Anonymous access to custom REST APIs

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Anonymous access to custom REST APIs

Gergely Nagy
Hi,

I am working on a Nexus plugin with a REST interface. My component is roughly based on ArtifactPlexusResource but has a different JAXRS @Path of course.

Unfortunately I get an authentication error (when trying to load a pom much like in ArtifactPlexusResource) if i'm not logged in as a Nexus user to the web interface, although anonymous access is allowed and works just fine for e.g. the stock artifact REST api. From a little debugging I could gather that access to ArtifactPlexusResource goes trough NexusHttpAuthenticationFilter, which sets up the credentials for the anonymous user. How can I configure this for my own components?

Greg
Reply | Threaded
Open this post in threaded view
|

Re: Anonymous access to custom REST APIs

Tamás Cservenák
Hi there,

what resource protection you use for your new resource?

As in case of mentioned resource, "nexus:artifact" is used:

"anon" will not work.


Thanks,
~t~


On Wed, Jul 3, 2013 at 2:14 PM, Gergely Nagy <[hidden email]> wrote:
Hi,

I am working on a Nexus plugin with a REST interface. My component is
roughly based on ArtifactPlexusResource but has a different JAXRS @Path of
course.

Unfortunately I get an authentication error (when trying to load a pom much
like in ArtifactPlexusResource) if i'm not logged in as a Nexus user to the
web interface, although anonymous access is allowed and works just fine for
e.g. the stock artifact REST api. From a little debugging I could gather
that access to ArtifactPlexusResource goes trough
NexusHttpAuthenticationFilter, which sets up the credentials for the
anonymous user. How can I configure this for my own components?

Greg




--
View this message in context: http://maven.40175.n5.nabble.com/Anonymous-access-to-custom-REST-APIs-tp5761719.html
Sent from the Nexus Maven Repository Manager Dev List mailing list archive at Nabble.com.

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]


Reply | Threaded
Open this post in threaded view
|

Re: Anonymous access to custom REST APIs

Gergely Nagy
Hi,

I'm in fact using nexus:artifact:

        @Override
        public PathProtectionDescriptor getResourceProtection() {
                String filterExpression = "authcBasic,perms[nexus:artifact]";
                return new PathProtectionDescriptor(this.getResourceUri(), filterExpression);
        }

Debugging shows me that DelegatingSubject.login() is never called, so ds.authenticated remains false and ds.principals won't contain "anonymous", which is the case for ArtifactPlexusResource. This is performed in an authentication filter which is reached in the chain for APR but not for my resource.

Interestingly, breakpoints set in getResourceProtection() are not triggered in neither APR nor my component. The auth error occurs when I submit an ArtifactStoreRequest to ArtifactStoreHelper as so:

ArtifactStoreRequest request = createArtifactStoreRequest(repository, gav);
StorageFileItem sfi = repository.getArtifactStoreHelper().retrieveArtifactPom(request);

My createArtifactStoreRequest() is very much like
https://github.com/sonatype/nexus-oss/blob/master/plugins/restlet1x/nexus-restlet1x-plugin/src/main/java/org/sonatype/nexus/rest/artifact/AbstractArtifactPlexusResource.java#L75

Thanks,
Greg