Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-7860

request.log does not include authenticated userid for certain requests

    Details

    • Story Points:
      1
    • Sprint:
      Sprint 44

      Description

      Configure repos:

      nuget-group
      – nuget-proxy ( https://www.nuget.org/api/v2/ )

      Delete the Nexus anonymous user. Do not configure Nuget API key realm.

      Make the following request with Nexus 2.11.1

      wget --debug --http-user admin --http-password=admin123 -S http://localhost:8081/nexus/service/local/nuget/nuget-group/Microsoft.AspNet.WebApi.Client/5.2.2

      by design, wget does not use pre-emptive auth and makes two requests, the first responds with 401 and WWW-Authenticate headers and the second sends your credentials in response.

      request.log does not print the authenticated user on the second request.

      127.0.0.1 - - [30/Dec/2014:12:40:37 -0400] "GET /nexus/service/local/nuget/nuget-group/Microsoft.AspNet.WebApi.Client/5.2.2 HTTP/1.1" 401 0
      127.0.0.1 - - [30/Dec/2014:12:40:45 -0400] "GET /nexus/service/local/nuget/nuget-group/Microsoft.AspNet.WebApi.Client/5.2.2 HTTP/1.1" 404 388

      Note: the 404 in this case was because I had an http proxy server configured in Nexus returning 404 for the outbound request. This should normally return 200 and not related to this problem.

      Seems like the security filter change in NEXUS-7785 where the logging was added is not being picked up for some reason.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              jtom Joe Tom
              Reporter:
              plynch Peter Lynch
              Last Updated By:
              Peter Lynch Peter Lynch
              Votes:
              2 Vote for this issue
              Watchers:
              8 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Date of First Response:

                  tigCommentSecurity.panel-title