org.apache.shiro.authz.AuthorizationException: User is not permitted: nexus:privileges:read

Sonatype JIRA | Joe Tom | 1 year ago
  1. 0

    While running through security, I noticed that if you have just Roles permission, you get a warning that you cannot read privilges. While this is true, it is not necessary to create a role. Similarly, I think the placement of the warning is confusing. You get the warning before you enter the place where the fact you cannot read potentially matters (drilling down into/creating the role). Note, that the users page has a similar issue when it comes to listing roles however that page CANNOT be used without, so there is no ticket for that. The combination of the ability for it to be used and confusing warning are causing me to file. See attached screen, let me know if unclear. I had debug off during this test. No errors appeared in the js console. Below appeared in the nexus.log. I did not check older NX3 or NX2 at this time. {quote} 2015-09-17 11:58:47,887-0400 ERROR [pool-6-thread-10] joedragons org.sonatype.nexus.extdirect.internal.ExtDirectServlet - Failed to invoke action method: coreui_Privilege.read, java-method: org.sonatype.nexus.coreui.PrivilegeComponent.read org.apache.shiro.authz.AuthorizationException: User is not permitted: nexus:privileges:read at org.sonatype.nexus.security.authz.ExceptionCatchingModularRealmAuthorizer.checkPermission(ExceptionCatchingModularRealmAuthorizer.java:66) [na:na] at org.apache.shiro.mgt.AuthorizingSecurityManager.checkPermission(AuthorizingSecurityManager.java:137) [na:na] at org.apache.shiro.subject.support.DelegatingSubject.checkPermission(DelegatingSubject.java:205) [org.apache.shiro.core:1.2.4] at org.apache.shiro.authz.aop.PermissionAnnotationHandler.assertAuthorized(PermissionAnnotationHandler.java:74) [na:na] at org.apache.shiro.authz.aop.AuthorizingAnnotationMethodInterceptor.assertAuthorized(AuthorizingAnnotationMethodInterceptor.java:84) [na:na] at org.apache.shiro.authz.aop.AuthorizingAnnotationMethodInterceptor.invoke(AuthorizingAnnotationMethodInterceptor.java:67) [na:na] at org.apache.shiro.guice.aop.AopAllianceMethodInterceptorAdapter.invoke(AopAllianceMethodInterceptorAdapter.java:36) [na:na] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [na:1.8.0_40] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) [na:1.8.0_40] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [na:1.8.0_40] at java.lang.reflect.Method.invoke(Method.java:497) [na:1.8.0_40] at com.softwarementors.extjs.djn.router.dispatcher.DispatcherBase.invokeJavaMethod(DispatcherBase.java:142) [org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.SNAPSHOT] at com.softwarementors.extjs.djn.router.dispatcher.DispatcherBase.invokeMethod(DispatcherBase.java:133) [org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.SNAPSHOT] at org.sonatype.nexus.extdirect.internal.ExtDirectServlet$3.invokeMethod(ExtDirectServlet.java:201) [org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.SNAPSHOT] at com.softwarementors.extjs.djn.router.dispatcher.DispatcherBase.dispatch(DispatcherBase.java:63) [org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.SNAPSHOT] at com.softwarementors.extjs.djn.router.processor.standard.StandardRequestProcessorBase.dispatchStandardMethod(StandardRequestProcessorBase.java:73) [org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.SNAPSHOT] at com.softwarementors.extjs.djn.router.processor.standard.json.JsonRequestProcessor.processIndividualRequest(JsonRequestProcessor.java:502) [org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.SNAPSHOT] at com.softwarementors.extjs.djn.router.processor.standard.json.DefaultJsonRequestProcessorThread.processRequest(DefaultJsonRequestProcessorThread.java:72) [org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.SNAPSHOT] at com.softwarementors.extjs.djn.servlet.ssm.SsmJsonRequestProcessorThread.processRequest(SsmJsonRequestProcessorThread.java:43) [org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.SNAPSHOT] at org.sonatype.nexus.extdirect.internal.ExtDirectJsonRequestProcessorThread.access$1(ExtDirectJsonRequestProcessorThread.java:1) [org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.SNAPSHOT] at org.sonatype.nexus.extdirect.internal.ExtDirectJsonRequestProcessorThread$1.call(ExtDirectJsonRequestProcessorThread.java:59) [org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.SNAPSHOT] at org.sonatype.nexus.extdirect.internal.ExtDirectJsonRequestProcessorThread$1.call(ExtDirectJsonRequestProcessorThread.java:1) [org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.SNAPSHOT] at com.google.inject.servlet.GuiceFilter$Context.call(GuiceFilter.java:203) [com.google.inject:4.0.0] at com.google.inject.servlet.ServletScopes$3.call(ServletScopes.java:232) [com.google.inject:4.0.0] at org.sonatype.nexus.extdirect.internal.ExtDirectJsonRequestProcessorThread.processRequest(ExtDirectJsonRequestProcessorThread.java:73) [org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.SNAPSHOT] at com.softwarementors.extjs.djn.router.processor.standard.json.DefaultJsonRequestProcessorThread.call(DefaultJsonRequestProcessorThread.java:56) [org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.SNAPSHOT] at com.softwarementors.extjs.djn.router.processor.standard.json.DefaultJsonRequestProcessorThread.call(DefaultJsonRequestProcessorThread.java:30) [org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.SNAPSHOT] at java.util.concurrent.FutureTask.run(FutureTask.java:266) [na:1.8.0_40] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [na:1.8.0_40] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [na:1.8.0_40] at java.lang.Thread.run(Thread.java:745) [na:1.8.0_40] Caused by: org.apache.shiro.authz.AuthorizationException: Not authorized to invoke method: public java.util.List org.sonatype.nexus.coreui.PrivilegeComponent.read() at org.apache.shiro.authz.aop.AuthorizingAnnotationMethodInterceptor.assertAuthorized(AuthorizingAnnotationMethodInterceptor.java:90) [na:na] ... 26 common frames omitted {quote}

    Sonatype JIRA | 1 year ago | Joe Tom
    org.apache.shiro.authz.AuthorizationException: User is not permitted: nexus:privileges:read
  2. 0

    I granted a user a role with the nx-repository-admin-*-*-* privilege and noticed when I accessed repository (in pro) that I got a warning about healthcheck. Results do appear and the healthcheck column is hidden/missing, so it seems this warning is not necessary. Error also appears in nexus.log: {code} 2016-06-20 16:01:56,924-0400 ERROR [pool-139-thread-12] joedragons org.sonatype.nexus.extdirect.internal.ExtDirectServlet - Failed to invoke action method: healthcheck_Status.read, java-method: com.sonatype.nexus.plugins.healthcheck.ui.HealthCheckStatusComponent.read org.apache.shiro.authz.AuthorizationException: User is not permitted: nexus:healthcheck:read at org.sonatype.nexus.security.authz.ExceptionCatchingModularRealmAuthorizer.checkPermission(ExceptionCatchingModularRealmAuthorizer.java:66) [na:na] at org.apache.shiro.mgt.AuthorizingSecurityManager.checkPermission(AuthorizingSecurityManager.java:137) [na:na] at org.apache.shiro.subject.support.DelegatingSubject.checkPermission(DelegatingSubject.java:205) [org.apache.shiro.core:1.2.4] at org.apache.shiro.authz.aop.PermissionAnnotationHandler.assertAuthorized(PermissionAnnotationHandler.java:74) [na:na] at org.apache.shiro.authz.aop.AuthorizingAnnotationMethodInterceptor.assertAuthorized(AuthorizingAnnotationMethodInterceptor.java:84) [na:na] at org.apache.shiro.authz.aop.AuthorizingAnnotationMethodInterceptor.invoke(AuthorizingAnnotationMethodInterceptor.java:67) [na:na] at org.apache.shiro.guice.aop.AopAllianceMethodInterceptorAdapter.invoke(AopAllianceMethodInterceptorAdapter.java:36) [na:na] at sun.reflect.GeneratedMethodAccessor614.invoke(Unknown Source) [na:na] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [na:1.8.0_40] at java.lang.reflect.Method.invoke(Method.java:497) [na:1.8.0_40] at com.softwarementors.extjs.djn.router.dispatcher.DispatcherBase.invokeJavaMethod(DispatcherBase.java:142) [org.sonatype.nexus.extdirect:3.1.0.SNAPSHOT] at com.softwarementors.extjs.djn.router.dispatcher.DispatcherBase.invokeMethod(DispatcherBase.java:133) [org.sonatype.nexus.extdirect:3.1.0.SNAPSHOT] at org.sonatype.nexus.extdirect.internal.ExtDirectServlet$3.invokeMethod(ExtDirectServlet.java:221) [org.sonatype.nexus.extdirect:3.1.0.SNAPSHOT] at com.softwarementors.extjs.djn.router.dispatcher.DispatcherBase.dispatch(DispatcherBase.java:63) [org.sonatype.nexus.extdirect:3.1.0.SNAPSHOT] at com.softwarementors.extjs.djn.router.processor.standard.StandardRequestProcessorBase.dispatchStandardMethod(StandardRequestProcessorBase.java:73) [org.sonatype.nexus.extdirect:3.1.0.SNAPSHOT] at com.softwarementors.extjs.djn.router.processor.standard.json.JsonRequestProcessor.processIndividualRequest(JsonRequestProcessor.java:502) [org.sonatype.nexus.extdirect:3.1.0.SNAPSHOT] at com.softwarementors.extjs.djn.router.processor.standard.json.DefaultJsonRequestProcessorThread.processRequest(DefaultJsonRequestProcessorThread.java:72) [org.sonatype.nexus.extdirect:3.1.0.SNAPSHOT] at com.softwarementors.extjs.djn.servlet.ssm.SsmJsonRequestProcessorThread.processRequest(SsmJsonRequestProcessorThread.java:43) [org.sonatype.nexus.extdirect:3.1.0.SNAPSHOT] at org.sonatype.nexus.extdirect.internal.ExtDirectJsonRequestProcessorThread.access$1(ExtDirectJsonRequestProcessorThread.java:1) [org.sonatype.nexus.extdirect:3.1.0.SNAPSHOT] at org.sonatype.nexus.extdirect.internal.ExtDirectJsonRequestProcessorThread$1.call(ExtDirectJsonRequestProcessorThread.java:59) [org.sonatype.nexus.extdirect:3.1.0.SNAPSHOT] at org.sonatype.nexus.extdirect.internal.ExtDirectJsonRequestProcessorThread$1.call(ExtDirectJsonRequestProcessorThread.java:1) [org.sonatype.nexus.extdirect:3.1.0.SNAPSHOT] at com.google.inject.servlet.GuiceFilter$Context.call(GuiceFilter.java:203) [com.google.inject:4.0.0] at com.google.inject.servlet.ServletScopes$3.call(ServletScopes.java:232) [com.google.inject:4.0.0] at org.sonatype.nexus.extdirect.internal.ExtDirectJsonRequestProcessorThread.processRequest(ExtDirectJsonRequestProcessorThread.java:73) [org.sonatype.nexus.extdirect:3.1.0.SNAPSHOT] at com.softwarementors.extjs.djn.router.processor.standard.json.DefaultJsonRequestProcessorThread.call(DefaultJsonRequestProcessorThread.java:56) [org.sonatype.nexus.extdirect:3.1.0.SNAPSHOT] at com.softwarementors.extjs.djn.router.processor.standard.json.DefaultJsonRequestProcessorThread.call(DefaultJsonRequestProcessorThread.java:30) [org.sonatype.nexus.extdirect:3.1.0.SNAPSHOT] at java.util.concurrent.FutureTask.run(FutureTask.java:266) [na:1.8.0_40] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [na:1.8.0_40] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [na:1.8.0_40] at java.lang.Thread.run(Thread.java:745) [na:1.8.0_40] Caused by: org.apache.shiro.authz.AuthorizationException: Not authorized to invoke method: public java.util.List com.sonatype.nexus.plugins.healthcheck.ui.HealthCheckStatusComponent.read() at org.apache.shiro.authz.aop.AuthorizingAnnotationMethodInterceptor.assertAuthorized(AuthorizingAnnotationMethodInterceptor.java:90) [na:na] ... 25 common frames omitted {code} Filing for triage discussion as there may be a reason this occurs (like we want users to know there are things they can't see?). If this is intentional, that error level seems high to me. I did not backcheck older NX3, mostly because 3.1 will be the first version we support PRO and OSS is not affected. I didn't check NX2 either.

    Sonatype JIRA | 7 months ago | Joe Tom
    org.apache.shiro.authz.AuthorizationException: User is not permitted: nexus:healthcheck:read
  3. 0

    I made myself a role with nx-repository-admin-* and assigned to a user and when I logged in and navigated to repository admin, I got the attached error as well as the below from nexus.log. I am suspect this is because I didn't have healthcheck privileges (as it says) and I know we want people to use healthcheck but I am skeptical we want them to use it so bad we throw errors down their throats. This seemed familiar but I only saw one issue with this error and it was regarding anonymous access. I didn't check NX2 at this time. I checked also against NX3.1 and this is not recent regression. Nexus.log snip: {code} 2016-12-07 10:50:36,581-0500 ERROR [pool-41-thread-14] joedragons org.sonatype.nexus.extdirect.internal.ExtDirectServlet - Failed to invoke action method: healthcheck_Status.read, java-method: com.sonatype.nexus.plugins.healthcheck.ui.HealthCheckStatusComponent.read org.apache.shiro.authz.AuthorizationException: User is not permitted: nexus:healthcheck:read at org.sonatype.nexus.security.authz.ExceptionCatchingModularRealmAuthorizer.checkPermission(ExceptionCatchingModularRealmAuthorizer.java:66) [na:na] at org.apache.shiro.mgt.AuthorizingSecurityManager.checkPermission(AuthorizingSecurityManager.java:137) [na:na] at org.apache.shiro.subject.support.DelegatingSubject.checkPermission(DelegatingSubject.java:205) [org.apache.shiro.core:1.3.2] at org.apache.shiro.authz.aop.PermissionAnnotationHandler.assertAuthorized(PermissionAnnotationHandler.java:74) [na:na] at org.apache.shiro.authz.aop.AuthorizingAnnotationMethodInterceptor.assertAuthorized(AuthorizingAnnotationMethodInterceptor.java:84) [na:na] at org.apache.shiro.authz.aop.AuthorizingAnnotationMethodInterceptor.invoke(AuthorizingAnnotationMethodInterceptor.java:67) [na:na] at org.apache.shiro.guice.aop.AopAllianceMethodInterceptorAdapter.invoke(AopAllianceMethodInterceptorAdapter.java:36) [na:na] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [na:1.8.0_102] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) [na:1.8.0_102] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [na:1.8.0_102] at java.lang.reflect.Method.invoke(Method.java:498) [na:1.8.0_102] at com.softwarementors.extjs.djn.router.dispatcher.DispatcherBase.invokeJavaMethod(DispatcherBase.java:142) [org.sonatype.nexus.extdirect:3.1.0.04] at com.softwarementors.extjs.djn.router.dispatcher.DispatcherBase.invokeMethod(DispatcherBase.java:133) [org.sonatype.nexus.extdirect:3.1.0.04] at org.sonatype.nexus.extdirect.internal.ExtDirectServlet$3.invokeMethod(ExtDirectServlet.java:221) [org.sonatype.nexus.extdirect:3.1.0.04] at com.softwarementors.extjs.djn.router.dispatcher.DispatcherBase.dispatch(DispatcherBase.java:63) [org.sonatype.nexus.extdirect:3.1.0.04] at com.softwarementors.extjs.djn.router.processor.standard.StandardRequestProcessorBase.dispatchStandardMethod(StandardRequestProcessorBase.java:73) [org.sonatype.nexus.extdirect:3.1.0.04] at com.softwarementors.extjs.djn.router.processor.standard.json.JsonRequestProcessor.processIndividualRequest(JsonRequestProcessor.java:502) [org.sonatype.nexus.extdirect:3.1.0.04] at com.softwarementors.extjs.djn.router.processor.standard.json.DefaultJsonRequestProcessorThread.processRequest(DefaultJsonRequestProcessorThread.java:72) [org.sonatype.nexus.extdirect:3.1.0.04] at com.softwarementors.extjs.djn.servlet.ssm.SsmJsonRequestProcessorThread.processRequest(SsmJsonRequestProcessorThread.java:43) [org.sonatype.nexus.extdirect:3.1.0.04] at org.sonatype.nexus.extdirect.internal.ExtDirectJsonRequestProcessorThread.access$1(ExtDirectJsonRequestProcessorThread.java:1) [org.sonatype.nexus.extdirect:3.1.0.04] at org.sonatype.nexus.extdirect.internal.ExtDirectJsonRequestProcessorThread$1.call(ExtDirectJsonRequestProcessorThread.java:61) [org.sonatype.nexus.extdirect:3.1.0.04] at org.sonatype.nexus.extdirect.internal.ExtDirectJsonRequestProcessorThread$1.call(ExtDirectJsonRequestProcessorThread.java:1) [org.sonatype.nexus.extdirect:3.1.0.04] at com.google.inject.servlet.GuiceFilter$Context.call(GuiceFilter.java:203) [com.google.inject:4.0.0] at com.google.inject.servlet.ServletScopes$4.call(ServletScopes.java:274) [com.google.inject:4.0.0] at org.sonatype.nexus.extdirect.internal.ExtDirectJsonRequestProcessorThread.processRequest(ExtDirectJsonRequestProcessorThread.java:75) [org.sonatype.nexus.extdirect:3.1.0.04] at com.softwarementors.extjs.djn.router.processor.standard.json.DefaultJsonRequestProcessorThread.call(DefaultJsonRequestProcessorThread.java:56) [org.sonatype.nexus.extdirect:3.1.0.04] at com.softwarementors.extjs.djn.router.processor.standard.json.DefaultJsonRequestProcessorThread.call(DefaultJsonRequestProcessorThread.java:30) [org.sonatype.nexus.extdirect:3.1.0.04] at java.util.concurrent.FutureTask.run(FutureTask.java:266) [na:1.8.0_102] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [na:1.8.0_102] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [na:1.8.0_102] at java.lang.Thread.run(Thread.java:745) [na:1.8.0_102] Caused by: org.apache.shiro.authz.AuthorizationException: Not authorized to invoke method: public java.util.List com.sonatype.nexus.plugins.healthcheck.ui.HealthCheckStatusComponent.read() at org.apache.shiro.authz.aop.AuthorizingAnnotationMethodInterceptor.assertAuthorized(AuthorizingAnnotationMethodInterceptor.java:90) [na:na] ... 26 common frames omitted 2016-12-07 10:50:36,583-0500 ERROR [pool-41-thread-2] joedragons org.sonatype.nexus.extdirect.internal.ExtDirectServlet - Failed to invoke action method: healthcheck_Status.read, java-method: com.sonatype.nexus.plugins.healthcheck.ui.HealthCheckStatusComponent.read org.apache.shiro.authz.AuthorizationException: User is not permitted: nexus:healthcheck:read at org.sonatype.nexus.security.authz.ExceptionCatchingModularRealmAuthorizer.checkPermission(ExceptionCatchingModularRealmAuthorizer.java:66) [na:na] at org.apache.shiro.mgt.AuthorizingSecurityManager.checkPermission(AuthorizingSecurityManager.java:137) [na:na] at org.apache.shiro.subject.support.DelegatingSubject.checkPermission(DelegatingSubject.java:205) [org.apache.shiro.core:1.3.2] at org.apache.shiro.authz.aop.PermissionAnnotationHandler.assertAuthorized(PermissionAnnotationHandler.java:74) [na:na] at org.apache.shiro.authz.aop.AuthorizingAnnotationMethodInterceptor.assertAuthorized(AuthorizingAnnotationMethodInterceptor.java:84) [na:na] at org.apache.shiro.authz.aop.AuthorizingAnnotationMethodInterceptor.invoke(AuthorizingAnnotationMethodInterceptor.java:67) [na:na] at org.apache.shiro.guice.aop.AopAllianceMethodInterceptorAdapter.invoke(AopAllianceMethodInterceptorAdapter.java:36) [na:na] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [na:1.8.0_102] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) [na:1.8.0_102] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [na:1.8.0_102] at java.lang.reflect.Method.invoke(Method.java:498) [na:1.8.0_102] at com.softwarementors.extjs.djn.router.dispatcher.DispatcherBase.invokeJavaMethod(DispatcherBase.java:142) [org.sonatype.nexus.extdirect:3.1.0.04] at com.softwarementors.extjs.djn.router.dispatcher.DispatcherBase.invokeMethod(DispatcherBase.java:133) [org.sonatype.nexus.extdirect:3.1.0.04] at org.sonatype.nexus.extdirect.internal.ExtDirectServlet$3.invokeMethod(ExtDirectServlet.java:221) [org.sonatype.nexus.extdirect:3.1.0.04] at com.softwarementors.extjs.djn.router.dispatcher.DispatcherBase.dispatch(DispatcherBase.java:63) [org.sonatype.nexus.extdirect:3.1.0.04] at com.softwarementors.extjs.djn.router.processor.standard.StandardRequestProcessorBase.dispatchStandardMethod(StandardRequestProcessorBase.java:73) [org.sonatype.nexus.extdirect:3.1.0.04] at com.softwarementors.extjs.djn.router.processor.standard.json.JsonRequestProcessor.processIndividualRequest(JsonRequestProcessor.java:502) [org.sonatype.nexus.extdirect:3.1.0.04] at com.softwarementors.extjs.djn.router.processor.standard.json.DefaultJsonRequestProcessorThread.processRequest(DefaultJsonRequestProcessorThread.java:72) [org.sonatype.nexus.extdirect:3.1.0.04] at com.softwarementors.extjs.djn.servlet.ssm.SsmJsonRequestProcessorThread.processRequest(SsmJsonRequestProcessorThread.java:43) [org.sonatype.nexus.extdirect:3.1.0.04] at org.sonatype.nexus.extdirect.internal.ExtDirectJsonRequestProcessorThread.access$1(ExtDirectJsonRequestProcessorThread.java:1) [org.sonatype.nexus.extdirect:3.1.0.04] at org.sonatype.nexus.extdirect.internal.ExtDirectJsonRequestProcessorThread$1.call(ExtDirectJsonRequestProcessorThread.java:61) [org.sonatype.nexus.extdirect:3.1.0.04] at org.sonatype.nexus.extdirect.internal.ExtDirectJsonRequestProcessorThread$1.call(ExtDirectJsonRequestProcessorThread.java:1) [org.sonatype.nexus.extdirect:3.1.0.04] at com.google.inject.servlet.GuiceFilter$Context.call(GuiceFilter.java:203) [com.google.inject:4.0.0] at com.google.inject.servlet.ServletScopes$4.call(ServletScopes.java:274) [com.google.inject:4.0.0] at org.sonatype.nexus.extdirect.internal.ExtDirectJsonRequestProcessorThread.processRequest(ExtDirectJsonRequestProcessorThread.java:75) [org.sonatype.nexus.extdirect:3.1.0.04] at com.softwarementors.extjs.djn.router.processor.standard.json.DefaultJsonRequestProcessorThread.call(DefaultJsonRequestProcessorThread.java:56) [org.sonatype.nexus.extdirect:3.1.0.04] at com.softwarementors.extjs.djn.router.processor.standard.json.DefaultJsonRequestProcessorThread.call(DefaultJsonRequestProcessorThread.java:30) [org.sonatype.nexus.extdirect:3.1.0.04] at java.util.concurrent.FutureTask.run(FutureTask.java:266) [na:1.8.0_102] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [na:1.8.0_102] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [na:1.8.0_102] at java.lang.Thread.run(Thread.java:745) [na:1.8.0_102] Caused by: org.apache.shiro.authz.AuthorizationException: Not authorized to invoke method: public java.util.List com.sonatype.nexus.plugins.healthcheck.ui.HealthCheckStatusComponent.read() at org.apache.shiro.authz.aop.AuthorizingAnnotationMethodInterceptor.assertAuthorized(AuthorizingAnnotationMethodInterceptor.java:90) [na:na] ... 26 common frames omitted {code}

    Sonatype JIRA | 1 month ago | Joe Tom
    org.apache.shiro.authz.AuthorizationException: User is not permitted: nexus:healthcheck:read
  4. Speed up your debug routine!

    Automated exception search integrated into your IDE

  5. 0

    Add Rut Auth to the top of the active realms list in Nexus 3, above both XML realms. Add the RUT Auth capability with the header value of username. Send the following request: {noformat} > curl -H "Username: admin" -H "Content-Type: application/json" -d '{"action": "coreui_AnonymousSettings","method": "read","data": null,"type": "rpc","tid": 44}' -v -4 "http://localhost:8081/service/extdirect" * Hostname was NOT found in DNS cache * Trying 127.0.0.1... * Connected to localhost (127.0.0.1) port 8081 (#0) > POST /service/extdirect HTTP/1.1 > User-Agent: curl/7.38.0 > Host: localhost:8081 > Accept: */* > Username: admin > Content-Type: application/json > Content-Length: 92 > * upload completely sent off: 92 out of 92 bytes < HTTP/1.1 200 OK < Date: Thu, 27 Nov 2014 17:34:12 GMT * Server Nexus/3.0.0-b2014101001 is not blacklisted < Server: Nexus/3.0.0-b2014101001 < X-Frame-Options: SAMEORIGIN < X-Content-Type-Options: nosniff < Content-Type: application/json;charset=UTF-8 < Set-Cookie: JSESSIONID=2216dc80-e71f-419e-b604-6c0ab4594ffc; Path=/; HttpOnly < Set-Cookie: rememberMe=deleteMe; Path=/; Max-Age=0; Expires=Wed, 26-Nov-2014 17:34:12 GMT < Content-Length: 198 < * Connection #0 to host localhost left intact {"tid":44,"action":"coreui_AnonymousSettings","method":"read","result":{"message":"User is not permitted: nexus:settings:read","authenticationRequired":false,"success":false,"data":[]},"type":"rpc"} {noformat} Note the "User is not permitted" message. Debug Logs from this request show RUT auth is not even consulted: {noformat} 2014-11-27 13:29:46,632-0400 DEBUG [qtp1529955279-190] org.apache.shiro.session.mgt.DefaultSessionManager - Unable to resolve session ID from SessionKey [org.apache.shiro.web.session.mgt.WebSessionKey@14f7b204]. Returning null to indicate a session could not be found. 2014-11-27 13:29:46,632-0400 DEBUG [qtp1529955279-190] *UNKNOWN com.softwarementors.extjs.djn.router.processor.standard.json.JsonRequestProcessor - Request data (JSON)=>{"action": "coreui_AnonymousSettings","method": "read","data": null,"type": "rpc","tid": 44} 2014-11-27 13:29:46,632-0400 DEBUG [qtp1529955279-190] *UNKNOWN org.sonatype.nexus.extdirect.internal.ExtDirectServlet - Creating instance of action class 'org.sonatype.nexus.coreui.AnonymousSettingsComponent' mapped to 'coreui_AnonymousSettings 2014-11-27 13:29:46,632-0400 DEBUG [qtp1529955279-190] *UNKNOWN org.sonatype.nexus.extdirect.internal.ExtDirectServlet - Invoking action method: coreui_AnonymousSettings.read, java-method: org.sonatype.nexus.coreui.AnonymousSettingsComponent.read 2014-11-27 13:29:46,632-0400 DEBUG [qtp1529955279-190] *UNKNOWN org.apache.shiro.realm.AuthenticatingRealm - Looked up AuthenticationInfo [anonymous] from doGetAuthenticationInfo 2014-11-27 13:29:46,634-0400 DEBUG [qtp1529955279-190] *UNKNOWN org.apache.shiro.authc.AbstractAuthenticator - Authentication successful for token [org.apache.shiro.authc.UsernamePasswordToken - anonymous, rememberMe=false]. Returned account [anonymous] 2014-11-27 13:29:46,634-0400 DEBUG [qtp1529955279-190] *UNKNOWN org.apache.shiro.subject.support.DefaultSubjectContext - No SecurityManager available in subject context map. Falling back to SecurityUtils.getSecurityManager() lookup. 2014-11-27 13:29:46,634-0400 DEBUG [qtp1529955279-190] *UNKNOWN org.apache.shiro.subject.support.DefaultSubjectContext - No SecurityManager available in subject context map. Falling back to SecurityUtils.getSecurityManager() lookup. 2014-11-27 13:29:46,634-0400 DEBUG [qtp1529955279-190] *UNKNOWN org.apache.shiro.session.mgt.DefaultSessionManager - Creating new EIS record for new session instance [org.apache.shiro.session.mgt.SimpleSession,id=null] 2014-11-27 13:29:46,634-0400 DEBUG [qtp1529955279-190] *UNKNOWN net.sf.ehcache.store.disk.Segment - put added 0 on heap 2014-11-27 13:29:46,634-0400 DEBUG [qtp1529955279-190] *UNKNOWN net.sf.ehcache.store.disk.Segment - put added 0 on heap 2014-11-27 13:29:46,634-0400 DEBUG [qtp1529955279-190] *UNKNOWN net.sf.ehcache.store.disk.Segment - put updated, deleted 0 on heap 2014-11-27 13:29:46,634-0400 DEBUG [qtp1529955279-190] *UNKNOWN org.apache.shiro.web.servlet.SimpleCookie - Added HttpServletResponse Cookie [JSESSIONID=c9127c75-5986-4eef-a6d4-53eddf6edd14; Path=/; HttpOnly] 2014-11-27 13:29:46,634-0400 DEBUG [shiro-activeSessionCache.data] *SYSTEM net.sf.ehcache.store.disk.Segment - fault removed 0 from heap 2014-11-27 13:29:46,634-0400 DEBUG [qtp1529955279-190] *UNKNOWN net.sf.ehcache.store.disk.Segment - put added 0 on heap 2014-11-27 13:29:46,634-0400 DEBUG [shiro-activeSessionCache.data] *SYSTEM net.sf.ehcache.store.disk.Segment - fault added 0 on disk 2014-11-27 13:29:46,634-0400 DEBUG [shiro-activeSessionCache.data] *SYSTEM net.sf.ehcache.store.disk.Segment - fault installation failed, deleted 0 from heap 2014-11-27 13:29:46,634-0400 DEBUG [shiro-activeSessionCache.data] *SYSTEM net.sf.ehcache.store.disk.Segment - fault installation failed deleted 0 from disk 2014-11-27 13:29:46,634-0400 DEBUG [qtp1529955279-190] *UNKNOWN net.sf.ehcache.store.disk.Segment - put updated, deleted 0 on heap 2014-11-27 13:29:46,634-0400 DEBUG [qtp1529955279-190] *UNKNOWN net.sf.ehcache.store.disk.Segment - put added 0 on heap 2014-11-27 13:29:46,634-0400 DEBUG [qtp1529955279-190] *UNKNOWN net.sf.ehcache.store.disk.Segment - put updated, deleted 0 on heap 2014-11-27 13:29:46,635-0400 DEBUG [qtp1529955279-190] *UNKNOWN org.apache.shiro.web.servlet.SimpleCookie - Added HttpServletResponse Cookie [rememberMe=deleteMe; Path=/; Max-Age=0; Expires=Wed, 26-Nov-2014 17:29:46 GMT] 2014-11-27 13:29:46,635-0400 DEBUG [qtp1529955279-190] *UNKNOWN org.apache.shiro.mgt.AbstractRememberMeManager - AuthenticationToken did not indicate RememberMe is requested. RememberMe functionality will not be executed for corresponding account. 2014-11-27 13:29:46,635-0400 DEBUG [shiro-activeSessionCache.data] *SYSTEM net.sf.ehcache.store.disk.Segment - fault removed 0 from heap 2014-11-27 13:29:46,635-0400 DEBUG [shiro-activeSessionCache.data] *SYSTEM net.sf.ehcache.store.disk.Segment - fault added 0 on disk 2014-11-27 13:29:46,635-0400 DEBUG [shiro-activeSessionCache.data] *SYSTEM net.sf.ehcache.store.disk.Segment - fault installation failed, deleted 0 from heap 2014-11-27 13:29:46,635-0400 DEBUG [shiro-activeSessionCache.data] *SYSTEM net.sf.ehcache.store.disk.Segment - fault installation failed deleted 0 from disk 2014-11-27 13:29:46,635-0400 DEBUG [shiro-activeSessionCache.data] *SYSTEM net.sf.ehcache.store.disk.Segment - fault removed 0 from heap 2014-11-27 13:29:46,635-0400 DEBUG [shiro-activeSessionCache.data] *SYSTEM net.sf.ehcache.store.disk.Segment - fault added 0 on disk 2014-11-27 13:29:46,635-0400 DEBUG [shiro-activeSessionCache.data] *SYSTEM net.sf.ehcache.store.disk.Segment - fault installation failed, deleted 0 from heap 2014-11-27 13:29:46,635-0400 DEBUG [shiro-activeSessionCache.data] *SYSTEM net.sf.ehcache.store.disk.Segment - fault installation failed deleted 0 from disk 2014-11-27 13:29:46,635-0400 DEBUG [shiro-activeSessionCache.data] *SYSTEM net.sf.ehcache.store.disk.Segment - fault removed 0 from heap 2014-11-27 13:29:46,635-0400 DEBUG [shiro-activeSessionCache.data] *SYSTEM net.sf.ehcache.store.disk.Segment - fault added 0 on disk 2014-11-27 13:29:46,638-0400 DEBUG [qtp1529955279-190] anonymous org.sonatype.nexus.extdirect.internal.ExtDirectServlet - Failed to invoke action method: coreui_AnonymousSettings.read, java-method: org.sonatype.nexus.coreui.AnonymousSettingsComponent.read org.apache.shiro.authz.AuthorizationException: User is not permitted: nexus:settings:read at org.sonatype.security.authorization.ExceptionCatchingModularRealmAuthorizer.checkPermission(ExceptionCatchingModularRealmAuthorizer.java:68) [na:na] at org.apache.shiro.mgt.AuthorizingSecurityManager.checkPermission(AuthorizingSecurityManager.java:137) [na:na] at org.apache.shiro.subject.support.DelegatingSubject.checkPermission(DelegatingSubject.java:205) [org.apache.shiro.core:1.2.3] at org.apache.shiro.authz.aop.PermissionAnnotationHandler.assertAuthorized(PermissionAnnotationHandler.java:74) [na:na] at org.apache.shiro.authz.aop.AuthorizingAnnotationMethodInterceptor.assertAuthorized(AuthorizingAnnotationMethodInterceptor.java:84) [na:na] at org.apache.shiro.authz.aop.AuthorizingAnnotationMethodInterceptor.invoke(AuthorizingAnnotationMethodInterceptor.java:67) [na:na] at org.apache.shiro.guice.aop.AopAllianceMethodInterceptorAdapter.invoke(AopAllianceMethodInterceptorAdapter.java:36) [na:na] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [na:1.8.0_25] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) [na:1.8.0_25] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [na:1.8.0_25] at java.lang.reflect.Method.invoke(Method.java:483) [na:1.8.0_25] at com.softwarementors.extjs.djn.router.dispatcher.DispatcherBase.invokeJavaMethod(DispatcherBase.java:142) [org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.b2014101001] at com.softwarementors.extjs.djn.router.dispatcher.DispatcherBase.invokeMethod(DispatcherBase.java:133) [org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.b2014101001] at org.sonatype.nexus.extdirect.internal.ExtDirectServlet$3.invokeMethod(ExtDirectServlet.java:225) [org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.b2014101001] at com.softwarementors.extjs.djn.router.dispatcher.DispatcherBase.dispatch(DispatcherBase.java:63) [org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.b2014101001] at com.softwarementors.extjs.djn.router.processor.standard.StandardRequestProcessorBase.dispatchStandardMethod(StandardRequestProcessorBase.java:73) [org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.b2014101001] at com.softwarementors.extjs.djn.router.processor.standard.json.JsonRequestProcessor.processIndividualRequest(JsonRequestProcessor.java:502) [org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.b2014101001] at com.softwarementors.extjs.djn.router.processor.standard.json.JsonRequestProcessor.processIndividualRequestsInThisThread(JsonRequestProcessor.java:150) [org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.b2014101001] at com.softwarementors.extjs.djn.router.processor.standard.json.JsonRequestProcessor.process(JsonRequestProcessor.java:133) [org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.b2014101001] at com.softwarementors.extjs.djn.router.RequestRouter.processJsonRequest(RequestRouter.java:83) [org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.b2014101001] at com.softwarementors.extjs.djn.servlet.DirectJNgineServlet.processRequest(DirectJNgineServlet.java:617) [org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.b2014101001] at com.softwarementors.extjs.djn.servlet.DirectJNgineServlet.doPost(DirectJNgineServlet.java:580) [org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.b2014101001] at org.sonatype.nexus.extdirect.internal.ExtDirectServlet.doPost(ExtDirectServlet.java:133) [org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.b2014101001] at javax.servlet.http.HttpServlet.service(HttpServlet.java:755) [javax.servlet:3.0.0.v201112011016] at javax.servlet.http.HttpServlet.service(HttpServlet.java:848) [javax.servlet:3.0.0.v201112011016] at com.google.inject.servlet.ServletDefinition.doServiceImpl(ServletDefinition.java:300) [org.sonatype.sisu.guice:3.2.2] at com.google.inject.servlet.ServletDefinition.doService(ServletDefinition.java:284) [org.sonatype.sisu.guice:3.2.2] at com.google.inject.servlet.ServletDefinition.service(ServletDefinition.java:187) [org.sonatype.sisu.guice:3.2.2] at com.google.inject.servlet.AbstractServletPipeline.service(AbstractServletPipeline.java:61) [org.sonatype.sisu.guice:3.2.2] at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:85) [org.sonatype.sisu.guice:3.2.2] at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:112) [org.apache.shiro.web:1.2.3] at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82) [org.sonatype.sisu.guice:3.2.2] at org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(AbstractShiroFilter.java:449) [org.apache.shiro.web:1.2.3] at org.sonatype.nexus.web.SecurityFilter.executeChain(SecurityFilter.java:71) [org.sonatype.nexus.core:3.0.0.b2014101001] at org.apache.shiro.web.servlet.AbstractShiroFilter$1.call(AbstractShiroFilter.java:365) [org.apache.shiro.web:1.2.3] at org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90) [org.apache.shiro.core:1.2.3] at org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83) [org.apache.shiro.core:1.2.3] at org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:383) [org.apache.shiro.core:1.2.3] at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:362) [org.apache.shiro.web:1.2.3] at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125) [org.apache.shiro.web:1.2.3] at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82) [org.sonatype.sisu.guice:3.2.2] at com.codahale.metrics.servlet.AbstractInstrumentedFilter.doFilter(AbstractInstrumentedFilter.java:97) [com.codahale.metrics.servlet:3.0.2] at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82) [org.sonatype.sisu.guice:3.2.2] at org.sonatype.nexus.web.internal.CommonHeadersFilter.doFilter(CommonHeadersFilter.java:67) [org.sonatype.nexus.core:3.0.0.b2014101001] at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82) [org.sonatype.sisu.guice:3.2.2] at org.sonatype.nexus.web.internal.ErrorPageFilter.doFilter(ErrorPageFilter.java:66) [org.sonatype.nexus.core:3.0.0.b2014101001] at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82) [org.sonatype.sisu.guice:3.2.2] at org.sonatype.nexus.web.internal.BaseUrlHolderFilter.doFilter(BaseUrlHolderFilter.java:68) [org.sonatype.nexus.core:3.0.0.b2014101001] at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82) [org.sonatype.sisu.guice:3.2.2] at com.google.inject.servlet.AbstractFilterPipeline.dispatch(AbstractFilterPipeline.java:95) [org.sonatype.sisu.guice:3.2.2] at com.google.inject.servlet.GuiceFilter$1.call(GuiceFilter.java:133) [org.sonatype.sisu.guice:3.2.2] at com.google.inject.servlet.GuiceFilter$1.call(GuiceFilter.java:130) [org.sonatype.sisu.guice:3.2.2] at com.google.inject.servlet.GuiceFilter$Context.call(GuiceFilter.java:203) [org.sonatype.sisu.guice:3.2.2] at com.google.inject.servlet.GuiceFilter.doFilter(GuiceFilter.java:130) [org.sonatype.sisu.guice:3.2.2] at org.sonatype.nexus.bootstrap.osgi.DelegatingFilter.doFilter(DelegatingFilter.java:73) [org.sonatype.nexus.bootstrap:3.0.0.b2014101001] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1419) [org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520] at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:455) [org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520] at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:137) [org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520] at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:557) [org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520] at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:231) [org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520] at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1075) [org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520] at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:384) [org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520] at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:193) [org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520] at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1009) [org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520] at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135) [org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520] at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116) [org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520] at com.codahale.metrics.jetty8.InstrumentedHandler.handle(InstrumentedHandler.java:192) [com.codahale.metrics.jetty8:3.0.2] at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:154) [org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520] at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116) [org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520] at org.eclipse.jetty.server.Server.handle(Server.java:370) [org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520] at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:489) [org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520] at org.eclipse.jetty.server.AbstractHttpConnection.content(AbstractHttpConnection.java:960) [org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520] at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.content(AbstractHttpConnection.java:1021) [org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520] at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:865) [org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520] at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:240) [org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520] at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82) [org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520] at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:668) [org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520] at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:52) [org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520] at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:608) [org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520] at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:543) [org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520] at java.lang.Thread.run(Thread.java:745) [na:1.8.0_25] Caused by: org.apache.shiro.authz.AuthorizationException: Not authorized to invoke method: public org.sonatype.nexus.coreui.AnonymousSettingsXO org.sonatype.nexus.coreui.AnonymousSettingsComponent.read() at org.apache.shiro.authz.aop.AuthorizingAnnotationMethodInterceptor.assertAuthorized(AuthorizingAnnotationMethodInterceptor.java:90) [na:na] ... 76 common frames omitted 2014-11-27 13:29:46,640-0400 DEBUG [qtp1529955279-190] anonymous com.softwarementors.extjs.djn.Timer - - Java method dispatch time (AnonymousSettingsComponent.read): 7.93 ms. 2014-11-27 13:29:46,641-0400 DEBUG [qtp1529955279-190] anonymous com.softwarementors.extjs.djn.router.processor.standard.json.JsonRequestProcessor - ResponseData data (JSON)=>{"tid":44,"action":"coreui_AnonymousSettings","method":"read","result":{"message":"User is not permitted: nexus:settings:read","authenticationRequired":false,"success":false,"data":[]},"type":"rpc"} 2014-11-27 13:29:46,641-0400 DEBUG [qtp1529955279-190] anonymous com.softwarementors.extjs.djn.Timer - Total servlet processing time: 8.86 ms. {noformat}

    Sonatype JIRA | 2 years ago | Peter Lynch
    org.apache.shiro.authz.AuthorizationException: User is not permitted: nexus:settings:read
  6. 0

    A user with UI: Capabilities Admin and UI: Base UI Privileges cannot get the Capabilities Types ( returns 403) even though the roles do give the user Capability Types: Read access. {noformat} > curl -u cap:admin123 http://localhost:8081/nexus/service/siesta/capabilities/types {"id":"fdd3b733-9d27-4ab9-8c4a-3ae7b18f7944","message":"User is not permitted: nexus:capabilityTypesread"} {noformat} {noformat} jvm 1 | 2014-02-10 11:07:12 DEBUG [qtp253747277-78] cap org.sonatype.nexus.plugins.siesta.AuthorizationExceptionMapper - (ID fdd3b733-9d27-4ab9-8c4a-3ae7b18f7944) Mapping exception: org.apache.shiro.authz.AuthorizationException: User is not permitted: nexus:capabilityTypesread jvm 1 | 2014-02-10 11:07:12 WARN [qtp253747277-78] cap org.sonatype.nexus.plugins.siesta.AuthorizationExceptionMapper - (ID fdd3b733-9d27-4ab9-8c4a-3ae7b18f7944) Response: [403] ErrorXO{id='fdd3b733-9d27-4ab9-8c4a-3ae7b18f7944', message='User is not permitted: nexus:capabilityTypesread'} mapped from org.apache.shiro.authz.AuthorizationException/User is not permitted: nexus:capabilityTypesread jvm 1 | org.apache.shiro.authz.AuthorizationException: User is not permitted: nexus:capabilityTypesread jvm 1 | at org.sonatype.security.authorization.ExceptionCatchingModularRealmAuthorizer.checkPermission(ExceptionCatchingModularRealmAuthorizer.java:66) ~[nexus-security-2.7.1-01.jar:2.7.1-01] jvm 1 | at org.apache.shiro.mgt.AuthorizingSecurityManager.checkPermission(AuthorizingSecurityManager.java:137) ~[shiro-core-1.2.2.jar:1.2.2] jvm 1 | at org.apache.shiro.subject.support.DelegatingSubject.checkPermission(DelegatingSubject.java:205) [shiro-core-1.2.2.jar:1.2.2] jvm 1 | at org.apache.shiro.authz.aop.PermissionAnnotationHandler.assertAuthorized(PermissionAnnotationHandler.java:74) ~[shiro-core-1.2.2.jar:1.2.2] jvm 1 | at org.apache.shiro.authz.aop.AuthorizingAnnotationMethodInterceptor.assertAuthorized(AuthorizingAnnotationMethodInterceptor.java:84) ~[shiro-core-1.2.2.jar:1.2.2] jvm 1 | at org.apache.shiro.authz.aop.AuthorizingAnnotationMethodInterceptor.invoke(AuthorizingAnnotationMethodInterceptor.java:67) ~[shiro-core-1.2.2.jar:1.2.2] jvm 1 | at org.apache.shiro.guice.aop.AopAllianceMethodInterceptorAdapter.invoke(AopAllianceMethodInterceptorAdapter.java:36) ~[shiro-guice-1.2.2.jar:1.2.2] jvm 1 | at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.7.0_51] jvm 1 | at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) ~[na:1.7.0_51] jvm 1 | at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.7.0_51] jvm 1 | at java.lang.reflect.Method.invoke(Method.java:606) ~[na:1.7.0_51] jvm 1 | at com.sun.jersey.spi.container.JavaMethodInvokerFactory$1.invoke(JavaMethodInvokerFactory.java:60) ~[jersey-server-1.17.1.jar:1.17.1] jvm 1 | at com.sun.jersey.server.impl.model.method.dispatch.AbstractResourceMethodDispatchProvider$TypeOutInvoker._dispatch(AbstractResourceMethodDispatchProvider.java:185) ~[jersey-server-1.17.1.jar:1.17.1] jvm 1 | at com.sun.jersey.server.impl.model.method.dispatch.ResourceJavaMethodDispatcher.dispatch(ResourceJavaMethodDispatcher.java:75) ~[jersey-server-1.17.1.jar:1.17.1] jvm 1 | at com.sun.jersey.server.impl.uri.rules.HttpMethodRule.accept(HttpMethodRule.java:302) ~[jersey-server-1.17.1.jar:1.17.1] jvm 1 | at com.sun.jersey.server.impl.uri.rules.ResourceClassRule.accept(ResourceClassRule.java:108) ~[jersey-server-1.17.1.jar:1.17.1] jvm 1 | at com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147) ~[jersey-server-1.17.1.jar:1.17.1] jvm 1 | at com.sun.jersey.server.impl.uri.rules.RootResourceClassesRule.accept(RootResourceClassesRule.java:84) ~[jersey-server-1.17.1.jar:1.17.1] jvm 1 | at com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1511) [jersey-server-1.17.1.jar:1.17.1] jvm 1 | at com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1442) [jersey-server-1.17.1.jar:1.17.1] jvm 1 | at com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1391) [jersey-server-1.17.1.jar:1.17.1] jvm 1 | at com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1381) [jersey-server-1.17.1.jar:1.17.1] jvm 1 | at com.sun.jersey.spi.container.servlet.WebComponent.service(WebComponent.java:416) [jersey-servlet-1.17.1.jar:1.17.1] jvm 1 | at com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:538) [jersey-servlet-1.17.1.jar:1.17.1] jvm 1 | at com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:716) [jersey-servlet-1.17.1.jar:1.17.1] jvm 1 | at org.sonatype.sisu.siesta.server.internal.SiestaServlet.service(SiestaServlet.java:121) [siesta-server-1.5.2.jar:1.5.2] jvm 1 | at javax.servlet.http.HttpServlet.service(HttpServlet.java:848) [javax.servlet-3.0.0.v201112011016.jar:na] jvm 1 | at com.google.inject.servlet.ServletDefinition.doServiceImpl(ServletDefinition.java:278) [guice-servlet-3.1.4.jar:3.1.4] jvm 1 | at com.google.inject.servlet.ServletDefinition.doService(ServletDefinition.java:268) [guice-servlet-3.1.4.jar:3.1.4] jvm 1 | at com.google.inject.servlet.ServletDefinition.service(ServletDefinition.java:180) [guice-servlet-3.1.4.jar:3.1.4] jvm 1 | at com.google.inject.servlet.ManagedServletPipeline.service(ManagedServletPipeline.java:93) [guice-servlet-3.1.4.jar:3.1.4] jvm 1 | at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:85) [guice-servlet-3.1.4.jar:3.1.4] jvm 1 | at org.sonatype.nexus.web.MdcUserContextFilter.doFilter(MdcUserContextFilter.java:57) [nexus-web-utils-2.7.1-01.jar:2.7.1-01] jvm 1 | at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82) [guice-servlet-3.1.4.jar:3.1.4] jvm 1 | at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:61) [shiro-web-1.2.2.jar:1.2.2] jvm 1 | at org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.java:108) [shiro-web-1.2.2.jar:1.2.2] jvm 1 | at org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:137) [shiro-web-1.2.2.jar:1.2.2] jvm 1 | at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125) [shiro-web-1.2.2.jar:1.2.2] jvm 1 | at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66) [shiro-web-1.2.2.jar:1.2.2] jvm 1 | at org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.java:108) [shiro-web-1.2.2.jar:1.2.2] jvm 1 | at org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:137) [shiro-web-1.2.2.jar:1.2.2] jvm 1 | at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125) [shiro-web-1.2.2.jar:1.2.2] jvm 1 | at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66) [shiro-web-1.2.2.jar:1.2.2] jvm 1 | at org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(AbstractShiroFilter.java:449) [shiro-web-1.2.2.jar:1.2.2] jvm 1 | at org.apache.shiro.web.servlet.AbstractShiroFilter$1.call(AbstractShiroFilter.java:365) [shiro-web-1.2.2.jar:1.2.2] jvm 1 | at org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90) [shiro-core-1.2.2.jar:1.2.2] jvm 1 | at org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83) [shiro-core-1.2.2.jar:1.2.2] jvm 1 | at org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:383) [shiro-core-1.2.2.jar:1.2.2] jvm 1 | at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:362) [shiro-web-1.2.2.jar:1.2.2] jvm 1 | at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125) [shiro-web-1.2.2.jar:1.2.2] jvm 1 | at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82) [guice-servlet-3.1.4.jar:3.1.4] jvm 1 | at com.google.inject.servlet.ManagedFilterPipeline.dispatch(ManagedFilterPipeline.java:120) [guice-servlet-3.1.4.jar:3.1.4] jvm 1 | at org.sonatype.nexus.web.NexusGuiceFilter$MultiFilterChain.doFilter(NexusGuiceFilter.java:83) [nexus-web-utils-2.7.1-01.jar:2.7.1-01] jvm 1 | at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:89) [guice-servlet-3.1.4.jar:3.1.4] jvm 1 | at com.google.inject.servlet.ManagedFilterPipeline.dispatch(ManagedFilterPipeline.java:120) [guice-servlet-3.1.4.jar:3.1.4] jvm 1 | at org.sonatype.nexus.web.NexusGuiceFilter$MultiFilterChain.doFilter(NexusGuiceFilter.java:83) [nexus-web-utils-2.7.1-01.jar:2.7.1-01] jvm 1 | at org.sonatype.nexus.web.NexusGuiceFilter$MultiFilterPipeline.dispatch(NexusGuiceFilter.java:57) [nexus-web-utils-2.7.1-01.jar:2.7.1-01] jvm 1 | at com.google.inject.servlet.GuiceFilter$1.call(GuiceFilter.java:132) [guice-servlet-3.1.4.jar:3.1.4] jvm 1 | at com.google.inject.servlet.GuiceFilter$1.call(GuiceFilter.java:129) [guice-servlet-3.1.4.jar:3.1.4] jvm 1 | at com.google.inject.servlet.GuiceFilter$Context.call(GuiceFilter.java:206) [guice-servlet-3.1.4.jar:3.1.4] jvm 1 | at com.google.inject.servlet.GuiceFilter.doFilter(GuiceFilter.java:129) [guice-servlet-3.1.4.jar:3.1.4] jvm 1 | at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1419) [jetty-servlet-8.1.11.v20130520.jar:8.1.11.v20130520] jvm 1 | at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:455) [jetty-servlet-8.1.11.v20130520.jar:8.1.11.v20130520] jvm 1 | at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:137) [jetty-server-8.1.11.v20130520.jar:8.1.11.v20130520] jvm 1 | at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:557) [jetty-security-8.1.11.v20130520.jar:8.1.11.v20130520] jvm 1 | at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:231) [jetty-server-8.1.11.v20130520.jar:8.1.11.v20130520] jvm 1 | at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1075) [jetty-server-8.1.11.v20130520.jar:8.1.11.v20130520] jvm 1 | at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:384) [jetty-servlet-8.1.11.v20130520.jar:8.1.11.v20130520] jvm 1 | at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:193) [jetty-server-8.1.11.v20130520.jar:8.1.11.v20130520] jvm 1 | at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1009) [jetty-server-8.1.11.v20130520.jar:8.1.11.v20130520] jvm 1 | at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135) [jetty-server-8.1.11.v20130520.jar:8.1.11.v20130520] jvm 1 | at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116) [jetty-server-8.1.11.v20130520.jar:8.1.11.v20130520] jvm 1 | at com.yammer.metrics.jetty.InstrumentedHandler.handle(InstrumentedHandler.java:200) [metrics-jetty-2.2.0.jar:na] jvm 1 | at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:154) [jetty-server-8.1.11.v20130520.jar:8.1.11.v20130520] jvm 1 | at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116) [jetty-server-8.1.11.v20130520.jar:8.1.11.v20130520] jvm 1 | at org.eclipse.jetty.server.Server.handle(Server.java:370) [jetty-server-8.1.11.v20130520.jar:8.1.11.v20130520] jvm 1 | at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:489) [jetty-server-8.1.11.v20130520.jar:8.1.11.v20130520] jvm 1 | at org.eclipse.jetty.server.AbstractHttpConnection.headerComplete(AbstractHttpConnection.java:949) [jetty-server-8.1.11.v20130520.jar:8.1.11.v20130520] jvm 1 | at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.headerComplete(AbstractHttpConnection.java:1011) [jetty-server-8.1.11.v20130520.jar:8.1.11.v20130520] jvm 1 | at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:644) [jetty-http-8.1.11.v20130520.jar:8.1.11.v20130520] jvm 1 | at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:235) [jetty-http-8.1.11.v20130520.jar:8.1.11.v20130520] jvm 1 | at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82) [jetty-server-8.1.11.v20130520.jar:8.1.11.v20130520] jvm 1 | at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:668) [jetty-io-8.1.11.v20130520.jar:8.1.11.v20130520] jvm 1 | at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:52) [jetty-io-8.1.11.v20130520.jar:8.1.11.v20130520] jvm 1 | at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:608) [jetty-util-8.1.11.v20130520.jar:8.1.11.v20130520] jvm 1 | at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:543) [jetty-util-8.1.11.v20130520.jar:8.1.11.v20130520] jvm 1 | at java.lang.Thread.run(Thread.java:744) [na:1.7.0_51] jvm 1 | Caused by: org.apache.shiro.authz.AuthorizationException: Not authorized to invoke method: public java.util.List org.sonatype.nexus.plugins.capabilities.internal.rest.CapabilityTypesResource.get(java.lang.Boolean) jvm 1 | at org.apache.shiro.authz.aop.AuthorizingAnnotationMethodInterceptor.assertAuthorized(AuthorizingAnnotationMethodInterceptor.java:90) ~[shiro-core-1.2.2.jar:1.2.2] jvm 1 | ... 82 common frames omitted {noformat}

    Sonatype JIRA | 3 years ago | Peter Lynch
    org.apache.shiro.authz.AuthorizationException: User is not permitted: nexus:capabilityTypesread

    Not finding the right solution?
    Take a tour to get the most out of Samebug.

    Tired of useless tips?

    Automated exception search integrated into your IDE

    Root Cause Analysis

    1. org.apache.shiro.authz.AuthorizationException

      Not authorized to invoke method: public java.util.List org.sonatype.nexus.coreui.PrivilegeComponent.read()

      at org.apache.shiro.authz.aop.AuthorizingAnnotationMethodInterceptor.assertAuthorized()
    2. Shiro
      AuthorizingAnnotationMethodInterceptor.invoke
      1. org.apache.shiro.authz.aop.AuthorizingAnnotationMethodInterceptor.assertAuthorized(AuthorizingAnnotationMethodInterceptor.java:90)[na:na]
      2. org.apache.shiro.authz.aop.AuthorizingAnnotationMethodInterceptor.invoke(AuthorizingAnnotationMethodInterceptor.java:67)[na:na]
      2 frames
    3. Apache Shiro :: Support :: Guice
      AopAllianceMethodInterceptorAdapter.invoke
      1. org.apache.shiro.guice.aop.AopAllianceMethodInterceptorAdapter.invoke(AopAllianceMethodInterceptorAdapter.java:36)[na:na]
      1 frame
    4. Java RT
      Method.invoke
      1. sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)[na:1.8.0_40]
      2. sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)[na:1.8.0_40]
      3. sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)[na:1.8.0_40]
      4. java.lang.reflect.Method.invoke(Method.java:497)[na:1.8.0_40]
      4 frames
    5. com.softwarementors.extjs
      DispatcherBase.invokeMethod
      1. com.softwarementors.extjs.djn.router.dispatcher.DispatcherBase.invokeJavaMethod(DispatcherBase.java:142)[org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.SNAPSHOT]
      2. com.softwarementors.extjs.djn.router.dispatcher.DispatcherBase.invokeMethod(DispatcherBase.java:133)[org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.SNAPSHOT]
      2 frames
    6. org.sonatype.nexus
      ExtDirectServlet$3.invokeMethod
      1. org.sonatype.nexus.extdirect.internal.ExtDirectServlet$3.invokeMethod(ExtDirectServlet.java:201)[org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.SNAPSHOT]
      1 frame
    7. com.softwarementors.extjs
      SsmJsonRequestProcessorThread.processRequest
      1. com.softwarementors.extjs.djn.router.dispatcher.DispatcherBase.dispatch(DispatcherBase.java:63)[org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.SNAPSHOT]
      2. com.softwarementors.extjs.djn.router.processor.standard.StandardRequestProcessorBase.dispatchStandardMethod(StandardRequestProcessorBase.java:73)[org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.SNAPSHOT]
      3. com.softwarementors.extjs.djn.router.processor.standard.json.JsonRequestProcessor.processIndividualRequest(JsonRequestProcessor.java:502)[org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.SNAPSHOT]
      4. com.softwarementors.extjs.djn.router.processor.standard.json.DefaultJsonRequestProcessorThread.processRequest(DefaultJsonRequestProcessorThread.java:72)[org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.SNAPSHOT]
      5. com.softwarementors.extjs.djn.servlet.ssm.SsmJsonRequestProcessorThread.processRequest(SsmJsonRequestProcessorThread.java:43)[org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.SNAPSHOT]
      5 frames
    8. org.sonatype.nexus
      ExtDirectJsonRequestProcessorThread$1.call
      1. org.sonatype.nexus.extdirect.internal.ExtDirectJsonRequestProcessorThread.access$1(ExtDirectJsonRequestProcessorThread.java:1)[org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.SNAPSHOT]
      2. org.sonatype.nexus.extdirect.internal.ExtDirectJsonRequestProcessorThread$1.call(ExtDirectJsonRequestProcessorThread.java:59)[org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.SNAPSHOT]
      3. org.sonatype.nexus.extdirect.internal.ExtDirectJsonRequestProcessorThread$1.call(ExtDirectJsonRequestProcessorThread.java:1)[org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.SNAPSHOT]
      3 frames
    9. Guice - Servlet
      ServletScopes$3.call
      1. com.google.inject.servlet.GuiceFilter$Context.call(GuiceFilter.java:203)[com.google.inject:4.0.0]
      2. com.google.inject.servlet.ServletScopes$3.call(ServletScopes.java:232)[com.google.inject:4.0.0]
      2 frames
    10. org.sonatype.nexus
      ExtDirectJsonRequestProcessorThread.processRequest
      1. org.sonatype.nexus.extdirect.internal.ExtDirectJsonRequestProcessorThread.processRequest(ExtDirectJsonRequestProcessorThread.java:73)[org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.SNAPSHOT]
      1 frame
    11. com.softwarementors.extjs
      DefaultJsonRequestProcessorThread.call
      1. com.softwarementors.extjs.djn.router.processor.standard.json.DefaultJsonRequestProcessorThread.call(DefaultJsonRequestProcessorThread.java:56)[org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.SNAPSHOT]
      2. com.softwarementors.extjs.djn.router.processor.standard.json.DefaultJsonRequestProcessorThread.call(DefaultJsonRequestProcessorThread.java:30)[org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.SNAPSHOT]
      2 frames
    12. Java RT
      Thread.run
      1. java.util.concurrent.FutureTask.run(FutureTask.java:266)[na:1.8.0_40]
      2. java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)[na:1.8.0_40]
      3. java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)[na:1.8.0_40]
      4. java.lang.Thread.run(Thread.java:745)[na:1.8.0_40]
      4 frames