Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

nexus 3.15.2 does not allocate user accounts #32

Closed
mwmanley opened this issue Mar 15, 2019 · 10 comments
Closed

nexus 3.15.2 does not allocate user accounts #32

mwmanley opened this issue Mar 15, 2019 · 10 comments

Comments

@mwmanley
Copy link

mwmanley commented Mar 15, 2019
edited
Loading

Howdy,

We were forced to upgrade to nexus 3.15.2 due to the security issues with older versions. The newer version of nexus correctly looks up users in GitHub, but it no longer seems to allocate them internally. As a result, you get stack traces of user not found errors. I struck out user names and team names to comply with security:

2019-03-15 13:58:21,697+0000 INFO  [qtp573051875-183] XXXXXXXX org.sonatype.nexus.rapture.internal.security.SessionServlet - Created session for user: XXXXXXXX
2019-03-15 13:58:21,726+0000 INFO  [qtp573051875-52] XXXXXXXX com.larscheidschmitzhermes.nexus3.github.oauth.plugin.GithubOauthAuthenticatingRealm - doGetAuthorizationInfo for user XXXXXXXX
 with roles MYORG/MYTEAMLIST
...

2019-03-15 13:58:21,877+0000 WARN  [qtp573051875-56] XXXXXXXX org.sonatype.nexus.internal.selector.SelectorManagerImpl - Unable to load active content selectors
org.sonatype.nexus.security.user.UserNotFoundException: User not found: XXXXXXX
	at org.sonatype.nexus.security.internal.DefaultSecuritySystem.getUser(DefaultSecuritySystem.java:371)
	at org.sonatype.nexus.security.internal.DefaultSecuritySystem.currentUser(DefaultSecuritySystem.java:354)
	at org.sonatype.nexus.internal.selector.SelectorManagerImpl.browseActive(SelectorManagerImpl.java:180)
	at org.sonatype.nexus.internal.selector.SelectorManagerImpl$$EnhancerByGuice$$356cfc8.CGLIB$browseActive$1(<generated>)
	at org.sonatype.nexus.internal.selector.SelectorManagerImpl$$EnhancerByGuice$$356cfc8$$FastClassByGuice$$8e01e590.invoke(<generated>)
	at com.google.inject.internal.cglib.proxy.$MethodProxy.invokeSuper(MethodProxy.java:228)
	at com.google.inject.internal.InterceptorStackCallback$InterceptedMethodInvocation.proceed(InterceptorStackCallback.java:76)
	at org.sonatype.nexus.common.stateguard.MethodInvocationAction.run(MethodInvocationAction.java:39)
	at org.sonatype.nexus.common.stateguard.StateGuard$GuardImpl.run(StateGuard.java:272)
	at org.sonatype.nexus.common.stateguard.GuardedInterceptor.invoke(GuardedInterceptor.java:53)
	at com.google.inject.internal.InterceptorStackCallback$InterceptedMethodInvocation.proceed(InterceptorStackCallback.java:77)
	at com.google.inject.internal.InterceptorStackCallback.intercept(InterceptorStackCallback.java:55)
	at org.sonatype.nexus.internal.selector.SelectorManagerImpl$$EnhancerByGuice$$356cfc8.browseActive(<generated>)
	at org.sonatype.nexus.repository.security.RepositoryPermissionChecker.subjectHasAnyContentSelectorAccessTo(RepositoryPermissionChecker.java:121)
	at org.sonatype.nexus.repository.security.RepositoryPermissionChecker.userCanBrowseRepositories(RepositoryPermissionChecker.java:109)
	at org.sonatype.nexus.repository.security.RepositoryPermissionChecker$userCanBrowseRepositories.call(Unknown Source)
	at org.sonatype.nexus.coreui.RepositoryComponent.getBrowseableFormats(RepositoryComponent.groovy:135)
	at org.sonatype.nexus.coreui.RepositoryComponent$$EnhancerByGuice$$9f6e5341.CGLIB$getBrowseableFormats$23(<generated>)
	at org.sonatype.nexus.coreui.RepositoryComponent$$EnhancerByGuice$$9f6e5341$$FastClassByGuice$$b0f12d57.invoke(<generated>)
	at com.google.inject.internal.cglib.proxy.$MethodProxy.invokeSuper(MethodProxy.java:228)
	at com.google.inject.internal.InterceptorStackCallback$InterceptedMethodInvocation.proceed(InterceptorStackCallback.java:76)
	at com.palominolabs.metrics.guice.ExceptionMeteredInterceptor.invoke(ExceptionMeteredInterceptor.java:49)
	at com.google.inject.internal.InterceptorStackCallback$InterceptedMethodInvocation.proceed(InterceptorStackCallback.java:77)
	at com.palominolabs.metrics.guice.TimedInterceptor.invoke(TimedInterceptor.java:47)
	at com.google.inject.internal.InterceptorStackCallback$InterceptedMethodInvocation.proceed(InterceptorStackCallback.java:77)
	at com.google.inject.internal.InterceptorStackCallback.intercept(InterceptorStackCallback.java:55)
	at org.sonatype.nexus.coreui.RepositoryComponent$$EnhancerByGuice$$9f6e5341.getBrowseableFormats(<generated>)
	at org.sonatype.nexus.coreui.RepositoryComponent.getState(RepositoryComponent.groovy:147)
	at org.sonatype.nexus.rapture.internal.state.StateComponent.getState(StateComponent.java:87)
	at org.sonatype.nexus.rapture.internal.state.StateComponent$$EnhancerByGuice$$c680be9.CGLIB$getState$0(<generated>)
	at org.sonatype.nexus.rapture.internal.state.StateComponent$$EnhancerByGuice$$c680be9$$FastClassByGuice$$f5589e80.invoke(<generated>)
	at com.google.inject.internal.cglib.proxy.$MethodProxy.invokeSuper(MethodProxy.java:228)
	at com.google.inject.internal.InterceptorStackCallback$InterceptedMethodInvocation.proceed(InterceptorStackCallback.java:76)
	at com.palominolabs.metrics.guice.ExceptionMeteredInterceptor.invoke(ExceptionMeteredInterceptor.java:49)
	at com.google.inject.internal.InterceptorStackCallback$InterceptedMethodInvocation.proceed(InterceptorStackCallback.java:77)
	at com.palominolabs.metrics.guice.TimedInterceptor.invoke(TimedInterceptor.java:47)
	at com.google.inject.internal.InterceptorStackCallback$InterceptedMethodInvocation.proceed(InterceptorStackCallback.java:77)
	at com.google.inject.internal.InterceptorStackCallback.intercept(InterceptorStackCallback.java:55)
	at org.sonatype.nexus.rapture.internal.state.StateComponent$$EnhancerByGuice$$c680be9.getState(<generated>)
	at sun.reflect.GeneratedMethodAccessor133.invoke(Unknown Source)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at com.softwarementors.extjs.djn.router.dispatcher.DispatcherBase.invokeJavaMethod(DispatcherBase.java:142)
	at com.softwarementors.extjs.djn.router.dispatcher.DispatcherBase.invokeMethod(DispatcherBase.java:133)
	at org.sonatype.nexus.extdirect.internal.ExtDirectDispatcher.invokeMethod(ExtDirectDispatcher.java:82)
	at com.softwarementors.extjs.djn.router.dispatcher.DispatcherBase.dispatch(DispatcherBase.java:63)
	at com.softwarementors.extjs.djn.router.processor.poll.PollRequestProcessor.process(PollRequestProcessor.java:145)
	at org.sonatype.nexus.extdirect.internal.ExtDirectServlet$3.processPollRequest(ExtDirectServlet.java:247)
	at com.softwarementors.extjs.djn.servlet.DirectJNgineServlet.processRequest(DirectJNgineServlet.java:636)
	at com.softwarementors.extjs.djn.servlet.DirectJNgineServlet.doPost(DirectJNgineServlet.java:595)
	at org.sonatype.nexus.extdirect.internal.ExtDirectServlet.doPost(ExtDirectServlet.java:130)
	at com.softwarementors.extjs.djn.servlet.DirectJNgineServlet.doGet(DirectJNgineServlet.java:568)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:687)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
	at com.google.inject.servlet.ServletDefinition.doServiceImpl(ServletDefinition.java:286)
	at com.google.inject.servlet.ServletDefinition.doService(ServletDefinition.java:276)
	at com.google.inject.servlet.ServletDefinition.service(ServletDefinition.java:181)
	at com.google.inject.servlet.DynamicServletPipeline.service(DynamicServletPipeline.java:71)
	at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:85)
	at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:112)
	at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82)
	at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:61)
	at org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.java:108)
	at org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:137)
	at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
	at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66)
	at org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.java:108)
	at org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:137)
	at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
	at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66)
	at org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.java:108)
	at org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:137)
	at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
	at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66)
	at org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(AbstractShiroFilter.java:449)
	at org.sonatype.nexus.security.SecurityFilter.executeChain(SecurityFilter.java:85)
	at org.apache.shiro.web.servlet.AbstractShiroFilter$1.call(AbstractShiroFilter.java:365)
	at org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90)
	at org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83)
	at org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:383)
	at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:362)
	at org.sonatype.nexus.security.SecurityFilter.doFilterInternal(SecurityFilter.java:101)
	at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
	at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82)
	at com.sonatype.nexus.licensing.internal.LicensingRedirectFilter.doFilter(LicensingRedirectFilter.java:108)
	at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82)
	at com.codahale.metrics.servlet.AbstractInstrumentedFilter.doFilter(AbstractInstrumentedFilter.java:97)
	at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82)
	at org.sonatype.nexus.internal.web.ErrorPageFilter.doFilter(ErrorPageFilter.java:68)
	at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82)
	at org.sonatype.nexus.internal.web.EnvironmentFilter.doFilter(EnvironmentFilter.java:101)
	at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82)
	at org.sonatype.nexus.internal.web.HeaderPatternFilter.doFilter(HeaderPatternFilter.java:98)
	at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82)
	at com.google.inject.servlet.DynamicFilterPipeline.dispatch(DynamicFilterPipeline.java:104)
	at com.google.inject.servlet.GuiceFilter.doFilter(GuiceFilter.java:135)
	at org.sonatype.nexus.bootstrap.osgi.DelegatingFilter.doFilter(DelegatingFilter.java:73)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1634)
	at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:533)
	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:146)
	at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:548)
	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)
	at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:257)
	at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1595)
	at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:255)
	at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1317)
	at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:203)
	at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:473)
	at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1564)
	at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:201)
	at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1219)
	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:144)
	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)
	at com.codahale.metrics.jetty9.InstrumentedHandler.handle(InstrumentedHandler.java:175)
	at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:126)
	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)
	at org.eclipse.jetty.server.Server.handle(Server.java:531)
	at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:352)
	at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:260)
	at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:281)
	at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:102)
	at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:118)
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:333)
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:310)
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:168)
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:126)
	at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:366)
	at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:762)
	at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:680)
	at java.lang.Thread.run(Thread.java:748)

I'll dig on my own to see if I can correct the issue, but I wanted to open this bug report to for others to see, maybe fix, the issue.

Thanks!
@tobilarscheid
Copy link
Member

Hi @mwmanley,

what type of repository (maven, npm, ...) are you using within nexus?

@mwmanley
Copy link
Author

mwmanley commented Mar 15, 2019 via email

@tobilarscheid
Copy link
Member

I am able to reproduce the stack trace with a fresh nexus 3.15.2 install. Login succeeds though, the user is assigned the correct roles and can interact with nexus.

@mwmanley
Copy link
Author

That's so weird. I'm literally consistently having the opposite experience.

@tobilarscheid
Copy link
Member

to clarify: I am running nexus 3.15.2 and all I tested is the web interface

@mwmanley
Copy link
Author

Yeah, same here. I can log in, which means that it's validating the token, but I get no roles associated with the GitHub team with which I am associating the role.

@mwmanley
Copy link
Author

What's more curious is that it doesn't work with new (post-upgrade) accounts. It's working for anyone that logged in pre-upgrade though.

@mwmanley
Copy link
Author

Groan. I was using the name that came from GitHub of @org/. I failed to notice that it was @org/ that GitHub was sending back, which the people that set up this group capitalized. So after switching to Team description, it worked.

Sorry for the bother. I'm going to go scream into a pillow for a while since there were only two groups where these were mismatched, and they were both the ones that I was testing.

@tobilarscheid
Copy link
Member

Haha, glad you solved it. Still it would be great if we could get rid of that confusing stack trace...

@ghost
Copy link

ghost commented May 22, 2020

I got here by searching on the error message. I found it difficult to understand the solution. Eventually I found that the org/team role names need to exactly match what you see in the nexus3 log (although multiple org/team names will be combined into a single string until pr #43 is merged so you have to manually separate them until then.)

# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mwmanley @tobilarscheid