOWN org.apache.shiro.mgt.AbstractRememberMeManager - AuthenticationToken did not indicate RememberMe is requested.  RememberMe functionality will not be executed for corresponding account.
      2014-11-27 13:29:46,635-0400 DEBUG [shiro-activeSessionCache.data] *SYSTEM net.sf.ehcache.store.disk.Segment - fault removed 0 from heap
      2014-11-27 13:29:46,635-0400 DEBUG [shiro-activeSessionCache.data] *SYSTEM net.sf.ehcache.store.disk.Segment - fault added 0 on disk
      2014-11-27 13:29:46,635-0400 DEBUG [shiro-activeSessionCache.data] *SYSTEM net.sf.ehcache.store.disk.Segment - fault installation failed, deleted 0 from heap
      2014-11-27 13:29:46,635-0400 DEBUG [shiro-activeSessionCache.data] *SYSTEM net.sf.ehcache.store.disk.Segment - fault installation failed deleted 0 from disk
      2014-11-27 13:29:46,635-0400 DEBUG [shiro-activeSessionCache.data] *SYSTEM net.sf.ehcache.store.disk.Segment - fault removed 0 from heap
      2014-11-27 13:29:46,635-0400 DEBUG [shiro-activeSessionCache.data] *SYSTEM net.sf.ehcache.store.disk.Segment - fault added 0 on disk
      2014-11-27 13:29:46,635-0400 DEBUG [shiro-activeSessionCache.data] *SYSTEM net.sf.ehcache.store.disk.Segment - fault installation failed, deleted 0 from heap
      2014-11-27 13:29:46,635-0400 DEBUG [shiro-activeSessionCache.data] *SYSTEM net.sf.ehcache.store.disk.Segment - fault installation failed deleted 0 from disk
      2014-11-27 13:29:46,635-0400 DEBUG [shiro-activeSessionCache.data] *SYSTEM net.sf.ehcache.store.disk.Segment - fault removed 0 from heap
      2014-11-27 13:29:46,635-0400 DEBUG [shiro-activeSessionCache.data] *SYSTEM net.sf.ehcache.store.disk.Segment - fault added 0 on disk
      2014-11-27 13:29:46,638-0400 DEBUG [qtp1529955279-190] anonymous org.sonatype.nexus.extdirect.internal.ExtDirectServlet - Failed to invoke action method: coreui_AnonymousSettings.read, java-method: org.sonatype.nexus.coreui.AnonymousSettingsComponent.read
      org.apache.shiro.authz.AuthorizationException: User is not permitted: nexus:settings:read
      	at org.sonatype.security.authorization.ExceptionCatchingModularRealmAuthorizer.checkPermission(ExceptionCatchingModularRealmAuthorizer.java:68) [na:na]
      	at org.apache.shiro.mgt.AuthorizingSecurityManager.checkPermission(AuthorizingSecurityManager.java:137) [na:na]
      	at org.apache.shiro.subject.support.DelegatingSubject.checkPermission(DelegatingSubject.java:205) [org.apache.shiro.core:1.2.3]
      	at org.apache.shiro.authz.aop.PermissionAnnotationHandler.assertAuthorized(PermissionAnnotationHandler.java:74) [na:na]
      	at org.apache.shiro.authz.aop.AuthorizingAnnotationMethodInterceptor.assertAuthorized(AuthorizingAnnotationMethodInterceptor.java:84) [na:na]
      	at org.apache.shiro.authz.aop.AuthorizingAnnotationMethodInterceptor.invoke(AuthorizingAnnotationMethodInterceptor.java:67) [na:na]
      	at org.apache.shiro.guice.aop.AopAllianceMethodInterceptorAdapter.invoke(AopAllianceMethodInterceptorAdapter.java:36) [na:na]
      	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [na:1.8.0_25]
      	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) [na:1.8.0_25]
      	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [na:1.8.0_25]
      	at java.lang.reflect.Method.invoke(Method.java:483) [na:1.8.0_25]
      	at com.softwarementors.extjs.djn.router.dispatcher.DispatcherBase.invokeJavaMethod(DispatcherBase.java:142) [org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.b2014101001]
      	at com.softwarementors.extjs.djn.router.dispatcher.DispatcherBase.invokeMethod(DispatcherBase.java:133) [org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.b2014101001]
      	at org.sonatype.nexus.extdirect.internal.ExtDirectServlet$3.invokeMethod(ExtDirectServlet.java:225) [org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.b2014101001]
      	at com.softwarementors.extjs.djn.router.dispatcher.DispatcherBase.dispatch(DispatcherBase.java:63) [org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.b2014101001]
      	at com.softwarementors.extjs.djn.router.processor.standard.StandardRequestProcessorBase.dispatchStandardMethod(StandardRequestProcessorBase.java:73) [org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.b2014101001]
      	at com.softwarementors.extjs.djn.router.processor.standard.json.JsonRequestProcessor.processIndividualRequest(JsonRequestProcessor.java:502) [org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.b2014101001]
      	at com.softwarementors.extjs.djn.router.processor.standard.json.JsonRequestProcessor.processIndividualRequestsInThisThread(JsonRequestProcessor.java:150) [org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.b2014101001]
      	at com.softwarementors.extjs.djn.router.processor.standard.json.JsonRequestProcessor.process(JsonRequestProcessor.java:133) [org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.b2014101001]
      	at com.softwarementors.extjs.djn.router.RequestRouter.processJsonRequest(RequestRouter.java:83) [org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.b2014101001]
      	at com.softwarementors.extjs.djn.servlet.DirectJNgineServlet.processRequest(DirectJNgineServlet.java:617) [org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.b2014101001]
      	at com.softwarementors.extjs.djn.servlet.DirectJNgineServlet.doPost(DirectJNgineServlet.java:580) [org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.b2014101001]
      	at org.sonatype.nexus.extdirect.internal.ExtDirectServlet.doPost(ExtDirectServlet.java:133) [org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.b2014101001]
      	at javax.servlet.http.HttpServlet.service(HttpServlet.java:755) [javax.servlet:3.0.0.v201112011016]
      	at javax.servlet.http.HttpServlet.service(HttpServlet.java:848) [javax.servlet:3.0.0.v201112011016]
      	at com.google.inject.servlet.ServletDefinition.doServiceImpl(ServletDefinition.java:300) [org.sonatype.sisu.guice:3.2.2]
      	at com.google.inject.servlet.ServletDefinition.doService(ServletDefinition.java:284) [org.sonatype.sisu.guice:3.2.2]
      	at com.google.inject.servlet.ServletDefinition.service(ServletDefinition.java:187) [org.sonatype.sisu.guice:3.2.2]
      	at com.google.inject.servlet.AbstractServletPipeline.service(AbstractServletPipeline.java:61) [org.sonatype.sisu.guice:3.2.2]
      	at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:85) [org.sonatype.sisu.guice:3.2.2]
      	at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:112) [org.apache.shiro.web:1.2.3]
      	at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82) [org.sonatype.sisu.guice:3.2.2]
      	at org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(AbstractShiroFilter.java:449) [org.apache.shiro.web:1.2.3]
      	at org.sonatype.nexus.web.SecurityFilter.executeChain(SecurityFilter.java:71) [org.sonatype.nexus.core:3.0.0.b2014101001]
      	at org.apache.shiro.web.servlet.AbstractShiroFilter$1.call(AbstractShiroFilter.java:365) [org.apache.shiro.web:1.2.3]
      	at org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90) [org.apache.shiro.core:1.2.3]
      	at org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83) [org.apache.shiro.core:1.2.3]
      	at org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:383) [org.apache.shiro.core:1.2.3]
      	at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:362) [org.apache.shiro.web:1.2.3]
      	at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125) [org.apache.shiro.web:1.2.3]
      	at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82) [org.sonatype.sisu.guice:3.2.2]
      	at com.codahale.metrics.servlet.AbstractInstrumentedFilter.doFilter(AbstractInstrumentedFilter.java:97) [com.codahale.metrics.servlet:3.0.2]
      	at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82) [org.sonatype.sisu.guice:3.2.2]
      	at org.sonatype.nexus.web.internal.CommonHeadersFilter.doFilter(CommonHeadersFilter.java:67) [org.sonatype.nexus.core:3.0.0.b2014101001]
      	at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82) [org.sonatype.sisu.guice:3.2.2]
      	at org.sonatype.nexus.web.internal.ErrorPageFilter.doFilter(ErrorPageFilter.java:66) [org.sonatype.nexus.core:3.0.0.b2014101001]
      	at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82) [org.sonatype.sisu.guice:3.2.2]
      	at org.sonatype.nexus.web.internal.BaseUrlHolderFilter.doFilter(BaseUrlHolderFilter.java:68) [org.sonatype.nexus.core:3.0.0.b2014101001]
      	at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82) [org.sonatype.sisu.guice:3.2.2]
      	at com.google.inject.servlet.AbstractFilterPipeline.dispatch(AbstractFilterPipeline.java:95) [org.sonatype.sisu.guice:3.2.2]
      	at com.google.inject.servlet.GuiceFilter$1.call(GuiceFilter.java:133) [org.sonatype.sisu.guice:3.2.2]
      	at com.google.inject.servlet.GuiceFilter$1.call(GuiceFilter.java:130) [org.sonatype.sisu.guice:3.2.2]
      	at com.google.inject.servlet.GuiceFilter$Context.call(GuiceFilter.java:203) [org.sonatype.sisu.guice:3.2.2]
      	at com.google.inject.servlet.GuiceFilter.doFilter(GuiceFilter.java:130) [org.sonatype.sisu.guice:3.2.2]
      	at org.sonatype.nexus.bootstrap.osgi.DelegatingFilter.doFilter(DelegatingFilter.java:73) [org.sonatype.nexus.bootstrap:3.0.0.b2014101001]
      	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1419) [org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520]
      	at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:455) [org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520]
      	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:137) [org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520]
      	at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:557) [org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520]
      	at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:231) [org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520]
      	at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1075) [org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520]
      	at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:384) [org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520]
      	at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:193) [org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520]
      	at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1009) [org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520]
      	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135) [org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520]
      	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116) [org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520]
      	at com.codahale.metrics.jetty8.InstrumentedHandler.handle(InstrumentedHandler.java:192) [com.codahale.metrics.jetty8:3.0.2]
      	at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:154) [org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520]
      	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116) [org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520]
      	at org.eclipse.jetty.server.Server.handle(Server.java:370) [org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520]
      	at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:489) [org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520]
      	at org.eclipse.jetty.server.AbstractHttpConnection.content(AbstractHttpConnection.java:960) [org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520]
      	at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.content(AbstractHttpConnection.java:1021) [org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520]
      	at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:865) [org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520]
      	at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:240) [org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520]
      	at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82) [org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520]
      	at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:668) [org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520]
      	at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:52) [org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520]
      	at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:608) [org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520]
      	at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:543) [org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520]
      	at java.lang.Thread.run(Thread.java:745) [na:1.8.0_25]
      Caused by: org.apache.shiro.authz.AuthorizationException: Not authorized to invoke method: public org.sonatype.nexus.coreui.AnonymousSettingsXO org.sonatype.nexus.coreui.AnonymousSettingsComponent.read()
      	at org.apache.shiro.authz.aop.AuthorizingAnnotationMethodInterceptor.assertAuthorized(AuthorizingAnnotationMethodInterceptor.java:90) [na:na]
      	... 76 common frames omitted
      2014-11-27 13:29:46,640-0400 DEBUG [qtp1529955279-190] anonymous com.softwarementors.extjs.djn.Timer -   - Java method dispatch time (AnonymousSettingsComponent.read): 7.93 ms.
      2014-11-27 13:29:46,641-0400 DEBUG [qtp1529955279-190] anonymous com.softwarementors.extjs.djn.router.processor.standard.json.JsonRequestProcessor - ResponseData data (JSON)=>{"tid":44,"action":"coreui_AnonymousSettings","method":"read","result":{"message":"User is not permitted: nexus:settings:read","authenticationRequired":false,"success":false,"data":[]},"type":"rpc"}
      2014-11-27 13:29:46,641-0400 DEBUG [qtp1529955279-190] anonymous com.softwarementors.extjs.djn.Timer - Total servlet processing time: 8.86 ms.
      

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                jtom Joe Tom
                Reporter:
                plynch Peter Lynch
                Last Updated By:
                Peter Lynch
              • Votes:
                1 Vote for this issue
                Watchers:
                11 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Date of First Response: