Quantcast

Nexus Security Plugin

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Nexus Security Plugin

Hans Vandenbroeck
Hey

I'm updating a old Nexus plugin we created for an older version of Nexus, for the nexus version 2.7.2-03. I've migrated from plexus using the following documentation:https://wiki.eclipse.org/Sisu/PlexusMigration I've compared with the nexus-ldap-plugin and other plugins of nexus. but I can't see whats wrong.

I've copied the plugin to the nexus plugin directory . When I start tomcat, I can see that nexus activates the plugin correctly. But what I don't see is when he activates the security roles. I also can't see error's or exception in the log. (with debug logging on)

I have a OpenAMSecurityResource with the nexus-openam-plugin-security.xml file in the correct folder:

@Named 
@Singleton 
public class OpenAMSecurityResource extends AbstractStaticSecurityResource implements StaticSecurityResource { 
public String getResourcePath() 

return "/META-INF/nexus-openam-plugin-security.xml”;

}

@Singleton
@Description("OpenAM Authentication Realm")
@Named
public class OpenAMRealm extends AuthorizingRealm {
    private OpenAMAccess openAMAccess;
private UserManager openAMUserManager;
@Inject
public OpenAMRealm(final OpenAMAccess openAMAccess, final UserManager openAMUserManager) {
        ....
}
   
public void setOpenAMAccess(OpenAMAccess openAMAccess) {
        ....
}

@Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationTokenauthenticationToken) {
        ....
    }

@SuppressWarnings("unchecked")
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        ...
    }
}

@Named
@Singleton
public class OpenAMRealmUiContributor implements UiContributor
{
   /**
    * Prefix for ID-like things.
    */
   @NonNls
   public static final String ID_PREFIX = "openam";

   /**
    * Expected groupId for plugin artifact.
    */
   @NonNls
   public static final String GROUP_ID = "be.aca-it.nexus";

   /**
    * Expected artifactId for plugin artifact.
    */
   @NonNls
   public static final String ARTIFACT_ID = "nexus-" + ID_PREFIX + "-plugin";

   @Override
   public UiContribution contribute(boolean debug) {
       return new UiContributionBuilder(this, GROUP_ID, ARTIFACT_ID).build(debug);
   }
}


@Named
@Singleton
public class OpenAMNexusResourceBundle extends AbstractNexusResourceBundle {

   public static final String UI_CUSTOMIZATION_FILE_NAME = "nexus-openam-plugin-boot.js";
   public static final String UI_CUSTOMIZATION_RESOURCE_NAME = "/static/js/" + UI_CUSTOMIZATION_FILE_NAME;
   public static final String UI_CUSTOMIZATION_RESOURCE_URI = "/js/openam-plugin/" + UI_CUSTOMIZATION_FILE_NAME;

   @Inject
   private MimeUtil mimeUtil;

   @Override
   public List<StaticResource> getContributedResouces() {
       List<StaticResource> result = new ArrayList<StaticResource>();
       result.add(new DefaultStaticResource(getClass().getResource(UI_CUSTOMIZATION_RESOURCE_NAME), UI_CUSTOMIZATION_RESOURCE_URI, mimeUtil.getMimeType(UI_CUSTOMIZATION_FILE_NAME)));

       return result;
   }

}

The class OpenAMNexusResourceBundle has some deprecated type's I don't know immediately how to replace them.

• AbstractNexusResourceBundle
• MimeUtil
• StaticResource

when I add some breakpoint the debugger only stops in OpenAMRealmUiContributor. contribute().

Does someone know why my OpenAMRealm is not loaded correctly?

with kind regards 
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Nexus Security Plugin

Stuart McCulloch-2
On 16 Apr 2014, at 09:16, Hans Vandenbroeck <[hidden email]> wrote:

Hey

I'm updating a old Nexus plugin we created for an older version of Nexus, for the nexus version 2.7.2-03. I've migrated from plexus using the following documentation:https://wiki.eclipse.org/Sisu/PlexusMigration I've compared with the nexus-ldap-plugin and other plugins of nexus. but I can't see whats wrong.

I've copied the plugin to the nexus plugin directory . When I start tomcat, I can see that nexus activates the plugin correctly. But what I don't see is when he activates the security roles. I also can't see error's or exception in the log. (with debug logging on)

I have a OpenAMSecurityResource with the nexus-openam-plugin-security.xml file in the correct folder:

@Named 
@Singleton 
public class OpenAMSecurityResource extends AbstractStaticSecurityResource implements StaticSecurityResource { 
public String getResourcePath() 

return "/META-INF/nexus-openam-plugin-security.xml”;

}

@Singleton
@Description("OpenAM Authentication Realm")
@Named
public class OpenAMRealm extends AuthorizingRealm {
    private OpenAMAccess openAMAccess;
private UserManager openAMUserManager;
@Inject
public OpenAMRealm(final OpenAMAccess openAMAccess, final UserManager openAMUserManager) {
        ....
}
   
public void setOpenAMAccess(OpenAMAccess openAMAccess) {
        ....
}

@Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationTokenauthenticationToken) {
        ....
    }

@SuppressWarnings("unchecked")
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        ...
    }
}

@Named
@Singleton
public class OpenAMRealmUiContributor implements UiContributor
{
   /**
    * Prefix for ID-like things.
    */
   @NonNls
   public static final String ID_PREFIX = "openam";

   /**
    * Expected groupId for plugin artifact.
    */
   @NonNls
   public static final String GROUP_ID = "be.aca-it.nexus";

   /**
    * Expected artifactId for plugin artifact.
    */
   @NonNls
   public static final String ARTIFACT_ID = "nexus-" + ID_PREFIX + "-plugin";

   @Override
   public UiContribution contribute(boolean debug) {
       return new UiContributionBuilder(this, GROUP_ID, ARTIFACT_ID).build(debug);
   }
}


@Named
@Singleton
public class OpenAMNexusResourceBundle extends AbstractNexusResourceBundle {

   public static final String UI_CUSTOMIZATION_FILE_NAME = "nexus-openam-plugin-boot.js";
   public static final String UI_CUSTOMIZATION_RESOURCE_NAME = "/static/js/" + UI_CUSTOMIZATION_FILE_NAME;
   public static final String UI_CUSTOMIZATION_RESOURCE_URI = "/js/openam-plugin/" + UI_CUSTOMIZATION_FILE_NAME;

   @Inject
   private MimeUtil mimeUtil;

   @Override
   public List<StaticResource> getContributedResouces() {
       List<StaticResource> result = new ArrayList<StaticResource>();
       result.add(new DefaultStaticResource(getClass().getResource(UI_CUSTOMIZATION_RESOURCE_NAME), UI_CUSTOMIZATION_RESOURCE_URI, mimeUtil.getMimeType(UI_CUSTOMIZATION_FILE_NAME)));

       return result;
   }

}

The class OpenAMNexusResourceBundle has some deprecated type's I don't know immediately how to replace them.

• AbstractNexusResourceBundle
• MimeUtil
• StaticResource

While the NexusResourceBundle and related classes are deprecated for removal in later releases, they are still functional in 2.7. You can also contribute extra resources using the UiContributionBuilder in your UiContributor - by default it includes “static/js/nexus-openam-plugin-all.js” (typically the compressed JS file) but you can add more resources using withDependency and related methods. Note this assumes your JS code is based on the require.js approach used elsewhere in the UI.

when I add some breakpoint the debugger only stops in OpenAMRealmUiContributor. contribute().

Does someone know why my OpenAMRealm is not loaded correctly?

Are none of your components appearing in the UI or only the new security roles?  ie. does the realm at least appear in the Server tab, under “Security Settings”?

BTW, you can turn on detailed tracing of components in "bin/jsw/conf/wrapper.conf” in Nexus 2.7.x by adding the following line:

wrapper.java.additional.3=-Dorg.sonatype.inject.debug

This generates a lot of extra output, so best search the log file for mentions of OpenAMRealm - you should see a binding for each of your components and details of any potential issues.

with kind regards 

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Nexus Security Plugin

Hans Vandenbroeck
Hey

Thanks for your quick answer. 

I have turned on the detailed tracing. What I see in the wrapping log is: (I have attached the startup log)

* There is one error in the beginning, but I think they have nothing to do with my plugin.
* There is another exception with  java.lang.TypeNotPresentException, but I think it has also nothing to do with my plugin. 
* All the logging I can find about my plugin (openam-plugin) is without an error. 

Can you take a look at the log file? Maybe I missed something. 

I have a new installation of nexus, everything as standaard. Just deployed my plugin in the appropriate folder and started Nexus.

When I’m in the plugin console. I can see my plugin. The configuration for the openam-plugin is not shown in the “Security” tab. Also the security roles are not shown

The realm does appear in the "Security Settings”.


 

with kind regards 
Hans Vandenbroeck


On 17 Apr 2014, at 01:43, Stuart McCulloch <[hidden email]> wrote:

On 16 Apr 2014, at 09:16, Hans Vandenbroeck <[hidden email]> wrote:

Hey

I'm updating a old Nexus plugin we created for an older version of Nexus, for the nexus version 2.7.2-03. I've migrated from plexus using the following documentation:https://wiki.eclipse.org/Sisu/PlexusMigration I've compared with the nexus-ldap-plugin and other plugins of nexus. but I can't see whats wrong.

I've copied the plugin to the nexus plugin directory . When I start tomcat, I can see that nexus activates the plugin correctly. But what I don't see is when he activates the security roles. I also can't see error's or exception in the log. (with debug logging on)

I have a OpenAMSecurityResource with the nexus-openam-plugin-security.xml file in the correct folder:

@Named 
@Singleton 
public class OpenAMSecurityResource extends AbstractStaticSecurityResource implements StaticSecurityResource { 
public String getResourcePath() 

return "/META-INF/nexus-openam-plugin-security.xml”;

}

@Singleton
@Description("OpenAM Authentication Realm")
@Named
public class OpenAMRealm extends AuthorizingRealm {
    private OpenAMAccess openAMAccess;
private UserManager openAMUserManager;
@Inject
public OpenAMRealm(final OpenAMAccess openAMAccess, final UserManager openAMUserManager) {
        ....
}
   
public void setOpenAMAccess(OpenAMAccess openAMAccess) {
        ....
}

@Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationTokenauthenticationToken) {
        ....
    }

@SuppressWarnings("unchecked")
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        ...
    }
}

@Named
@Singleton
public class OpenAMRealmUiContributor implements UiContributor
{
   /**
    * Prefix for ID-like things.
    */
   @NonNls
   public static final String ID_PREFIX = "openam";

   /**
    * Expected groupId for plugin artifact.
    */
   @NonNls
   public static final String GROUP_ID = "be.aca-it.nexus";

   /**
    * Expected artifactId for plugin artifact.
    */
   @NonNls
   public static final String ARTIFACT_ID = "nexus-" + ID_PREFIX + "-plugin";

   @Override
   public UiContribution contribute(boolean debug) {
       return new UiContributionBuilder(this, GROUP_ID, ARTIFACT_ID).build(debug);
   }
}


@Named
@Singleton
public class OpenAMNexusResourceBundle extends AbstractNexusResourceBundle {

   public static final String UI_CUSTOMIZATION_FILE_NAME = "nexus-openam-plugin-boot.js";
   public static final String UI_CUSTOMIZATION_RESOURCE_NAME = "/static/js/" + UI_CUSTOMIZATION_FILE_NAME;
   public static final String UI_CUSTOMIZATION_RESOURCE_URI = "/js/openam-plugin/" + UI_CUSTOMIZATION_FILE_NAME;

   @Inject
   private MimeUtil mimeUtil;

   @Override
   public List<StaticResource> getContributedResouces() {
       List<StaticResource> result = new ArrayList<StaticResource>();
       result.add(new DefaultStaticResource(getClass().getResource(UI_CUSTOMIZATION_RESOURCE_NAME), UI_CUSTOMIZATION_RESOURCE_URI, mimeUtil.getMimeType(UI_CUSTOMIZATION_FILE_NAME)));

       return result;
   }

}

The class OpenAMNexusResourceBundle has some deprecated type's I don't know immediately how to replace them.

• AbstractNexusResourceBundle
• MimeUtil
• StaticResource

While the NexusResourceBundle and related classes are deprecated for removal in later releases, they are still functional in 2.7. You can also contribute extra resources using the UiContributionBuilder in your UiContributor - by default it includes “static/js/nexus-openam-plugin-all.js” (typically the compressed JS file) but you can add more resources using withDependency and related methods. Note this assumes your JS code is based on the require.js approach used elsewhere in the UI.

when I add some breakpoint the debugger only stops in OpenAMRealmUiContributor. contribute().

Does someone know why my OpenAMRealm is not loaded correctly?

Are none of your components appearing in the UI or only the new security roles?  ie. does the realm at least appear in the Server tab, under “Security Settings”?

BTW, you can turn on detailed tracing of components in "bin/jsw/conf/wrapper.conf” in Nexus 2.7.x by adding the following line:

wrapper.java.additional.3=-Dorg.sonatype.inject.debug

This generates a lot of extra output, so best search the log file for mentions of OpenAMRealm - you should see a binding for each of your components and details of any potential issues.

with kind regards 


startupnexuswithopenamplugin.txt (1M) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Nexus Security Plugin

Stuart McCulloch-2

On 17 Apr 2014, at 12:37, Hans Vandenbroeck <[hidden email]> wrote:

Hey

Thanks for your quick answer. 

I have turned on the detailed tracing. What I see in the wrapping log is: (I have attached the startup log)

* There is one error in the beginning, but I think they have nothing to do with my plugin.
* There is another exception with  java.lang.TypeNotPresentException, but I think it has also nothing to do with my plugin. 

Correct, the two “potential problems” mentioned at the start of the log are expected and can safely be ignored.

* All the logging I can find about my plugin (openam-plugin) is without an error. 

The only odd thing I can see is that your plugin is defining a lot of SingleVersionUpgrader and related bindings that look like they’re coming from Plexus configuration - are you still generating a Plexus components.xml for your plugin or pulling a components.xml in elsewhere? (you can check this by unpacking the bundle.zip and then unpacking the primary jar... any generated Plexus components.xml will be under META-INF/plexus/components.xml)

Does your plugin bundle.zip contain just the dependencies you expect?  If your plugin is accidentally pulling dependencies from nexus into the bundle.zip that could explain what’s going on (you’d end up redefining classes already declared in nexus, so while your plugin would be consistent certain components wouldn’t be seen by nexus because they would be using the classes from your bundle.zip and not the ones from nexus). 

Can you take a look at the log file? Maybe I missed something. 

I have a new installation of nexus, everything as standaard. Just deployed my plugin in the appropriate folder and started Nexus.

When I’m in the plugin console. I can see my plugin. The configuration for the openam-plugin is not shown in the “Security” tab. Also the security roles are not shown

Note that the Nexus 2.7 UI uses require.js so you may need to tweak your JS (look at similar examples like the LDAP plugin in the nexus-2.7.x branch on github)

The realm does appear in the "Security Settings”.
<startupnexuswithopenamplugin.txt>
 
with kind regards 
Hans Vandenbroeck


On 17 Apr 2014, at 01:43, Stuart McCulloch <[hidden email]> wrote:

On 16 Apr 2014, at 09:16, Hans Vandenbroeck <[hidden email]> wrote:

Hey

I'm updating a old Nexus plugin we created for an older version of Nexus, for the nexus version 2.7.2-03. I've migrated from plexus using the following documentation:https://wiki.eclipse.org/Sisu/PlexusMigration I've compared with the nexus-ldap-plugin and other plugins of nexus. but I can't see whats wrong.

I've copied the plugin to the nexus plugin directory . When I start tomcat, I can see that nexus activates the plugin correctly. But what I don't see is when he activates the security roles. I also can't see error's or exception in the log. (with debug logging on)

I have a OpenAMSecurityResource with the nexus-openam-plugin-security.xml file in the correct folder:

@Named 
@Singleton 
public class OpenAMSecurityResource extends AbstractStaticSecurityResource implements StaticSecurityResource { 
public String getResourcePath() 

return "/META-INF/nexus-openam-plugin-security.xml”;

}

@Singleton
@Description("OpenAM Authentication Realm")
@Named
public class OpenAMRealm extends AuthorizingRealm {
    private OpenAMAccess openAMAccess;
private UserManager openAMUserManager;
@Inject
public OpenAMRealm(final OpenAMAccess openAMAccess, final UserManager openAMUserManager) {
        ....
}
   
public void setOpenAMAccess(OpenAMAccess openAMAccess) {
        ....
}

@Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationTokenauthenticationToken) {
        ....
    }

@SuppressWarnings("unchecked")
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        ...
    }
}

@Named
@Singleton
public class OpenAMRealmUiContributor implements UiContributor
{
   /**
    * Prefix for ID-like things.
    */
   @NonNls
   public static final String ID_PREFIX = "openam";

   /**
    * Expected groupId for plugin artifact.
    */
   @NonNls
   public static final String GROUP_ID = "be.aca-it.nexus";

   /**
    * Expected artifactId for plugin artifact.
    */
   @NonNls
   public static final String ARTIFACT_ID = "nexus-" + ID_PREFIX + "-plugin";

   @Override
   public UiContribution contribute(boolean debug) {
       return new UiContributionBuilder(this, GROUP_ID, ARTIFACT_ID).build(debug);
   }
}


@Named
@Singleton
public class OpenAMNexusResourceBundle extends AbstractNexusResourceBundle {

   public static final String UI_CUSTOMIZATION_FILE_NAME = "nexus-openam-plugin-boot.js";
   public static final String UI_CUSTOMIZATION_RESOURCE_NAME = "/static/js/" + UI_CUSTOMIZATION_FILE_NAME;
   public static final String UI_CUSTOMIZATION_RESOURCE_URI = "/js/openam-plugin/" + UI_CUSTOMIZATION_FILE_NAME;

   @Inject
   private MimeUtil mimeUtil;

   @Override
   public List<StaticResource> getContributedResouces() {
       List<StaticResource> result = new ArrayList<StaticResource>();
       result.add(new DefaultStaticResource(getClass().getResource(UI_CUSTOMIZATION_RESOURCE_NAME), UI_CUSTOMIZATION_RESOURCE_URI, mimeUtil.getMimeType(UI_CUSTOMIZATION_FILE_NAME)));

       return result;
   }

}

The class OpenAMNexusResourceBundle has some deprecated type's I don't know immediately how to replace them.

• AbstractNexusResourceBundle
• MimeUtil
• StaticResource

While the NexusResourceBundle and related classes are deprecated for removal in later releases, they are still functional in 2.7. You can also contribute extra resources using the UiContributionBuilder in your UiContributor - by default it includes “static/js/nexus-openam-plugin-all.js” (typically the compressed JS file) but you can add more resources using withDependency and related methods. Note this assumes your JS code is based on the require.js approach used elsewhere in the UI.

when I add some breakpoint the debugger only stops in OpenAMRealmUiContributor. contribute().

Does someone know why my OpenAMRealm is not loaded correctly?

Are none of your components appearing in the UI or only the new security roles?  ie. does the realm at least appear in the Server tab, under “Security Settings”?

BTW, you can turn on detailed tracing of components in "bin/jsw/conf/wrapper.conf” in Nexus 2.7.x by adding the following line:

wrapper.java.additional.3=-Dorg.sonatype.inject.debug

This generates a lot of extra output, so best search the log file for mentions of OpenAMRealm - you should see a binding for each of your components and details of any potential issues.

with kind regards 


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Nexus Security Plugin

Hans Vandenbroeck
Hey Stuart

I’ve managed to install the plugin in Nexus. I had an old version of a Nexus-configuration jar as dependency in my pom. That was the reason the plugin was not working correctly. 
There is still a problem with loading users and roles from the external resources. This is not a problem of Nexus i think, but the plugin itself. 

many thanks for your help.

with kind regard
Hans Vandenbroeck.

On 17 Apr 2014, at 14:11, Stuart McCulloch <[hidden email]> wrote:


On 17 Apr 2014, at 12:37, Hans Vandenbroeck <[hidden email]> wrote:

Hey

Thanks for your quick answer. 

I have turned on the detailed tracing. What I see in the wrapping log is: (I have attached the startup log)

* There is one error in the beginning, but I think they have nothing to do with my plugin.
* There is another exception with  java.lang.TypeNotPresentException, but I think it has also nothing to do with my plugin. 

Correct, the two “potential problems” mentioned at the start of the log are expected and can safely be ignored.

* All the logging I can find about my plugin (openam-plugin) is without an error. 

The only odd thing I can see is that your plugin is defining a lot of SingleVersionUpgrader and related bindings that look like they’re coming from Plexus configuration - are you still generating a Plexus components.xml for your plugin or pulling a components.xml in elsewhere? (you can check this by unpacking the bundle.zip and then unpacking the primary jar... any generated Plexus components.xml will be under META-INF/plexus/components.xml)

Does your plugin bundle.zip contain just the dependencies you expect?  If your plugin is accidentally pulling dependencies from nexus into the bundle.zip that could explain what’s going on (you’d end up redefining classes already declared in nexus, so while your plugin would be consistent certain components wouldn’t be seen by nexus because they would be using the classes from your bundle.zip and not the ones from nexus). 

Can you take a look at the log file? Maybe I missed something. 

I have a new installation of nexus, everything as standaard. Just deployed my plugin in the appropriate folder and started Nexus.

When I’m in the plugin console. I can see my plugin. The configuration for the openam-plugin is not shown in the “Security” tab. Also the security roles are not shown

Note that the Nexus 2.7 UI uses require.js so you may need to tweak your JS (look at similar examples like the LDAP plugin in the nexus-2.7.x branch on github)

The realm does appear in the "Security Settings”.
<startupnexuswithopenamplugin.txt>
 
with kind regards 
Hans Vandenbroeck


On 17 Apr 2014, at 01:43, Stuart McCulloch <[hidden email]> wrote:

On 16 Apr 2014, at 09:16, Hans Vandenbroeck <[hidden email]> wrote:

Hey

I'm updating a old Nexus plugin we created for an older version of Nexus, for the nexus version 2.7.2-03. I've migrated from plexus using the following documentation:https://wiki.eclipse.org/Sisu/PlexusMigration I've compared with the nexus-ldap-plugin and other plugins of nexus. but I can't see whats wrong.

I've copied the plugin to the nexus plugin directory . When I start tomcat, I can see that nexus activates the plugin correctly. But what I don't see is when he activates the security roles. I also can't see error's or exception in the log. (with debug logging on)

I have a OpenAMSecurityResource with the nexus-openam-plugin-security.xml file in the correct folder:

@Named 
@Singleton 
public class OpenAMSecurityResource extends AbstractStaticSecurityResource implements StaticSecurityResource { 
public String getResourcePath() 

return "/META-INF/nexus-openam-plugin-security.xml”;

}

@Singleton
@Description("OpenAM Authentication Realm")
@Named
public class OpenAMRealm extends AuthorizingRealm {
    private OpenAMAccess openAMAccess;
private UserManager openAMUserManager;
@Inject
public OpenAMRealm(final OpenAMAccess openAMAccess, final UserManager openAMUserManager) {
        ....
}
   
public void setOpenAMAccess(OpenAMAccess openAMAccess) {
        ....
}

@Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationTokenauthenticationToken) {
        ....
    }

@SuppressWarnings("unchecked")
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        ...
    }
}

@Named
@Singleton
public class OpenAMRealmUiContributor implements UiContributor
{
   /**
    * Prefix for ID-like things.
    */
   @NonNls
   public static final String ID_PREFIX = "openam";

   /**
    * Expected groupId for plugin artifact.
    */
   @NonNls
   public static final String GROUP_ID = "be.aca-it.nexus";

   /**
    * Expected artifactId for plugin artifact.
    */
   @NonNls
   public static final String ARTIFACT_ID = "nexus-" + ID_PREFIX + "-plugin";

   @Override
   public UiContribution contribute(boolean debug) {
       return new UiContributionBuilder(this, GROUP_ID, ARTIFACT_ID).build(debug);
   }
}


@Named
@Singleton
public class OpenAMNexusResourceBundle extends AbstractNexusResourceBundle {

   public static final String UI_CUSTOMIZATION_FILE_NAME = "nexus-openam-plugin-boot.js";
   public static final String UI_CUSTOMIZATION_RESOURCE_NAME = "/static/js/" + UI_CUSTOMIZATION_FILE_NAME;
   public static final String UI_CUSTOMIZATION_RESOURCE_URI = "/js/openam-plugin/" + UI_CUSTOMIZATION_FILE_NAME;

   @Inject
   private MimeUtil mimeUtil;

   @Override
   public List<StaticResource> getContributedResouces() {
       List<StaticResource> result = new ArrayList<StaticResource>();
       result.add(new DefaultStaticResource(getClass().getResource(UI_CUSTOMIZATION_RESOURCE_NAME), UI_CUSTOMIZATION_RESOURCE_URI, mimeUtil.getMimeType(UI_CUSTOMIZATION_FILE_NAME)));

       return result;
   }

}

The class OpenAMNexusResourceBundle has some deprecated type's I don't know immediately how to replace them.

• AbstractNexusResourceBundle
• MimeUtil
• StaticResource

While the NexusResourceBundle and related classes are deprecated for removal in later releases, they are still functional in 2.7. You can also contribute extra resources using the UiContributionBuilder in your UiContributor - by default it includes “static/js/nexus-openam-plugin-all.js” (typically the compressed JS file) but you can add more resources using withDependency and related methods. Note this assumes your JS code is based on the require.js approach used elsewhere in the UI.

when I add some breakpoint the debugger only stops in OpenAMRealmUiContributor. contribute().

Does someone know why my OpenAMRealm is not loaded correctly?

Are none of your components appearing in the UI or only the new security roles?  ie. does the realm at least appear in the Server tab, under “Security Settings”?

BTW, you can turn on detailed tracing of components in "bin/jsw/conf/wrapper.conf” in Nexus 2.7.x by adding the following line:

wrapper.java.additional.3=-Dorg.sonatype.inject.debug

This generates a lot of extra output, so best search the log file for mentions of OpenAMRealm - you should see a binding for each of your components and details of any potential issues.

with kind regards 



Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Authentication failed, users lacks permissions.

Hans Vandenbroeck
Hey

I have created an Authentication plugin for Nexus. I use a clean installed version 2.7.2-03 of Nexus. The plugin is loaded successfully and active in the plugin console. It is also possible to find all te users and roles configured in the realm. The users in this realm are already member of role of that realm.

So user X is member of role Y in this realm. Now I have added an external role mapping for my realm and role Y to with default Nexus Roles: 

Repo: All Repositories (Read)
UI: Base UI Privileges
UI: Repository Browser
UI: Search
Login to UI

In the security settings the realm also is in the Selected Realm column. 

But it is impossible to login with following error in the log:

jvm 1    | header in parseCookies(): {null=[HTTP/1.1 200 OK], Transfer-Encoding=[chunked], Date=[Fri, 25 Apr 2014 11:09:07 GMT], Keep-Alive=[timeout=5, max=97], Connection=[Keep-Alive], Server=[Apache/2.4.2 (Unix) OpenSSL/1.0.0-fips mod_jk/1.2.37]}
jvm 1    | amAuthContext:04/25/2014 01:09:08:473 PM CEST: Thread[qtp767123430-44,5,main]
jvm 1    | LoginStatus : completed
jvm 1    | 2014-04-25 13:09:08 DEBUG [esh-1-thread-17] hans.vandenbroeck org.sonatype.nexus.feeds.record.NexusAuthenticationEventInspector - Successfully authenticated user [hans.vandenbroeck] from IP address 127.0.0.1
jvm 1    | 2014-04-25 13:09:08 DEBUG [esh-1-thread-18] hans.vandenbroeck org.sonatype.nexus.feeds.record.NexusAuthorizationEventInspector - Unable to authorize user [hans.vandenbroeck] for read(HTTP method "GET") to /nexus/service/local/authentication/login from IP Address 127.0.0.1, user agent:"n/a"
jvm 1    | 2014-04-25 13:09:08 DEBUG [qtp767123430-44] hans.vandenbroeck org.sonatype.nexus.security.filter.authc.NexusAuthenticationFilter - Request processing is rejected because user "hans.vandenbroeck" lacks permissions.
jvm 1    | 2014-04-25 13:09:08 DEBUG [qtp767123430-46] hans.vandenbroeck org.sonatype.nexus.web.NexusRestletServlet - Processing: GET /nexus/service/local/authentication/logout?_dc=1398424148524 (http://localhost:8081/nexus/service/local/authentication/logout)
jvm 1    | 2014-04-25 13:09:09 DEBUG [HC4x-EvictingThread]  org.sonatype.nexus.apachehttpclient.Hc4ProviderImpl$1 - Closing expired connections


But when I add the mapped role Y to my user X. So he has twice the Y roll assigned then the login is successful. It looks like he can not match role Y from the external role mapping to the already assignd roll Y in my realm. 

Does someone know what can be wring? 

with kind regards
Hans Vandenbroeck





Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Authentication failed, users lacks permissions.

Hans Vandenbroeck
After a long day searching I found the problem. The wrong userManager was injected into my AuthorizingRealm. Fixed it by setting the correct interface in the constructor. 

Thanks 
Hans Vandenbroeck


On 25 Apr 2014, at 13:14, Hans Vandenbroeck <[hidden email]> wrote:

Hey

I have created an Authentication plugin for Nexus. I use a clean installed version 2.7.2-03 of Nexus. The plugin is loaded successfully and active in the plugin console. It is also possible to find all te users and roles configured in the realm. The users in this realm are already member of role of that realm.

So user X is member of role Y in this realm. Now I have added an external role mapping for my realm and role Y to with default Nexus Roles: 

Repo: All Repositories (Read)
UI: Base UI Privileges
UI: Repository Browser
UI: Search
Login to UI

In the security settings the realm also is in the Selected Realm column. 

But it is impossible to login with following error in the log:

jvm 1    | header in parseCookies(): {null=[HTTP/1.1 200 OK], Transfer-Encoding=[chunked], Date=[Fri, 25 Apr 2014 11:09:07 GMT], Keep-Alive=[timeout=5, max=97], Connection=[Keep-Alive], Server=[Apache/2.4.2 (Unix) OpenSSL/1.0.0-fips mod_jk/1.2.37]}
jvm 1    | amAuthContext:04/25/2014 01:09:08:473 PM CEST: Thread[qtp767123430-44,5,main]
jvm 1    | LoginStatus : completed
jvm 1    | 2014-04-25 13:09:08 DEBUG [esh-1-thread-17] hans.vandenbroeck org.sonatype.nexus.feeds.record.NexusAuthenticationEventInspector - Successfully authenticated user [hans.vandenbroeck] from IP address 127.0.0.1
jvm 1    | 2014-04-25 13:09:08 DEBUG [esh-1-thread-18] hans.vandenbroeck org.sonatype.nexus.feeds.record.NexusAuthorizationEventInspector - Unable to authorize user [hans.vandenbroeck] for read(HTTP method "GET") to /nexus/service/local/authentication/login from IP Address 127.0.0.1, user agent:"n/a"
jvm 1    | 2014-04-25 13:09:08 DEBUG [qtp767123430-44] hans.vandenbroeck org.sonatype.nexus.security.filter.authc.NexusAuthenticationFilter - Request processing is rejected because user "hans.vandenbroeck" lacks permissions.
jvm 1    | 2014-04-25 13:09:08 DEBUG [qtp767123430-46] hans.vandenbroeck org.sonatype.nexus.web.NexusRestletServlet - Processing: GET /nexus/service/local/authentication/logout?_dc=1398424148524 (http://localhost:8081/nexus/service/local/authentication/logout)
jvm 1    | 2014-04-25 13:09:09 DEBUG [HC4x-EvictingThread]  org.sonatype.nexus.apachehttpclient.Hc4ProviderImpl$1 - Closing expired connections


But when I add the mapped role Y to my user X. So he has twice the Y roll assigned then the login is successful. It looks like he can not match role Y from the external role mapping to the already assignd roll Y in my realm. 

Does someone know what can be wring? 

with kind regards
Hans Vandenbroeck






Loading...