Quantcast
Maven Nexus Maven Repository Manager Nexus Maven Repository Manager Users List

PathProtectionDescriptor filter expression with costum role

classic Classic list List threaded Threaded
10 messages Options
Scalpa01
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

PathProtectionDescriptor filter expression with costum role

Scalpa01
Hi,

I've searched everywhere and cant find an answer to something that seems simple enough.  

I developped a plugin offering numerous rest api.  Everywhere they say to return this instance for the getResourceProtection() :

@Override
public PathProtectionDescriptor getResourceProtection() {
        return new PathProtectionDescriptor(this.getResourceUri(), "anon");
}

Althoe, this makes the service available to everyone.  My goal is to only allow a certain role to have access to my services, and this role is a costum role created by the management team.  The role id is "scm"

Can anyone explain what to put for the filter expression?

Thanks
Brian Demers-2
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Re: PathProtectionDescriptor filter expression with costum role

Brian Demers-2
This would be better suited for the nexus-dev list, but I'll answer here and cc it.

Everything in nexus uses privileges.  Privileges are then added to roles which get assigned to users.

If you look at:

You will see:
return new PathProtectionDescriptor( "/repositories/*/remotebrowser/**", "authcBasic,perms[nexus:browseremote]" );

The permission "nexus:browserremote" is defined in an xml file:

That privilege is also added to a role (for convenience):

On order to plumb the two together you need create a StaticSecurityResource.

Note: If you are creating roles and permissions on the fly, there is an option for that too, but most of the time you do not need to do that.

Does that answer your questions?

On Fri, Nov 4, 2011 at 10:37 AM, Scalpa01 <[hidden email]> wrote:
Hi,

I've searched everywhere and cant find an answer to something that seems
simple enough.

I developped a plugin offering numerous rest api.  Everywhere they say to
return this instance for the getResourceProtection() :

@Override
public PathProtectionDescriptor getResourceProtection() {
       return new PathProtectionDescriptor(this.getResourceUri(), "anon");
}

Althoe, this makes the service available to everyone.  My goal is to only
allow a certain role to have access to my services, and this role is a
costum role created by the management team.  The role id is "scm"

Can anyone explain what to put for the filter expression?

Thanks

--
View this message in context: http://maven.40175.n5.nabble.com/PathProtectionDescriptor-filter-expression-with-costum-role-tp4964283p4964283.html
Sent from the Nexus Maven Repository Manager Users List mailing list archive at Nabble.com.

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]
Scalpa01
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Re: PathProtectionDescriptor filter expression with costum role

Scalpa01
Yes, thanks you, that is what I needed.  But this created another problem, since the API is no more accessible by an anonymous user, how can it be called using an HttpClient?  I was able to call the API before, but now my Default HttpClient does not have the permissions to call it.

I tried a couple of solutions found on the net, but nothing seems to work.  Is their a special way for logging on to a nexus user with HttpClient?

Thanks
Brian Demers-2
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Re: PathProtectionDescriptor filter expression with costum role

Brian Demers-2


On Mon, Nov 7, 2011 at 8:47 AM, Scalpa01 <[hidden email]> wrote:
Yes, thanks you, that is what I needed.  But this created another problem,
since the API is no more accessible by an anonymous user, how can it be
called using an HttpClient?  I was able to call the API before, but now my
Default HttpClient does not have the permissions to call it.

I tried a couple of solutions found on the net, but nothing seems to work.
Is their a special way for logging on to a nexus user with HttpClient?
 

 

Thanks

--
View this message in context: http://maven.40175.n5.nabble.com/PathProtectionDescriptor-filter-expression-with-costum-role-tp4964283p4971159.html
Sent from the Nexus Maven Repository Manager Users List mailing list archive at Nabble.com.

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]
Scalpa01
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Re: PathProtectionDescriptor filter expression with costum role

Scalpa01
Was trying examples that were provided in that page.  I used the org.apache.commons library and could not get it to work.  I tried with the same approach with the org.apache.http and was able to get it to work.  Don’t know why commons wouldn't work.

Thanks for the help
Brian Demers-2
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Re: PathProtectionDescriptor filter expression with costum role

Brian Demers-2
Try with curl to isolate the problem

On Wed, Nov 9, 2011 at 9:53 AM, Scalpa01 <[hidden email]> wrote:
Was trying examples that were provided in that page.  I used the
org.apache.commons library and could not get it to work.  I tried with the
same approach with the org.apache.http and was able to get it to work.
Don’t know why commons wouldn't work.

Thanks for the help

--
View this message in context: http://maven.40175.n5.nabble.com/PathProtectionDescriptor-filter-expression-with-costum-role-tp4964283p4977916.html
Sent from the Nexus Maven Repository Manager Users List mailing list archive at Nabble.com.

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]
Papus
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Re: PathProtectionDescriptor filter expression with costum role

Papus
Hi i am using the preemptive auth that you suggested and i was wondering if it's possible to use the credentials of the user who is currently logged on Nexus for my requests otherwise i need to ask the user for his credentials even when he is already logged on Nexus
Tamás Cservenák
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Re: PathProtectionDescriptor filter expression with costum role

Tamás Cservenák
No, it's not possible right now.
But, you can take your vote:
https://issues.sonatype.org/browse/NEXUS-1842

Thanks,
~t~

On Thu, Apr 26, 2012 at 10:22 PM, Papus
<[hidden email]> wrote:

> Hi i am using the preemptive auth that you suggested and i was wondering if
> it's possible to use the credentials of the user who is currently logged on
> Nexus for my requests otherwise i need to ask the user for his credentials
> even when he is already logged on Nexus
>
> --
> View this message in context: http://maven.40175.n5.nabble.com/PathProtectionDescriptor-filter-expression-with-costum-role-tp4964283p5668548.html
> Sent from the Nexus Maven Repository Manager Users List mailing list archive at Nabble.com.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Papus
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Re: PathProtectionDescriptor filter expression with costum role

Papus
Ok thank you for your response.
Tamás Cservenák
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Re: PathProtectionDescriptor filter expression with costum role

Tamás Cservenák
Naturally, this would not be always possible.

Doing authc delegation would work for example, when Maven fetches
artifact from Nexus, as it's usually supplying authc as BASIC auth.
Also, all the other REST API would be able to work too, whenever the
REST client (UI is a standalone rest client too!) does authc-equipped
requests.

But, there is a thin line, where some parts of the UI still relies on
cookies, and unsure would it be possible to get all the needed info in
that case...

So, the "logged in user" (logged in into UI?) might not work, but for
fetching artifacts it might.

Thanks,
~t~

On Fri, Apr 27, 2012 at 3:01 PM, Papus
<[hidden email]> wrote:

> Ok thank you for your response.
>
> --
> View this message in context: http://maven.40175.n5.nabble.com/PathProtectionDescriptor-filter-expression-with-costum-role-tp4964283p5670214.html
> Sent from the Nexus Maven Repository Manager Users List mailing list archive at Nabble.com.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Loading...
Powered by Nabble Edit this page