Uploaded image for project: 'Dev - Nexus'
  1. Dev - Nexus
  2. NEXUS-848

Group level security allowing protected repo access

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.0.1
    • Fix Version/s: 1.0.2, 1.1
    • Component/s: None
    • Labels:
      None

      Description

      I want to provide developers a single mirror entry point, and for this
      purpose, my private group contains the same repositories as the public
      group, in addition to the private ones.

      I have reproduced the issue starting from your configuration. Let's say
      test1 is the public group/repository, and test2 is the private one. The
      following configuration works perfect:

      • test1 group --> test1 repo
      • test2 group --> test2 repo

      But the following one fails:

      • test1 group --> test1 repo
      • test2 group --> test1 repo + test2 repo

      At the moment I add test1 repo to the test2 group, the anonymous user
      gains access to the test2 group/repo, and it shouldn't :-S

      The following is the result of a "wget" with the first configuration:

      $ wget http://nexus:8081/nexus/content/groups/aneurist/at/ac/
      -2008-09-26 09:24:48- http://nexus:8081/nexus/content/groups/an...
      Resolving nexus... 10.0.0.251
      Connecting to nexus|10.0.0.251|:8081... connected.
      HTTP request sent, awaiting response... 401 Unauthorized
      Authorization failed.

      And just by adding "Maven Central" to the "aneurist" group, and
      repeating the same command I get:

      $ wget http://nexus:8081/nexus/content/groups/aneurist/at/ac/
      -2008-09-26 09:40:22- http://nexus:8081/nexus/content/groups/an...
      Resolving nexus... 10.0.0.251
      Connecting to nexus|10.0.0.251|:8081... connected.
      HTTP request sent, awaiting response... 200 OK

      And there is no /at/ac/ folder in Maven Central

      "Originally reported by Rodrigo Ruiz on nexus-users list"

        Issue Links

          Activity

          Hide
          cstamas Tamás Cservenák added a comment -

          Initial fix is in trunk in form of AccessManager revived from Proximity

          Show
          cstamas Tamás Cservenák added a comment - Initial fix is in trunk in form of AccessManager revived from Proximity
          Hide
          mpowers mpowers added a comment -

          Validated fix in 1.0.2

          Show
          mpowers mpowers added a comment - Validated fix in 1.0.2
          Hide
          cstamas Tamás Cservenák added a comment -

          Fixed

          Show
          cstamas Tamás Cservenák added a comment - Fixed
          Hide
          koconnor Kristine O'Connor added a comment -

          Can't test this defect until 916 is fixed.

          Show
          koconnor Kristine O'Connor added a comment - Can't test this defect until 916 is fixed.
          Hide
          koconnor Kristine O'Connor added a comment -

          This now appears to be working correctly - I was not able to access a group that I did not have the security permissions to, regardless of the artifacts that were in that group.

          Show
          koconnor Kristine O'Connor added a comment - This now appears to be working correctly - I was not able to access a group that I did not have the security permissions to, regardless of the artifacts that were in that group.

            People

            • Assignee:
              koconnor Kristine O'Connor
              Reporter:
              bdemers Brian Demers
              Last Updated By:
              Jason Dillon
            • Votes:
              1 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Date of First Response:

                Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0h
                0h
                Logged:
                Time Spent - 4h
                4h