Uploaded image for project: 'Nuxeo ECM Build/Test Environment'
  1. Nuxeo ECM Build/Test Environment
  2. NXBT-3074

Fix GitHub OAuth Nexus 3 plugin integration with Nexus tokens

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Open
    • Priority: Critical
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: Package Repositories
    • Team:
      DevTools
    • Sprint:
      DevTools-11, DevTools-12

      Description

      For Nexus 3 authentication, we're using this Nexus3 Github OAuth Plugin:
      https://github.com/larscheid-schmitzhermes/nexus3-github-oauth-plugin

      Problem: it is a community plugin, still active (last commits on Jul 16, 2019) but maybe not in the same usage context.

      The main blocker issue we face is that the plugin breaks all the other token-related plugins: see NXBT-3048, NXBT-3022

      java.lang.ClassNotFoundException: com.larscheidschmitzhermes.nexus3.github.oauth.plugin.GithubPrincipal


2019-10-23 10:35:10,194+0000 ERROR [qtp1234224382-10716]  jcarsique org.sonatype.nexus.extdirect.internal.ExtDirectExceptionHandler - Failed to invoke action method: usertoken_UserToken.retrieveCurrent, ja
va-method: com.sonatype.nexus.usertoken.plugin.internal.ui.UserTokenComponent.retrieveCurrent
java.lang.RuntimeException: java.lang.ClassNotFoundException: com.larscheidschmitzhermes.nexus3.github.oauth.plugin.GithubPrincipal
        at com.sonatype.nexus.usertoken.plugin.store.orient.UserTokenRecordEntityAdapter.deserialize(UserTokenRecordEntityAdapter.java:228)
        at com.sonatype.nexus.usertoken.plugin.store.orient.UserTokenRecordEntityAdapter.readEntity(UserTokenRecordEntityAdapter.java:122)
        at com.sonatype.nexus.usertoken.plugin.store.orient.UserTokenRecordEntityAdapter.get(UserTokenRecordEntityAdapter.java:200)
        at com.sonatype.nexus.usertoken.plugin.store.orient.OrientUserTokenStore.lambda$3(OrientUserTokenStore.java:103)
        at org.sonatype.nexus.orient.transaction.OrientOperations.lambda$1(OrientOperations.java:55)
        at org.sonatype.nexus.transaction.OperationPoint.proceed(OperationPoint.java:64)
        at org.sonatype.nexus.transaction.TransactionalWrapper.proceedWithTransaction(TransactionalWrapper.java:56)
        at org.sonatype.nexus.transaction.Operations.proceedWithTransaction(Operations.java:220)
        at org.sonatype.nexus.transaction.Operations.transactional(Operations.java:211)
        at org.sonatype.nexus.transaction.Operations.call(Operations.java:157)
        at org.sonatype.nexus.orient.transaction.OrientOperations.call(OrientOperations.java:55)
        at com.sonatype.nexus.usertoken.plugin.store.orient.OrientUserTokenStore.get(OrientUserTokenStore.java:103)
        at org.sonatype.nexus.common.stateguard.MethodInvocationAction.run(MethodInvocationAction.java:39)
        at org.sonatype.nexus.common.stateguard.StateGuard$GuardImpl.run(StateGuard.java:272)
        at org.sonatype.nexus.common.stateguard.GuardedInterceptor.invoke(GuardedInterceptor.java:53)
        at com.sonatype.nexus.usertoken.plugin.internal.UserTokenServiceImpl.doGet(UserTokenServiceImpl.java:295)
        at com.sonatype.nexus.usertoken.plugin.internal.UserTokenServiceImpl.current(UserTokenServiceImpl.java:273)
        at com.sonatype.nexus.usertoken.plugin.UserTokenService$current.call(Unknown Source)
        at com.sonatype.nexus.usertoken.plugin.internal.ui.UserTokenComponent.retrieveCurrent(UserTokenComponent.groovy:151)
        at com.palominolabs.metrics.guice.ExceptionMeteredInterceptor.invoke(ExceptionMeteredInterceptor.java:23)
        at com.palominolabs.metrics.guice.TimedInterceptor.invoke(TimedInterceptor.java:26)
        at org.sonatype.nexus.validation.internal.ValidationInterceptor.invoke(ValidationInterceptor.java:53)
        at org.apache.shiro.guice.aop.AopAllianceMethodInvocationAdapter.proceed(AopAllianceMethodInvocationAdapter.java:49)
        at org.apache.shiro.authz.aop.AuthorizingAnnotationMethodInterceptor.invoke(AuthorizingAnnotationMethodInterceptor.java:68)
        at org.apache.shiro.guice.aop.AopAllianceMethodInterceptorAdapter.invoke(AopAllianceMethodInterceptorAdapter.java:36)
        at org.apache.shiro.guice.aop.AopAllianceMethodInvocationAdapter.proceed(AopAllianceMethodInvocationAdapter.java:49)
        at org.apache.shiro.authz.aop.AuthorizingAnnotationMethodInterceptor.invoke(AuthorizingAnnotationMethodInterceptor.java:68)
        at org.apache.shiro.guice.aop.AopAllianceMethodInterceptorAdapter.invoke(AopAllianceMethodInterceptorAdapter.java:36)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at com.softwarementors.extjs.djn.router.dispatcher.DispatcherBase.invokeJavaMethod(DispatcherBase.java:142)
        at com.softwarementors.extjs.djn.router.dispatcher.DispatcherBase.invokeMethod(DispatcherBase.java:133)
        at org.sonatype.nexus.extdirect.internal.ExtDirectDispatcher.invokeMethod(ExtDirectDispatcher.java:82)
        at com.softwarementors.extjs.djn.router.dispatcher.DispatcherBase.dispatch(DispatcherBase.java:63)
        at com.softwarementors.extjs.djn.router.processor.standard.StandardRequestProcessorBase.dispatchStandardMethod(StandardRequestProcessorBase.java:73)
        at com.softwarementors.extjs.djn.router.processor.standard.json.JsonRequestProcessor.processIndividualRequest(JsonRequestProcessor.java:502)
        at com.softwarementors.extjs.djn.router.processor.standard.json.JsonRequestProcessor.processIndividualRequestsInThisThread(JsonRequestProcessor.java:150)
        at com.softwarementors.extjs.djn.router.processor.standard.json.JsonRequestProcessor.process(JsonRequestProcessor.java:133)
        at com.softwarementors.extjs.djn.router.RequestRouter.processJsonRequest(RequestRouter.java:83)
        at com.softwarementors.extjs.djn.servlet.DirectJNgineServlet.processRequest(DirectJNgineServlet.java:632)
        at com.softwarementors.extjs.djn.servlet.DirectJNgineServlet.doPost(DirectJNgineServlet.java:595)
        at org.sonatype.nexus.extdirect.internal.ExtDirectServlet.doPost(ExtDirectServlet.java:135)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
(...)
Caused by: java.lang.ClassNotFoundException: com.larscheidschmitzhermes.nexus3.github.oauth.plugin.GithubPrincipal
        at java.net.URLClassLoader.findClass(URLClassLoader.java:382)
(...)
com.sonatype.nexus.usertoken.plugin.store.orient.UserTokenRecordEntityAdapter.deserialize(UserTokenRecordEntityAdapter.java:224)
        ... 121 common frames omitted

      Also, it is catching the authentication process and not following to the next realms.

      2019-10-23 08:21:30,894+0000 WARN  [qtp1234224382-10528]  *UNKNOWN com.larscheidschmitzhermes.nexus3.github.oauth.plugin.api.GithubApiClient - Authentication failed, status code was 401
2019-10-23 08:21:30,895+0000 WARN  [qtp1234224382-10528]  *UNKNOWN com.larscheidschmitzhermes.nexus3.github.oauth.plugin.GithubOauthAuthenticatingRealm - Failed authentication
com.larscheidschmitzhermes.nexus3.github.oauth.plugin.GithubAuthenticationException: Authentication failed.
        at com.larscheidschmitzhermes.nexus3.github.oauth.plugin.api.GithubApiClient.executeGet(GithubApiClient.java:159)
        at com.larscheidschmitzhermes.nexus3.github.oauth.plugin.api.GithubApiClient.getAndSerializeObject(GithubApiClient.java:129)
        at com.larscheidschmitzhermes.nexus3.github.oauth.plugin.api.GithubApiClient.retrieveGithubUser(GithubApiClient.java:96)
        at com.larscheidschmitzhermes.nexus3.github.oauth.plugin.api.GithubApiClient.doAuthz(GithubApiClient.java:85)
        at com.larscheidschmitzhermes.nexus3.github.oauth.plugin.api.GithubApiClient.authz(GithubApiClient.java:78)
        at com.larscheidschmitzhermes.nexus3.github.oauth.plugin.GithubOauthAuthenticatingRealm.doGetAuthenticationInfo(GithubOauthAuthenticatingRealm.java:101)
        at org.apache.shiro.realm.AuthenticatingRealm.getAuthenticationInfo(AuthenticatingRealm.java:568)
        at org.sonatype.nexus.security.authc.FirstSuccessfulModularRealmAuthenticator.doMultiRealmAuthentication(FirstSuccessfulModularRealmAuthenticator.java:49)
        at org.apache.shiro.authc.pam.ModularRealmAuthenticator.doAuthenticate(ModularRealmAuthenticator.java:269)
        at org.apache.shiro.authc.AbstractAuthenticator.authenticate(AbstractAuthenticator.java:198)
        at org.apache.shiro.mgt.AuthenticatingSecurityManager.authenticate(AuthenticatingSecurityManager.java:106)
        at org.sonatype.nexus.repository.npm.internal.security.NpmTokenManager.login(NpmTokenManager.java:55)
        at org.sonatype.nexus.repository.npm.internal.NpmTokenFacetImpl.login(NpmTokenFacetImpl.java:63)
        at org.sonatype.nexus.repository.npm.internal.NpmHandlers$9.handle(NpmHandlers.java:294)
        at org.sonatype.nexus.repository.view.Context.proceed(Context.java:80)
        at org.sonatype.nexus.repository.npm.internal.NpmHandlers$1.handle(NpmHandlers.java:126)
        at org.sonatype.nexus.repository.view.Context.proceed(Context.java:80)
        at org.sonatype.nexus.repository.view.handlers.TimingHandler.handle(TimingHandler.java:46)
        at org.sonatype.nexus.repository.view.Context.proceed(Context.java:80)
        at org.sonatype.nexus.repository.view.Context.start(Context.java:114)
        at org.sonatype.nexus.repository.view.Router.dispatch(Router.java:64)
        at org.sonatype.nexus.repository.view.ConfigurableViewFacet.dispatch(ConfigurableViewFacet.java:52)
        at org.sonatype.nexus.repository.view.ConfigurableViewFacet.dispatch(ConfigurableViewFacet.java:43)
        at org.sonatype.nexus.repository.httpbridge.internal.ViewServlet.dispatchAndSend(ViewServlet.java:212)
        at org.sonatype.nexus.repository.httpbridge.internal.ViewServlet.doService(ViewServlet.java:174)
        at org.sonatype.nexus.repository.httpbridge.internal.ViewServlet.service(ViewServlet.java:126)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
(...)

      and with Docker:

      2019-10-23 15:43:44,756+0000 DEBUG [qtp1234224382-11060]  *UNKNOWN org.sonatype.nexus.repository.docker.internal.security.DockerTokenRealm - Realm did not find user
org.sonatype.nexus.security.user.UserNotFoundException: User not found: jcarsique; User-manager not found for realm(s): [com.larscheidschmitzhermes.nexus3.github.oauth.plugin.GithubOauthAuthenticatingRealm]
	at org.sonatype.nexus.security.UserPrincipalsHelper.getUserStatus(UserPrincipalsHelper.java:65)
	at org.sonatype.nexus.security.token.BearerTokenRealm.doGetAuthenticationInfo(BearerTokenRealm.java:77)
	at org.apache.shiro.realm.AuthenticatingRealm.getAuthenticationInfo(AuthenticatingRealm.java:568)
	at org.sonatype.nexus.security.authc.FirstSuccessfulModularRealmAuthenticator.doMultiRealmAuthentication(FirstSuccessfulModularRealmAuthenticator.java:49)
	at org.apache.shiro.authc.pam.ModularRealmAuthenticator.doAuthenticate(ModularRealmAuthenticator.java:269)
(...)
org.sonatype.nexus.security.SecurityFilter.executeChain(SecurityFilter.java:85)
(...)
Caused by: org.sonatype.nexus.security.user.NoSuchUserManagerException: User-manager not found for realm(s): [com.larscheidschmitzhermes.nexus3.github.oauth.plugin.GithubOauthAuthenticatingRealm]
	at org.sonatype.nexus.security.UserPrincipalsHelper.findUserManager(UserPrincipalsHelper.java:104)
	at org.sonatype.nexus.security.UserPrincipalsHelper.getUserStatus(UserPrincipalsHelper.java:59)
	... 81 common frames omitted

      The plugin must better integrate with Nexus realms and should appear as a source in the user management.

      https://packages.nuxeo.com/#admin/security/realms

      https://packages.nuxeo.com/#admin/security/users

      It should have a summary page displayed under https://packages.nuxeo.com/#admin/security

      At least, it must not break the access to the user tokens:
      https://packages.nuxeo.com/#user/usertoken

       

       

        Attachments

          Issue Links

          is required by

          Bug - A problem which impairs or prevents the functions of the product. NXBT-3048 Allow Nuxeo developer pushing to the central Docker registry

          • Critical - Crashes, loss of data, severe memory leak.
          • Resolved

          Bug - A problem which impairs or prevents the functions of the product. NXBT-3022 Fix npm publish to packages.nuxeo.com

          • Major - Major loss of function.
          • Resolved
          links to

          Web Link Cannot log in with npm #24

          mentioned in

          Page Loading...

            Activity

              People

              • Assignee:
                jcarsique Julien Carsique
                Reporter:
                jcarsique Julien Carsique
                Participants:
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated: