Uploaded image for project: 'Nuxeo ECM Build/Test Environment'
  1. Nuxeo ECM Build/Test Environment
  2. NXBT-3074

Fix GitHub OAuth Nexus 3 plugin integration with Nexus tokens

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Open
    • Priority: Critical
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: Package Repositories
    • Team:
      DevTools
    • Sprint:
      DevTools-11, DevTools-12

      Description

      For Nexus 3 authentication, we're using this Nexus3 Github OAuth Plugin:
      https://github.com/larscheid-schmitzhermes/nexus3-github-oauth-plugin

      Problem: it is a community plugin, still active (last commits on Jul 16, 2019) but maybe not in the same usage context.

      The main blocker issue we face is that the plugin breaks all the other token-related plugins: see NXBT-3048, NXBT-3022

      java.lang.ClassNotFoundException: com.larscheidschmitzhermes.nexus3.github.oauth.plugin.GithubPrincipal
      
      
      2019-10-23 10:35:10,194+0000 ERROR [qtp1234224382-10716]  jcarsique org.sonatype.nexus.extdirect.internal.ExtDirectExceptionHandler - Failed to invoke action method: usertoken_UserToken.retrieveCurrent, ja
      va-method: com.sonatype.nexus.usertoken.plugin.internal.ui.UserTokenComponent.retrieveCurrent
      java.lang.RuntimeException: java.lang.ClassNotFoundException: com.larscheidschmitzhermes.nexus3.github.oauth.plugin.GithubPrincipal
              at com.sonatype.nexus.usertoken.plugin.store.orient.UserTokenRecordEntityAdapter.deserialize(UserTokenRecordEntityAdapter.java:228)
              at com.sonatype.nexus.usertoken.plugin.store.orient.UserTokenRecordEntityAdapter.readEntity(UserTokenRecordEntityAdapter.java:122)
              at com.sonatype.nexus.usertoken.plugin.store.orient.UserTokenRecordEntityAdapter.get(UserTokenRecordEntityAdapter.java:200)
              at com.sonatype.nexus.usertoken.plugin.store.orient.OrientUserTokenStore.lambda$3(OrientUserTokenStore.java:103)
              at org.sonatype.nexus.orient.transaction.OrientOperations.lambda$1(OrientOperations.java:55)
              at org.sonatype.nexus.transaction.OperationPoint.proceed(OperationPoint.java:64)
              at org.sonatype.nexus.transaction.TransactionalWrapper.proceedWithTransaction(TransactionalWrapper.java:56)
              at org.sonatype.nexus.transaction.Operations.proceedWithTransaction(Operations.java:220)
              at org.sonatype.nexus.transaction.Operations.transactional(Operations.java:211)
              at org.sonatype.nexus.transaction.Operations.call(Operations.java:157)
              at org.sonatype.nexus.orient.transaction.OrientOperations.call(OrientOperations.java:55)
              at com.sonatype.nexus.usertoken.plugin.store.orient.OrientUserTokenStore.get(OrientUserTokenStore.java:103)
              at org.sonatype.nexus.common.stateguard.MethodInvocationAction.run(MethodInvocationAction.java:39)
              at org.sonatype.nexus.common.stateguard.StateGuard$GuardImpl.run(StateGuard.java:272)
              at org.sonatype.nexus.common.stateguard.GuardedInterceptor.invoke(GuardedInterceptor.java:53)
              at com.sonatype.nexus.usertoken.plugin.internal.UserTokenServiceImpl.doGet(UserTokenServiceImpl.java:295)
              at com.sonatype.nexus.usertoken.plugin.internal.UserTokenServiceImpl.current(UserTokenServiceImpl.java:273)
              at com.sonatype.nexus.usertoken.plugin.UserTokenService$current.call(Unknown Source)
              at com.sonatype.nexus.usertoken.plugin.internal.ui.UserTokenComponent.retrieveCurrent(UserTokenComponent.groovy:151)
              at com.palominolabs.metrics.guice.ExceptionMeteredInterceptor.invoke(ExceptionMeteredInterceptor.java:23)
              at com.palominolabs.metrics.guice.TimedInterceptor.invoke(TimedInterceptor.java:26)
              at org.sonatype.nexus.validation.internal.ValidationInterceptor.invoke(ValidationInterceptor.java:53)
              at org.apache.shiro.guice.aop.AopAllianceMethodInvocationAdapter.proceed(AopAllianceMethodInvocationAdapter.java:49)
              at org.apache.shiro.authz.aop.AuthorizingAnnotationMethodInterceptor.invoke(AuthorizingAnnotationMethodInterceptor.java:68)
              at org.apache.shiro.guice.aop.AopAllianceMethodInterceptorAdapter.invoke(AopAllianceMethodInterceptorAdapter.java:36)
              at org.apache.shiro.guice.aop.AopAllianceMethodInvocationAdapter.proceed(AopAllianceMethodInvocationAdapter.java:49)
              at org.apache.shiro.authz.aop.AuthorizingAnnotationMethodInterceptor.invoke(AuthorizingAnnotationMethodInterceptor.java:68)
              at org.apache.shiro.guice.aop.AopAllianceMethodInterceptorAdapter.invoke(AopAllianceMethodInterceptorAdapter.java:36)
              at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
              at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
              at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
              at java.lang.reflect.Method.invoke(Method.java:498)
              at com.softwarementors.extjs.djn.router.dispatcher.DispatcherBase.invokeJavaMethod(DispatcherBase.java:142)
              at com.softwarementors.extjs.djn.router.dispatcher.DispatcherBase.invokeMethod(DispatcherBase.java:133)
              at org.sonatype.nexus.extdirect.internal.ExtDirectDispatcher.invokeMethod(ExtDirectDispatcher.java:82)
              at com.softwarementors.extjs.djn.router.dispatcher.DispatcherBase.dispatch(DispatcherBase.java:63)
              at com.softwarementors.extjs.djn.router.processor.standard.StandardRequestProcessorBase.dispatchStandardMethod(StandardRequestProcessorBase.java:73)
              at com.softwarementors.extjs.djn.router.processor.standard.json.JsonRequestProcessor.processIndividualRequest(JsonRequestProcessor.java:502)
              at com.softwarementors.extjs.djn.router.processor.standard.json.JsonRequestProcessor.processIndividualRequestsInThisThread(JsonRequestProcessor.java:150)
              at com.softwarementors.extjs.djn.router.processor.standard.json.JsonRequestProcessor.process(JsonRequestProcessor.java:133)
              at com.softwarementors.extjs.djn.router.RequestRouter.processJsonRequest(RequestRouter.java:83)
              at com.softwarementors.extjs.djn.servlet.DirectJNgineServlet.processRequest(DirectJNgineServlet.java:632)
              at com.softwarementors.extjs.djn.servlet.DirectJNgineServlet.doPost(DirectJNgineServlet.java:595)
              at org.sonatype.nexus.extdirect.internal.ExtDirectServlet.doPost(ExtDirectServlet.java:135)
              at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
              at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
      (...)
      Caused by: java.lang.ClassNotFoundException: com.larscheidschmitzhermes.nexus3.github.oauth.plugin.GithubPrincipal
              at java.net.URLClassLoader.findClass(URLClassLoader.java:382)
      (...)
      com.sonatype.nexus.usertoken.plugin.store.orient.UserTokenRecordEntityAdapter.deserialize(UserTokenRecordEntityAdapter.java:224)
              ... 121 common frames omitted

      Also, it is catching the authentication process and not following to the next realms.

      2019-10-23 08:21:30,894+0000 WARN  [qtp1234224382-10528]  *UNKNOWN com.larscheidschmitzhermes.nexus3.github.oauth.plugin.api.GithubApiClient - Authentication failed, status code was 401
      2019-10-23 08:21:30,895+0000 WARN  [qtp1234224382-10528]  *UNKNOWN com.larscheidschmitzhermes.nexus3.github.oauth.plugin.GithubOauthAuthenticatingRealm - Failed authentication
      com.larscheidschmitzhermes.nexus3.github.oauth.plugin.GithubAuthenticationException: Authentication failed.
              at com.larscheidschmitzhermes.nexus3.github.oauth.plugin.api.GithubApiClient.executeGet(GithubApiClient.java:159)
              at com.larscheidschmitzhermes.nexus3.github.oauth.plugin.api.GithubApiClient.getAndSerializeObject(GithubApiClient.java:129)
              at com.larscheidschmitzhermes.nexus3.github.oauth.plugin.api.GithubApiClient.retrieveGithubUser(GithubApiClient.java:96)
              at com.larscheidschmitzhermes.nexus3.github.oauth.plugin.api.GithubApiClient.doAuthz(GithubApiClient.java:85)
              at com.larscheidschmitzhermes.nexus3.github.oauth.plugin.api.GithubApiClient.authz(GithubApiClient.java:78)
              at com.larscheidschmitzhermes.nexus3.github.oauth.plugin.GithubOauthAuthenticatingRealm.doGetAuthenticationInfo(GithubOauthAuthenticatingRealm.java:101)
              at org.apache.shiro.realm.AuthenticatingRealm.getAuthenticationInfo(AuthenticatingRealm.java:568)
              at org.sonatype.nexus.security.authc.FirstSuccessfulModularRealmAuthenticator.doMultiRealmAuthentication(FirstSuccessfulModularRealmAuthenticator.java:49)
              at org.apache.shiro.authc.pam.ModularRealmAuthenticator.doAuthenticate(ModularRealmAuthenticator.java:269)
              at org.apache.shiro.authc.AbstractAuthenticator.authenticate(AbstractAuthenticator.java:198)
              at org.apache.shiro.mgt.AuthenticatingSecurityManager.authenticate(AuthenticatingSecurityManager.java:106)
              at org.sonatype.nexus.repository.npm.internal.security.NpmTokenManager.login(NpmTokenManager.java:55)
              at org.sonatype.nexus.repository.npm.internal.NpmTokenFacetImpl.login(NpmTokenFacetImpl.java:63)
              at org.sonatype.nexus.repository.npm.internal.NpmHandlers$9.handle(NpmHandlers.java:294)
              at org.sonatype.nexus.repository.view.Context.proceed(Context.java:80)
              at org.sonatype.nexus.repository.npm.internal.NpmHandlers$1.handle(NpmHandlers.java:126)
              at org.sonatype.nexus.repository.view.Context.proceed(Context.java:80)
              at org.sonatype.nexus.repository.view.handlers.TimingHandler.handle(TimingHandler.java:46)
              at org.sonatype.nexus.repository.view.Context.proceed(Context.java:80)
              at org.sonatype.nexus.repository.view.Context.start(Context.java:114)
              at org.sonatype.nexus.repository.view.Router.dispatch(Router.java:64)
              at org.sonatype.nexus.repository.view.ConfigurableViewFacet.dispatch(ConfigurableViewFacet.java:52)
              at org.sonatype.nexus.repository.view.ConfigurableViewFacet.dispatch(ConfigurableViewFacet.java:43)
              at org.sonatype.nexus.repository.httpbridge.internal.ViewServlet.dispatchAndSend(ViewServlet.java:212)
              at org.sonatype.nexus.repository.httpbridge.internal.ViewServlet.doService(ViewServlet.java:174)
              at org.sonatype.nexus.repository.httpbridge.internal.ViewServlet.service(ViewServlet.java:126)
              at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
      (...)

      and with Docker:

      2019-10-23 15:43:44,756+0000 DEBUG [qtp1234224382-11060]  *UNKNOWN org.sonatype.nexus.repository.docker.internal.security.DockerTokenRealm - Realm did not find user
      org.sonatype.nexus.security.user.UserNotFoundException: User not found: jcarsique; User-manager not found for realm(s): [com.larscheidschmitzhermes.nexus3.github.oauth.plugin.GithubOauthAuthenticatingRealm]
      	at org.sonatype.nexus.security.UserPrincipalsHelper.getUserStatus(UserPrincipalsHelper.java:65)
      	at org.sonatype.nexus.security.token.BearerTokenRealm.doGetAuthenticationInfo(BearerTokenRealm.java:77)
      	at org.apache.shiro.realm.AuthenticatingRealm.getAuthenticationInfo(AuthenticatingRealm.java:568)
      	at org.sonatype.nexus.security.authc.FirstSuccessfulModularRealmAuthenticator.doMultiRealmAuthentication(FirstSuccessfulModularRealmAuthenticator.java:49)
      	at org.apache.shiro.authc.pam.ModularRealmAuthenticator.doAuthenticate(ModularRealmAuthenticator.java:269)
      (...)
      org.sonatype.nexus.security.SecurityFilter.executeChain(SecurityFilter.java:85)
      (...)
      Caused by: org.sonatype.nexus.security.user.NoSuchUserManagerException: User-manager not found for realm(s): [com.larscheidschmitzhermes.nexus3.github.oauth.plugin.GithubOauthAuthenticatingRealm]
      	at org.sonatype.nexus.security.UserPrincipalsHelper.findUserManager(UserPrincipalsHelper.java:104)
      	at org.sonatype.nexus.security.UserPrincipalsHelper.getUserStatus(UserPrincipalsHelper.java:59)
      	... 81 common frames omitted 

      The plugin must better integrate with Nexus realms and should appear as a source in the user management.

      https://packages.nuxeo.com/#admin/security/realms

      https://packages.nuxeo.com/#admin/security/users

      It should have a summary page displayed under https://packages.nuxeo.com/#admin/security

      At least, it must not break the access to the user tokens:
      https://packages.nuxeo.com/#user/usertoken

       

       

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                jcarsique Julien Carsique
                Reporter:
                jcarsique Julien Carsique
                Participants:
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:

                  PagerDuty

                  Error rendering 'com.pagerduty.jira-server-plugin:PagerDuty'. Please contact your Jira administrators.