org.apache.shiro.authz.UnauthenticatedException: The current Subject is not authenticated. Access denied.

Sonatype JIRA | Joe Tom | 1 year ago
  1. 0

    While logged in as anonymous with admin role, I was creating an LDAP connection and noticed that when I tried to Verify Mapping or Create, I got the below error. It appears you have to be authenticated to do this, which to me infers the anonymous role should not be granted this capability at all (or this is wrong). I did not check older NX3 or NX2 at this time. {code} 2015-06-16 17:35:54,932-0400 ERROR [qtp1151413344-115] *UNKNOWN org.sonatype.nexus.extdirect.internal.ExtDirectServlet - Failed to invoke action method: ldap_LdapServer.verifyUserMapping, java-method: org.sonatype.nexus.ldap.internal.ui.LdapServerComponent.verifyUserMapping org.apache.shiro.authz.UnauthenticatedException: The current Subject is not authenticated. Access denied. at org.apache.shiro.authz.aop.AuthenticatedAnnotationHandler.assertAuthorized(AuthenticatedAnnotationHandler.java:53) [na:na] at org.apache.shiro.authz.aop.AuthorizingAnnotationMethodInterceptor.assertAuthorized(AuthorizingAnnotationMethodInterceptor.java:84) [na:na] at org.apache.shiro.authz.aop.AuthorizingAnnotationMethodInterceptor.invoke(AuthorizingAnnotationMethodInterceptor.java:67) [na:na] at org.apache.shiro.guice.aop.AopAllianceMethodInterceptorAdapter.invoke(AopAllianceMethodInterceptorAdapter.java:36) [na:na] at org.apache.shiro.guice.aop.AopAllianceMethodInvocationAdapter.proceed(AopAllianceMethodInvocationAdapter.java:49) [na:na] at org.apache.shiro.authz.aop.AuthorizingAnnotationMethodInterceptor.invoke(AuthorizingAnnotationMethodInterceptor.java:68) [na:na] at org.apache.shiro.guice.aop.AopAllianceMethodInterceptorAdapter.invoke(AopAllianceMethodInterceptorAdapter.java:36) [na:na] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [na:1.8.0_40] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) [na:1.8.0_40] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [na:1.8.0_40] at java.lang.reflect.Method.invoke(Method.java:497) [na:1.8.0_40] at com.softwarementors.extjs.djn.router.dispatcher.DispatcherBase.invokeJavaMethod(DispatcherBase.java:142) [org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.SNAPSHOT] at com.softwarementors.extjs.djn.router.dispatcher.DispatcherBase.invokeMethod(DispatcherBase.java:133) [org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.SNAPSHOT] at org.sonatype.nexus.extdirect.internal.ExtDirectServlet$3.invokeMethod(ExtDirectServlet.java:201) [org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.SNAPSHOT] at com.softwarementors.extjs.djn.router.dispatcher.DispatcherBase.dispatch(DispatcherBase.java:63) [org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.SNAPSHOT] at com.softwarementors.extjs.djn.router.processor.standard.StandardRequestProcessorBase.dispatchStandardMethod(StandardRequestProcessorBase.java:73) [org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.SNAPSHOT] at com.softwarementors.extjs.djn.router.processor.standard.json.JsonRequestProcessor.processIndividualRequest(JsonRequestProcessor.java:502) [org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.SNAPSHOT] at com.softwarementors.extjs.djn.router.processor.standard.json.JsonRequestProcessor.processIndividualRequestsInThisThread(JsonRequestProcessor.java:150) [org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.SNAPSHOT] at com.softwarementors.extjs.djn.router.processor.standard.json.JsonRequestProcessor.process(JsonRequestProcessor.java:133) [org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.SNAPSHOT] at com.softwarementors.extjs.djn.router.RequestRouter.processJsonRequest(RequestRouter.java:83) [org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.SNAPSHOT] at com.softwarementors.extjs.djn.servlet.DirectJNgineServlet.processRequest(DirectJNgineServlet.java:617) [org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.SNAPSHOT] at com.softwarementors.extjs.djn.servlet.DirectJNgineServlet.doPost(DirectJNgineServlet.java:580) [org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.SNAPSHOT] at org.sonatype.nexus.extdirect.internal.ExtDirectServlet.doPost(ExtDirectServlet.java:121) [org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.SNAPSHOT] at javax.servlet.http.HttpServlet.service(HttpServlet.java:707) [javax.servlet-api:3.1.0] at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) [javax.servlet-api:3.1.0] at com.google.inject.servlet.ServletDefinition.doServiceImpl(ServletDefinition.java:287) [com.google.inject:4.0.0] at com.google.inject.servlet.ServletDefinition.doService(ServletDefinition.java:277) [com.google.inject:4.0.0] at com.google.inject.servlet.ServletDefinition.service(ServletDefinition.java:182) [com.google.inject:4.0.0] at com.google.inject.servlet.DynamicServletPipeline.service(DynamicServletPipeline.java:70) [com.google.inject:4.0.0] at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:85) [com.google.inject:4.0.0] at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:112) [org.apache.shiro.web:1.2.3] at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82) [com.google.inject:4.0.0] at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:61) [org.apache.shiro.web:1.2.3] at org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.java:108) [org.apache.shiro.web:1.2.3] at org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:137) [org.apache.shiro.web:1.2.3] at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125) [org.apache.shiro.web:1.2.3] at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66) [org.apache.shiro.web:1.2.3] at org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(AbstractShiroFilter.java:449) [org.apache.shiro.web:1.2.3] at org.sonatype.nexus.security.SecurityFilter.executeChain(SecurityFilter.java:85) [org.sonatype.nexus.security:3.0.0.SNAPSHOT] at org.apache.shiro.web.servlet.AbstractShiroFilter$1.call(AbstractShiroFilter.java:365) [org.apache.shiro.web:1.2.3] at org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90) [org.apache.shiro.core:1.2.3] at org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83) [org.apache.shiro.core:1.2.3] at org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:383) [org.apache.shiro.core:1.2.3] at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:362) [org.apache.shiro.web:1.2.3] at org.sonatype.nexus.security.SecurityFilter.doFilterInternal(SecurityFilter.java:101) [org.sonatype.nexus.security:3.0.0.SNAPSHOT] at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125) [org.apache.shiro.web:1.2.3] at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82) [com.google.inject:4.0.0] at com.sonatype.nexus.licensing.internal.LicensingRedirectFilter.doFilter(LicensingRedirectFilter.java:130) [com.sonatype.nexus.plugins.nexus-licensing-plugin:3.0.0.SNAPSHOT] at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82) [com.google.inject:4.0.0] at com.codahale.metrics.servlet.AbstractInstrumentedFilter.doFilter(AbstractInstrumentedFilter.java:97) [com.codahale.metrics.servlet:3.0.2] at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82) [com.google.inject:4.0.0] at org.sonatype.nexus.internal.web.ErrorPageFilter.doFilter(ErrorPageFilter.java:63) [org.sonatype.nexus.core:3.0.0.SNAPSHOT] at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82) [com.google.inject:4.0.0] at org.sonatype.nexus.internal.web.EnvironmentFilter.doFilter(EnvironmentFilter.java:92) [org.sonatype.nexus.core:3.0.0.SNAPSHOT] at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82) [com.google.inject:4.0.0] at com.google.inject.servlet.DynamicFilterPipeline.dispatch(DynamicFilterPipeline.java:104) [com.google.inject:4.0.0] at com.google.inject.servlet.GuiceFilter$1.call(GuiceFilter.java:133) [com.google.inject:4.0.0] at com.google.inject.servlet.GuiceFilter$1.call(GuiceFilter.java:130) [com.google.inject:4.0.0] at com.google.inject.servlet.GuiceFilter$Context.call(GuiceFilter.java:203) [com.google.inject:4.0.0] at com.google.inject.servlet.GuiceFilter.doFilter(GuiceFilter.java:130) [com.google.inject:4.0.0] at org.sonatype.nexus.bootstrap.osgi.DelegatingFilter.doFilter(DelegatingFilter.java:73) [org.sonatype.nexus.bootstrap:3.0.0.SNAPSHOT] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652) [org.eclipse.jetty.servlet:9.2.9.v20150224] at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:585) [org.eclipse.jetty.servlet:9.2.9.v20150224] at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143) [org.eclipse.jetty.server:9.2.9.v20150224] at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:577) [org.eclipse.jetty.security:9.2.9.v20150224] at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:223) [org.eclipse.jetty.server:9.2.9.v20150224] at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1127) [org.eclipse.jetty.server:9.2.9.v20150224] at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:515) [org.eclipse.jetty.servlet:9.2.9.v20150224] at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185) [org.eclipse.jetty.server:9.2.9.v20150224] at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1061) [org.eclipse.jetty.server:9.2.9.v20150224] at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) [org.eclipse.jetty.server:9.2.9.v20150224] at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97) [org.eclipse.jetty.server:9.2.9.v20150224] at com.codahale.metrics.jetty9.InstrumentedHandler.handle(InstrumentedHandler.java:175) [com.codahale.metrics.jetty9:3.0.2] at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:110) [org.eclipse.jetty.server:9.2.9.v20150224] at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97) [org.eclipse.jetty.server:9.2.9.v20150224] at org.eclipse.jetty.server.Server.handle(Server.java:497) [org.eclipse.jetty.server:9.2.9.v20150224] at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:310) [org.eclipse.jetty.server:9.2.9.v20150224] at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:257) [org.eclipse.jetty.server:9.2.9.v20150224] at org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:540) [org.eclipse.jetty.io:9.2.9.v20150224] at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:635) [org.eclipse.jetty.util:9.2.9.v20150224] at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:555) [org.eclipse.jetty.util:9.2.9.v20150224] at java.lang.Thread.run(Thread.java:745) [na:1.8.0_40] Caused by: org.apache.shiro.authz.AuthorizationException: Not authorized to invoke method: public java.util.Collection org.sonatype.nexus.ldap.internal.ui.LdapServerComponent.verifyUserMapping(org.sonatype.nexus.ldap.internal.ui.LdapServerXO) at org.apache.shiro.authz.aop.AuthorizingAnnotationMethodInterceptor.assertAuthorized(AuthorizingAnnotationMethodInterceptor.java:90) [na:na] ... 80 common frames omitted {code}

    Sonatype JIRA | 1 year ago | Joe Tom
    org.apache.shiro.authz.UnauthenticatedException: The current Subject is not authenticated. Access denied.
  2. 0

    When someone has an old browser session and they are viewing the Nexus UI, and they need to be authenticated again, Nexus can spit ERROR level log messages in the log related to org.apache.shiro.authz.UnauthenticatedException. {noformat} 2016-09-28 14:39:27,809+0200 INFO [jetty-main-1] *SYSTEM org.sonatype.nexus.bootstrap.jetty.JettyServer - ------------------------------------------------- Started Sonatype Nexus OSS 3.0.2-02 ------------------------------------------------- 2016-09-28 14:40:05,548+0200 INFO [qtp1884520425-161] *UNKNOWN org.apache.shiro.session.mgt.AbstractValidatingSessionManager - Enabling session validation scheduler... 2016-09-28 14:40:05,565+0200 INFO [qtp1884520425-161] *UNKNOWN org.sonatype.nexus.security.internal.AnonymousManagerImpl - Loaded configuration: AnonymousConfiguration{enabled=true, userId='anonymous', realmName='NexusAuthorizingRealm'} 2016-09-28 14:40:20,363+0200 INFO [qtp1884520425-651] *UNKNOWN com.sonatype.nexus.analytics.internal.EventSubmitterImpl - Service URL: https://analytics.sonatype.com 2016-09-28 14:41:42,369+0200 ERROR [qtp1884520425-608] *UNKNOWN org.sonatype.nexus.extdirect.internal.ExtDirectServlet - Failed to invoke action method: coreui_Repository.coreui_Repository_readStatus, java-method: org.sonatype.nexus.coreui.RepositoryComponent.readStatus org.apache.shiro.authz.UnauthenticatedException: The current Subject is not authenticated. Access denied. at org.apache.shiro.authz.aop.AuthenticatedAnnotationHandler.assertAuthorized(AuthenticatedAnnotationHandler.java:53) [na:na] at org.apache.shiro.authz.aop.AuthorizingAnnotationMethodInterceptor.assertAuthorized(AuthorizingAnnotationMethodInterceptor.java:84) [na:na] at org.apache.shiro.authz.aop.AuthorizingAnnotationMethodInterceptor.invoke(AuthorizingAnnotationMethodInterceptor.java:67) [na:na] at org.apache.shiro.guice.aop.AopAllianceMethodInterceptorAdapter.invoke(AopAllianceMethodInterceptorAdapter.java:36) [na:na] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [na:1.8.0_92] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) [na:1.8.0_92] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [na:1.8.0_92] at java.lang.reflect.Method.invoke(Method.java:498) [na:1.8.0_92] at com.softwarementors.extjs.djn.router.dispatcher.DispatcherBase.invokeJavaMethod(DispatcherBase.java:142) [org.sonatype.nexus.extdirect:3.0.2.02] at com.softwarementors.extjs.djn.router.dispatcher.DispatcherBase.invokeMethod(DispatcherBase.java:133) [org.sonatype.nexus.extdirect:3.0.2.02] at org.sonatype.nexus.extdirect.internal.ExtDirectServlet$3.invokeMethod(ExtDirectServlet.java:221) [org.sonatype.nexus.extdirect:3.0.2.02] at com.softwarementors.extjs.djn.router.dispatcher.DispatcherBase.dispatch(DispatcherBase.java:63) [org.sonatype.nexus.extdirect:3.0.2.02] at com.softwarementors.extjs.djn.router.processor.poll.PollRequestProcessor.process(PollRequestProcessor.java:145) [org.sonatype.nexus.extdirect:3.0.2.02] at org.sonatype.nexus.extdirect.internal.ExtDirectServlet$4.processPollRequest(ExtDirectServlet.java:315) [org.sonatype.nexus.extdirect:3.0.2.02] at com.softwarementors.extjs.djn.servlet.DirectJNgineServlet.processRequest(DirectJNgineServlet.java:621) [org.sonatype.nexus.extdirect:3.0.2.02] at com.softwarementors.extjs.djn.servlet.DirectJNgineServlet.doPost(DirectJNgineServlet.java:580) [org.sonatype.nexus.extdirect:3.0.2.02] at org.sonatype.nexus.extdirect.internal.ExtDirectServlet.doPost(ExtDirectServlet.java:127) [org.sonatype.nexus.extdirect:3.0.2.02] at com.softwarementors.extjs.djn.servlet.DirectJNgineServlet.doGet(DirectJNgineServlet.java:553) [org.sonatype.nexus.extdirect:3.0.2.02] at javax.servlet.http.HttpServlet.service(HttpServlet.java:687) [javax.servlet-api:3.1.0] at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) [javax.servlet-api:3.1.0] at com.google.inject.servlet.ServletDefinition.doServiceImpl(ServletDefinition.java:287) [com.google.inject:4.0.0] at com.google.inject.servlet.ServletDefinition.doService(ServletDefinition.java:277) [com.google.inject:4.0.0] at com.google.inject.servlet.ServletDefinition.service(ServletDefinition.java:182) [com.google.inject:4.0.0] at com.google.inject.servlet.DynamicServletPipeline.service(DynamicServletPipeline.java:71) [com.google.inject:4.0.0] at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:85) [com.google.inject:4.0.0] at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:112) [org.apache.shiro.web:1.2.4] at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82) [com.google.inject:4.0.0] at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:112) [org.apache.shiro.web:1.2.4] at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82) [com.google.inject:4.0.0] at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:61) [org.apache.shiro.web:1.2.4] at org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.java:108) [org.apache.shiro.web:1.2.4] at org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:137) [org.apache.shiro.web:1.2.4] at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125) [org.apache.shiro.web:1.2.4] at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66) [org.apache.shiro.web:1.2.4] at org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.java:108) [org.apache.shiro.web:1.2.4] at org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:137) [org.apache.shiro.web:1.2.4] at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125) [org.apache.shiro.web:1.2.4] at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66) [org.apache.shiro.web:1.2.4] at org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(AbstractShiroFilter.java:449) [org.apache.shiro.web:1.2.4] at org.sonatype.nexus.security.SecurityFilter.executeChain(SecurityFilter.java:85) [org.sonatype.nexus.security:3.0.2.02] at org.apache.shiro.web.servlet.AbstractShiroFilter$1.call(AbstractShiroFilter.java:365) [org.apache.shiro.web:1.2.4] at org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90) [org.apache.shiro.core:1.2.4] at org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83) [org.apache.shiro.core:1.2.4] at org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:383) [org.apache.shiro.core:1.2.4] at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:362) [org.apache.shiro.web:1.2.4] at org.sonatype.nexus.security.SecurityFilter.doFilterInternal(SecurityFilter.java:101) [org.sonatype.nexus.security:3.0.2.02] at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125) [org.apache.shiro.web:1.2.4] at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82) [com.google.inject:4.0.0] at com.codahale.metrics.servlet.AbstractInstrumentedFilter.doFilter(AbstractInstrumentedFilter.java:97) [com.codahale.metrics.servlet:3.0.2] at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82) [com.google.inject:4.0.0] at org.sonatype.nexus.internal.web.ErrorPageFilter.doFilter(ErrorPageFilter.java:63) [org.sonatype.nexus.base:3.0.2.02] at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82) [com.google.inject:4.0.0] at org.sonatype.nexus.internal.web.EnvironmentFilter.doFilter(EnvironmentFilter.java:97) [org.sonatype.nexus.base:3.0.2.02] at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82) [com.google.inject:4.0.0] at com.google.inject.servlet.DynamicFilterPipeline.dispatch(DynamicFilterPipeline.java:104) [com.google.inject:4.0.0] at com.google.inject.servlet.GuiceFilter$1.call(GuiceFilter.java:133) [com.google.inject:4.0.0] at com.google.inject.servlet.GuiceFilter$1.call(GuiceFilter.java:130) [com.google.inject:4.0.0] at com.google.inject.servlet.GuiceFilter$Context.call(GuiceFilter.java:203) [com.google.inject:4.0.0] at com.google.inject.servlet.GuiceFilter.doFilter(GuiceFilter.java:130) [com.google.inject:4.0.0] at org.sonatype.nexus.bootstrap.osgi.DelegatingFilter.doFilter(DelegatingFilter.java:73) [org.sonatype.nexus.bootstrap:3.0.2.02] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1668) [org.eclipse.jetty.servlet:9.3.7.v20160115] at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:581) [org.eclipse.jetty.servlet:9.3.7.v20160115] at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143) [org.eclipse.jetty.server:9.3.7.v20160115] at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:548) [org.eclipse.jetty.security:9.3.7.v20160115] at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:226) [org.eclipse.jetty.server:9.3.7.v20160115] at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1158) [org.eclipse.jetty.server:9.3.7.v20160115] at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:511) [org.eclipse.jetty.servlet:9.3.7.v20160115] at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185) [org.eclipse.jetty.server:9.3.7.v20160115] at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1090) [org.eclipse.jetty.server:9.3.7.v20160115] at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) [org.eclipse.jetty.server:9.3.7.v20160115] at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:119) [org.eclipse.jetty.server:9.3.7.v20160115] at com.codahale.metrics.jetty9.InstrumentedHandler.handle(InstrumentedHandler.java:175) [com.codahale.metrics.jetty9:3.0.2] at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:109) [org.eclipse.jetty.server:9.3.7.v20160115] at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:119) [org.eclipse.jetty.server:9.3.7.v20160115] at org.eclipse.jetty.server.Server.handle(Server.java:517) [org.eclipse.jetty.server:9.3.7.v20160115] at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:308) [org.eclipse.jetty.server:9.3.7.v20160115] at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:242) [org.eclipse.jetty.server:9.3.7.v20160115] at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:273) [org.eclipse.jetty.io:9.3.7.v20160115] at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:95) [org.eclipse.jetty.io:9.3.7.v20160115] at org.eclipse.jetty.io.SelectChannelEndPoint$2.run(SelectChannelEndPoint.java:75) [org.eclipse.jetty.io:9.3.7.v20160115] at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.produceAndRun(ExecuteProduceConsume.java:213) [org.eclipse.jetty.util:9.3.7.v20160115] at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.run(ExecuteProduceConsume.java:147) [org.eclipse.jetty.util:9.3.7.v20160115] at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:654) [org.eclipse.jetty.util:9.3.7.v20160115] at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:572) [org.eclipse.jetty.util:9.3.7.v20160115] at java.lang.Thread.run(Thread.java:745) [na:1.8.0_92] Caused by: org.apache.shiro.authz.AuthorizationException: Not authorized to invoke method: public java.util.List org.sonatype.nexus.coreui.RepositoryComponent.readStatus(java.util.Map) at org.apache.shiro.authz.aop.AuthorizingAnnotationMethodInterceptor.assertAuthorized(AuthorizingAnnotationMethodInterceptor.java:90) [na:na] ... 83 common frames omitted {noformat} h4. Expected - permission problems due to unauthenticated access should not be logged at ERROR level. This causes unwarranted concern from log scanners looking for more critical ERROR level server issues. It is completely normal in a server application that sessions sent from a browser can have been expired on the server. This is not an ERROR condition.

    Sonatype JIRA | 2 months ago | Peter Lynch
    org.apache.shiro.authz.UnauthenticatedException: The current Subject is not authenticated. Access denied.
  3. 0

    Add Rut Auth to the top of the active realms list in Nexus 3, above both XML realms. Add the RUT Auth capability with the header value of username. Send the following request: {noformat} > curl -H "Username: admin" -H "Content-Type: application/json" -d '{"action": "coreui_AnonymousSettings","method": "read","data": null,"type": "rpc","tid": 44}' -v -4 "http://localhost:8081/service/extdirect" * Hostname was NOT found in DNS cache * Trying 127.0.0.1... * Connected to localhost (127.0.0.1) port 8081 (#0) > POST /service/extdirect HTTP/1.1 > User-Agent: curl/7.38.0 > Host: localhost:8081 > Accept: */* > Username: admin > Content-Type: application/json > Content-Length: 92 > * upload completely sent off: 92 out of 92 bytes < HTTP/1.1 200 OK < Date: Thu, 27 Nov 2014 17:34:12 GMT * Server Nexus/3.0.0-b2014101001 is not blacklisted < Server: Nexus/3.0.0-b2014101001 < X-Frame-Options: SAMEORIGIN < X-Content-Type-Options: nosniff < Content-Type: application/json;charset=UTF-8 < Set-Cookie: JSESSIONID=2216dc80-e71f-419e-b604-6c0ab4594ffc; Path=/; HttpOnly < Set-Cookie: rememberMe=deleteMe; Path=/; Max-Age=0; Expires=Wed, 26-Nov-2014 17:34:12 GMT < Content-Length: 198 < * Connection #0 to host localhost left intact {"tid":44,"action":"coreui_AnonymousSettings","method":"read","result":{"message":"User is not permitted: nexus:settings:read","authenticationRequired":false,"success":false,"data":[]},"type":"rpc"} {noformat} Note the "User is not permitted" message. Debug Logs from this request show RUT auth is not even consulted: {noformat} 2014-11-27 13:29:46,632-0400 DEBUG [qtp1529955279-190] org.apache.shiro.session.mgt.DefaultSessionManager - Unable to resolve session ID from SessionKey [org.apache.shiro.web.session.mgt.WebSessionKey@14f7b204]. Returning null to indicate a session could not be found. 2014-11-27 13:29:46,632-0400 DEBUG [qtp1529955279-190] *UNKNOWN com.softwarementors.extjs.djn.router.processor.standard.json.JsonRequestProcessor - Request data (JSON)=>{"action": "coreui_AnonymousSettings","method": "read","data": null,"type": "rpc","tid": 44} 2014-11-27 13:29:46,632-0400 DEBUG [qtp1529955279-190] *UNKNOWN org.sonatype.nexus.extdirect.internal.ExtDirectServlet - Creating instance of action class 'org.sonatype.nexus.coreui.AnonymousSettingsComponent' mapped to 'coreui_AnonymousSettings 2014-11-27 13:29:46,632-0400 DEBUG [qtp1529955279-190] *UNKNOWN org.sonatype.nexus.extdirect.internal.ExtDirectServlet - Invoking action method: coreui_AnonymousSettings.read, java-method: org.sonatype.nexus.coreui.AnonymousSettingsComponent.read 2014-11-27 13:29:46,632-0400 DEBUG [qtp1529955279-190] *UNKNOWN org.apache.shiro.realm.AuthenticatingRealm - Looked up AuthenticationInfo [anonymous] from doGetAuthenticationInfo 2014-11-27 13:29:46,634-0400 DEBUG [qtp1529955279-190] *UNKNOWN org.apache.shiro.authc.AbstractAuthenticator - Authentication successful for token [org.apache.shiro.authc.UsernamePasswordToken - anonymous, rememberMe=false]. Returned account [anonymous] 2014-11-27 13:29:46,634-0400 DEBUG [qtp1529955279-190] *UNKNOWN org.apache.shiro.subject.support.DefaultSubjectContext - No SecurityManager available in subject context map. Falling back to SecurityUtils.getSecurityManager() lookup. 2014-11-27 13:29:46,634-0400 DEBUG [qtp1529955279-190] *UNKNOWN org.apache.shiro.subject.support.DefaultSubjectContext - No SecurityManager available in subject context map. Falling back to SecurityUtils.getSecurityManager() lookup. 2014-11-27 13:29:46,634-0400 DEBUG [qtp1529955279-190] *UNKNOWN org.apache.shiro.session.mgt.DefaultSessionManager - Creating new EIS record for new session instance [org.apache.shiro.session.mgt.SimpleSession,id=null] 2014-11-27 13:29:46,634-0400 DEBUG [qtp1529955279-190] *UNKNOWN net.sf.ehcache.store.disk.Segment - put added 0 on heap 2014-11-27 13:29:46,634-0400 DEBUG [qtp1529955279-190] *UNKNOWN net.sf.ehcache.store.disk.Segment - put added 0 on heap 2014-11-27 13:29:46,634-0400 DEBUG [qtp1529955279-190] *UNKNOWN net.sf.ehcache.store.disk.Segment - put updated, deleted 0 on heap 2014-11-27 13:29:46,634-0400 DEBUG [qtp1529955279-190] *UNKNOWN org.apache.shiro.web.servlet.SimpleCookie - Added HttpServletResponse Cookie [JSESSIONID=c9127c75-5986-4eef-a6d4-53eddf6edd14; Path=/; HttpOnly] 2014-11-27 13:29:46,634-0400 DEBUG [shiro-activeSessionCache.data] *SYSTEM net.sf.ehcache.store.disk.Segment - fault removed 0 from heap 2014-11-27 13:29:46,634-0400 DEBUG [qtp1529955279-190] *UNKNOWN net.sf.ehcache.store.disk.Segment - put added 0 on heap 2014-11-27 13:29:46,634-0400 DEBUG [shiro-activeSessionCache.data] *SYSTEM net.sf.ehcache.store.disk.Segment - fault added 0 on disk 2014-11-27 13:29:46,634-0400 DEBUG [shiro-activeSessionCache.data] *SYSTEM net.sf.ehcache.store.disk.Segment - fault installation failed, deleted 0 from heap 2014-11-27 13:29:46,634-0400 DEBUG [shiro-activeSessionCache.data] *SYSTEM net.sf.ehcache.store.disk.Segment - fault installation failed deleted 0 from disk 2014-11-27 13:29:46,634-0400 DEBUG [qtp1529955279-190] *UNKNOWN net.sf.ehcache.store.disk.Segment - put updated, deleted 0 on heap 2014-11-27 13:29:46,634-0400 DEBUG [qtp1529955279-190] *UNKNOWN net.sf.ehcache.store.disk.Segment - put added 0 on heap 2014-11-27 13:29:46,634-0400 DEBUG [qtp1529955279-190] *UNKNOWN net.sf.ehcache.store.disk.Segment - put updated, deleted 0 on heap 2014-11-27 13:29:46,635-0400 DEBUG [qtp1529955279-190] *UNKNOWN org.apache.shiro.web.servlet.SimpleCookie - Added HttpServletResponse Cookie [rememberMe=deleteMe; Path=/; Max-Age=0; Expires=Wed, 26-Nov-2014 17:29:46 GMT] 2014-11-27 13:29:46,635-0400 DEBUG [qtp1529955279-190] *UNKNOWN org.apache.shiro.mgt.AbstractRememberMeManager - AuthenticationToken did not indicate RememberMe is requested. RememberMe functionality will not be executed for corresponding account. 2014-11-27 13:29:46,635-0400 DEBUG [shiro-activeSessionCache.data] *SYSTEM net.sf.ehcache.store.disk.Segment - fault removed 0 from heap 2014-11-27 13:29:46,635-0400 DEBUG [shiro-activeSessionCache.data] *SYSTEM net.sf.ehcache.store.disk.Segment - fault added 0 on disk 2014-11-27 13:29:46,635-0400 DEBUG [shiro-activeSessionCache.data] *SYSTEM net.sf.ehcache.store.disk.Segment - fault installation failed, deleted 0 from heap 2014-11-27 13:29:46,635-0400 DEBUG [shiro-activeSessionCache.data] *SYSTEM net.sf.ehcache.store.disk.Segment - fault installation failed deleted 0 from disk 2014-11-27 13:29:46,635-0400 DEBUG [shiro-activeSessionCache.data] *SYSTEM net.sf.ehcache.store.disk.Segment - fault removed 0 from heap 2014-11-27 13:29:46,635-0400 DEBUG [shiro-activeSessionCache.data] *SYSTEM net.sf.ehcache.store.disk.Segment - fault added 0 on disk 2014-11-27 13:29:46,635-0400 DEBUG [shiro-activeSessionCache.data] *SYSTEM net.sf.ehcache.store.disk.Segment - fault installation failed, deleted 0 from heap 2014-11-27 13:29:46,635-0400 DEBUG [shiro-activeSessionCache.data] *SYSTEM net.sf.ehcache.store.disk.Segment - fault installation failed deleted 0 from disk 2014-11-27 13:29:46,635-0400 DEBUG [shiro-activeSessionCache.data] *SYSTEM net.sf.ehcache.store.disk.Segment - fault removed 0 from heap 2014-11-27 13:29:46,635-0400 DEBUG [shiro-activeSessionCache.data] *SYSTEM net.sf.ehcache.store.disk.Segment - fault added 0 on disk 2014-11-27 13:29:46,638-0400 DEBUG [qtp1529955279-190] anonymous org.sonatype.nexus.extdirect.internal.ExtDirectServlet - Failed to invoke action method: coreui_AnonymousSettings.read, java-method: org.sonatype.nexus.coreui.AnonymousSettingsComponent.read org.apache.shiro.authz.AuthorizationException: User is not permitted: nexus:settings:read at org.sonatype.security.authorization.ExceptionCatchingModularRealmAuthorizer.checkPermission(ExceptionCatchingModularRealmAuthorizer.java:68) [na:na] at org.apache.shiro.mgt.AuthorizingSecurityManager.checkPermission(AuthorizingSecurityManager.java:137) [na:na] at org.apache.shiro.subject.support.DelegatingSubject.checkPermission(DelegatingSubject.java:205) [org.apache.shiro.core:1.2.3] at org.apache.shiro.authz.aop.PermissionAnnotationHandler.assertAuthorized(PermissionAnnotationHandler.java:74) [na:na] at org.apache.shiro.authz.aop.AuthorizingAnnotationMethodInterceptor.assertAuthorized(AuthorizingAnnotationMethodInterceptor.java:84) [na:na] at org.apache.shiro.authz.aop.AuthorizingAnnotationMethodInterceptor.invoke(AuthorizingAnnotationMethodInterceptor.java:67) [na:na] at org.apache.shiro.guice.aop.AopAllianceMethodInterceptorAdapter.invoke(AopAllianceMethodInterceptorAdapter.java:36) [na:na] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [na:1.8.0_25] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) [na:1.8.0_25] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [na:1.8.0_25] at java.lang.reflect.Method.invoke(Method.java:483) [na:1.8.0_25] at com.softwarementors.extjs.djn.router.dispatcher.DispatcherBase.invokeJavaMethod(DispatcherBase.java:142) [org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.b2014101001] at com.softwarementors.extjs.djn.router.dispatcher.DispatcherBase.invokeMethod(DispatcherBase.java:133) [org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.b2014101001] at org.sonatype.nexus.extdirect.internal.ExtDirectServlet$3.invokeMethod(ExtDirectServlet.java:225) [org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.b2014101001] at com.softwarementors.extjs.djn.router.dispatcher.DispatcherBase.dispatch(DispatcherBase.java:63) [org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.b2014101001] at com.softwarementors.extjs.djn.router.processor.standard.StandardRequestProcessorBase.dispatchStandardMethod(StandardRequestProcessorBase.java:73) [org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.b2014101001] at com.softwarementors.extjs.djn.router.processor.standard.json.JsonRequestProcessor.processIndividualRequest(JsonRequestProcessor.java:502) [org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.b2014101001] at com.softwarementors.extjs.djn.router.processor.standard.json.JsonRequestProcessor.processIndividualRequestsInThisThread(JsonRequestProcessor.java:150) [org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.b2014101001] at com.softwarementors.extjs.djn.router.processor.standard.json.JsonRequestProcessor.process(JsonRequestProcessor.java:133) [org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.b2014101001] at com.softwarementors.extjs.djn.router.RequestRouter.processJsonRequest(RequestRouter.java:83) [org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.b2014101001] at com.softwarementors.extjs.djn.servlet.DirectJNgineServlet.processRequest(DirectJNgineServlet.java:617) [org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.b2014101001] at com.softwarementors.extjs.djn.servlet.DirectJNgineServlet.doPost(DirectJNgineServlet.java:580) [org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.b2014101001] at org.sonatype.nexus.extdirect.internal.ExtDirectServlet.doPost(ExtDirectServlet.java:133) [org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.b2014101001] at javax.servlet.http.HttpServlet.service(HttpServlet.java:755) [javax.servlet:3.0.0.v201112011016] at javax.servlet.http.HttpServlet.service(HttpServlet.java:848) [javax.servlet:3.0.0.v201112011016] at com.google.inject.servlet.ServletDefinition.doServiceImpl(ServletDefinition.java:300) [org.sonatype.sisu.guice:3.2.2] at com.google.inject.servlet.ServletDefinition.doService(ServletDefinition.java:284) [org.sonatype.sisu.guice:3.2.2] at com.google.inject.servlet.ServletDefinition.service(ServletDefinition.java:187) [org.sonatype.sisu.guice:3.2.2] at com.google.inject.servlet.AbstractServletPipeline.service(AbstractServletPipeline.java:61) [org.sonatype.sisu.guice:3.2.2] at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:85) [org.sonatype.sisu.guice:3.2.2] at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:112) [org.apache.shiro.web:1.2.3] at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82) [org.sonatype.sisu.guice:3.2.2] at org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(AbstractShiroFilter.java:449) [org.apache.shiro.web:1.2.3] at org.sonatype.nexus.web.SecurityFilter.executeChain(SecurityFilter.java:71) [org.sonatype.nexus.core:3.0.0.b2014101001] at org.apache.shiro.web.servlet.AbstractShiroFilter$1.call(AbstractShiroFilter.java:365) [org.apache.shiro.web:1.2.3] at org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90) [org.apache.shiro.core:1.2.3] at org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83) [org.apache.shiro.core:1.2.3] at org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:383) [org.apache.shiro.core:1.2.3] at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:362) [org.apache.shiro.web:1.2.3] at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125) [org.apache.shiro.web:1.2.3] at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82) [org.sonatype.sisu.guice:3.2.2] at com.codahale.metrics.servlet.AbstractInstrumentedFilter.doFilter(AbstractInstrumentedFilter.java:97) [com.codahale.metrics.servlet:3.0.2] at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82) [org.sonatype.sisu.guice:3.2.2] at org.sonatype.nexus.web.internal.CommonHeadersFilter.doFilter(CommonHeadersFilter.java:67) [org.sonatype.nexus.core:3.0.0.b2014101001] at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82) [org.sonatype.sisu.guice:3.2.2] at org.sonatype.nexus.web.internal.ErrorPageFilter.doFilter(ErrorPageFilter.java:66) [org.sonatype.nexus.core:3.0.0.b2014101001] at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82) [org.sonatype.sisu.guice:3.2.2] at org.sonatype.nexus.web.internal.BaseUrlHolderFilter.doFilter(BaseUrlHolderFilter.java:68) [org.sonatype.nexus.core:3.0.0.b2014101001] at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82) [org.sonatype.sisu.guice:3.2.2] at com.google.inject.servlet.AbstractFilterPipeline.dispatch(AbstractFilterPipeline.java:95) [org.sonatype.sisu.guice:3.2.2] at com.google.inject.servlet.GuiceFilter$1.call(GuiceFilter.java:133) [org.sonatype.sisu.guice:3.2.2] at com.google.inject.servlet.GuiceFilter$1.call(GuiceFilter.java:130) [org.sonatype.sisu.guice:3.2.2] at com.google.inject.servlet.GuiceFilter$Context.call(GuiceFilter.java:203) [org.sonatype.sisu.guice:3.2.2] at com.google.inject.servlet.GuiceFilter.doFilter(GuiceFilter.java:130) [org.sonatype.sisu.guice:3.2.2] at org.sonatype.nexus.bootstrap.osgi.DelegatingFilter.doFilter(DelegatingFilter.java:73) [org.sonatype.nexus.bootstrap:3.0.0.b2014101001] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1419) [org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520] at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:455) [org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520] at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:137) [org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520] at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:557) [org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520] at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:231) [org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520] at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1075) [org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520] at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:384) [org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520] at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:193) [org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520] at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1009) [org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520] at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135) [org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520] at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116) [org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520] at com.codahale.metrics.jetty8.InstrumentedHandler.handle(InstrumentedHandler.java:192) [com.codahale.metrics.jetty8:3.0.2] at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:154) [org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520] at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116) [org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520] at org.eclipse.jetty.server.Server.handle(Server.java:370) [org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520] at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:489) [org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520] at org.eclipse.jetty.server.AbstractHttpConnection.content(AbstractHttpConnection.java:960) [org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520] at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.content(AbstractHttpConnection.java:1021) [org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520] at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:865) [org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520] at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:240) [org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520] at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82) [org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520] at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:668) [org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520] at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:52) [org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520] at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:608) [org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520] at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:543) [org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520] at java.lang.Thread.run(Thread.java:745) [na:1.8.0_25] Caused by: org.apache.shiro.authz.AuthorizationException: Not authorized to invoke method: public org.sonatype.nexus.coreui.AnonymousSettingsXO org.sonatype.nexus.coreui.AnonymousSettingsComponent.read() at org.apache.shiro.authz.aop.AuthorizingAnnotationMethodInterceptor.assertAuthorized(AuthorizingAnnotationMethodInterceptor.java:90) [na:na] ... 76 common frames omitted 2014-11-27 13:29:46,640-0400 DEBUG [qtp1529955279-190] anonymous com.softwarementors.extjs.djn.Timer - - Java method dispatch time (AnonymousSettingsComponent.read): 7.93 ms. 2014-11-27 13:29:46,641-0400 DEBUG [qtp1529955279-190] anonymous com.softwarementors.extjs.djn.router.processor.standard.json.JsonRequestProcessor - ResponseData data (JSON)=>{"tid":44,"action":"coreui_AnonymousSettings","method":"read","result":{"message":"User is not permitted: nexus:settings:read","authenticationRequired":false,"success":false,"data":[]},"type":"rpc"} 2014-11-27 13:29:46,641-0400 DEBUG [qtp1529955279-190] anonymous com.softwarementors.extjs.djn.Timer - Total servlet processing time: 8.86 ms. {noformat}

    Sonatype JIRA | 2 years ago | Peter Lynch
    org.apache.shiro.authz.AuthorizationException: User is not permitted: nexus:settings:read
  4. Speed up your debug routine!

    Automated exception search integrated into your IDE

  5. 0

    While running through security, I noticed that if you have just Roles permission, you get a warning that you cannot read privilges. While this is true, it is not necessary to create a role. Similarly, I think the placement of the warning is confusing. You get the warning before you enter the place where the fact you cannot read potentially matters (drilling down into/creating the role). Note, that the users page has a similar issue when it comes to listing roles however that page CANNOT be used without, so there is no ticket for that. The combination of the ability for it to be used and confusing warning are causing me to file. See attached screen, let me know if unclear. I had debug off during this test. No errors appeared in the js console. Below appeared in the nexus.log. I did not check older NX3 or NX2 at this time. {quote} 2015-09-17 11:58:47,887-0400 ERROR [pool-6-thread-10] joedragons org.sonatype.nexus.extdirect.internal.ExtDirectServlet - Failed to invoke action method: coreui_Privilege.read, java-method: org.sonatype.nexus.coreui.PrivilegeComponent.read org.apache.shiro.authz.AuthorizationException: User is not permitted: nexus:privileges:read at org.sonatype.nexus.security.authz.ExceptionCatchingModularRealmAuthorizer.checkPermission(ExceptionCatchingModularRealmAuthorizer.java:66) [na:na] at org.apache.shiro.mgt.AuthorizingSecurityManager.checkPermission(AuthorizingSecurityManager.java:137) [na:na] at org.apache.shiro.subject.support.DelegatingSubject.checkPermission(DelegatingSubject.java:205) [org.apache.shiro.core:1.2.4] at org.apache.shiro.authz.aop.PermissionAnnotationHandler.assertAuthorized(PermissionAnnotationHandler.java:74) [na:na] at org.apache.shiro.authz.aop.AuthorizingAnnotationMethodInterceptor.assertAuthorized(AuthorizingAnnotationMethodInterceptor.java:84) [na:na] at org.apache.shiro.authz.aop.AuthorizingAnnotationMethodInterceptor.invoke(AuthorizingAnnotationMethodInterceptor.java:67) [na:na] at org.apache.shiro.guice.aop.AopAllianceMethodInterceptorAdapter.invoke(AopAllianceMethodInterceptorAdapter.java:36) [na:na] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [na:1.8.0_40] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) [na:1.8.0_40] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [na:1.8.0_40] at java.lang.reflect.Method.invoke(Method.java:497) [na:1.8.0_40] at com.softwarementors.extjs.djn.router.dispatcher.DispatcherBase.invokeJavaMethod(DispatcherBase.java:142) [org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.SNAPSHOT] at com.softwarementors.extjs.djn.router.dispatcher.DispatcherBase.invokeMethod(DispatcherBase.java:133) [org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.SNAPSHOT] at org.sonatype.nexus.extdirect.internal.ExtDirectServlet$3.invokeMethod(ExtDirectServlet.java:201) [org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.SNAPSHOT] at com.softwarementors.extjs.djn.router.dispatcher.DispatcherBase.dispatch(DispatcherBase.java:63) [org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.SNAPSHOT] at com.softwarementors.extjs.djn.router.processor.standard.StandardRequestProcessorBase.dispatchStandardMethod(StandardRequestProcessorBase.java:73) [org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.SNAPSHOT] at com.softwarementors.extjs.djn.router.processor.standard.json.JsonRequestProcessor.processIndividualRequest(JsonRequestProcessor.java:502) [org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.SNAPSHOT] at com.softwarementors.extjs.djn.router.processor.standard.json.DefaultJsonRequestProcessorThread.processRequest(DefaultJsonRequestProcessorThread.java:72) [org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.SNAPSHOT] at com.softwarementors.extjs.djn.servlet.ssm.SsmJsonRequestProcessorThread.processRequest(SsmJsonRequestProcessorThread.java:43) [org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.SNAPSHOT] at org.sonatype.nexus.extdirect.internal.ExtDirectJsonRequestProcessorThread.access$1(ExtDirectJsonRequestProcessorThread.java:1) [org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.SNAPSHOT] at org.sonatype.nexus.extdirect.internal.ExtDirectJsonRequestProcessorThread$1.call(ExtDirectJsonRequestProcessorThread.java:59) [org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.SNAPSHOT] at org.sonatype.nexus.extdirect.internal.ExtDirectJsonRequestProcessorThread$1.call(ExtDirectJsonRequestProcessorThread.java:1) [org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.SNAPSHOT] at com.google.inject.servlet.GuiceFilter$Context.call(GuiceFilter.java:203) [com.google.inject:4.0.0] at com.google.inject.servlet.ServletScopes$3.call(ServletScopes.java:232) [com.google.inject:4.0.0] at org.sonatype.nexus.extdirect.internal.ExtDirectJsonRequestProcessorThread.processRequest(ExtDirectJsonRequestProcessorThread.java:73) [org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.SNAPSHOT] at com.softwarementors.extjs.djn.router.processor.standard.json.DefaultJsonRequestProcessorThread.call(DefaultJsonRequestProcessorThread.java:56) [org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.SNAPSHOT] at com.softwarementors.extjs.djn.router.processor.standard.json.DefaultJsonRequestProcessorThread.call(DefaultJsonRequestProcessorThread.java:30) [org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.SNAPSHOT] at java.util.concurrent.FutureTask.run(FutureTask.java:266) [na:1.8.0_40] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [na:1.8.0_40] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [na:1.8.0_40] at java.lang.Thread.run(Thread.java:745) [na:1.8.0_40] Caused by: org.apache.shiro.authz.AuthorizationException: Not authorized to invoke method: public java.util.List org.sonatype.nexus.coreui.PrivilegeComponent.read() at org.apache.shiro.authz.aop.AuthorizingAnnotationMethodInterceptor.assertAuthorized(AuthorizingAnnotationMethodInterceptor.java:90) [na:na] ... 26 common frames omitted {quote}

    Sonatype JIRA | 1 year ago | Joe Tom
    org.apache.shiro.authz.AuthorizationException: User is not permitted: nexus:privileges:read
  6. 0

    Why is a request to a @RequiresUser not redirected to the login page?

    Stack Overflow | 2 years ago | Markus W Mahlberg
    org.apache.shiro.authz.AuthorizationException: Not authorized to invoke method: public java.lang.String org.example.product.ExampleApp.controller.Index.secured()

    Not finding the right solution?
    Take a tour to get the most out of Samebug.

    Tired of useless tips?

    Automated exception search integrated into your IDE

    Root Cause Analysis

    1. org.apache.shiro.authz.AuthorizationException

      Not authorized to invoke method: public java.util.Collection org.sonatype.nexus.ldap.internal.ui.LdapServerComponent.verifyUserMapping(org.sonatype.nexus.ldap.internal.ui.LdapServerXO)

      at org.apache.shiro.authz.aop.AuthorizingAnnotationMethodInterceptor.assertAuthorized()
    2. Shiro
      AuthorizingAnnotationMethodInterceptor.invoke
      1. org.apache.shiro.authz.aop.AuthorizingAnnotationMethodInterceptor.assertAuthorized(AuthorizingAnnotationMethodInterceptor.java:90)[na:na]
      2. org.apache.shiro.authz.aop.AuthorizingAnnotationMethodInterceptor.invoke(AuthorizingAnnotationMethodInterceptor.java:67)[na:na]
      2 frames
    3. Apache Shiro :: Support :: Guice
      AopAllianceMethodInvocationAdapter.proceed
      1. org.apache.shiro.guice.aop.AopAllianceMethodInterceptorAdapter.invoke(AopAllianceMethodInterceptorAdapter.java:36)[na:na]
      2. org.apache.shiro.guice.aop.AopAllianceMethodInvocationAdapter.proceed(AopAllianceMethodInvocationAdapter.java:49)[na:na]
      2 frames
    4. Shiro
      AuthorizingAnnotationMethodInterceptor.invoke
      1. org.apache.shiro.authz.aop.AuthorizingAnnotationMethodInterceptor.invoke(AuthorizingAnnotationMethodInterceptor.java:68)[na:na]
      1 frame
    5. Apache Shiro :: Support :: Guice
      AopAllianceMethodInterceptorAdapter.invoke
      1. org.apache.shiro.guice.aop.AopAllianceMethodInterceptorAdapter.invoke(AopAllianceMethodInterceptorAdapter.java:36)[na:na]
      1 frame
    6. Java RT
      Method.invoke
      1. sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)[na:1.8.0_40]
      2. sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)[na:1.8.0_40]
      3. sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)[na:1.8.0_40]
      4. java.lang.reflect.Method.invoke(Method.java:497)[na:1.8.0_40]
      4 frames
    7. com.softwarementors.extjs
      DispatcherBase.invokeMethod
      1. com.softwarementors.extjs.djn.router.dispatcher.DispatcherBase.invokeJavaMethod(DispatcherBase.java:142)[org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.SNAPSHOT]
      2. com.softwarementors.extjs.djn.router.dispatcher.DispatcherBase.invokeMethod(DispatcherBase.java:133)[org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.SNAPSHOT]
      2 frames
    8. org.sonatype.nexus
      ExtDirectServlet$3.invokeMethod
      1. org.sonatype.nexus.extdirect.internal.ExtDirectServlet$3.invokeMethod(ExtDirectServlet.java:201)[org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.SNAPSHOT]
      1 frame
    9. com.softwarementors.extjs
      DirectJNgineServlet.doPost
      1. com.softwarementors.extjs.djn.router.dispatcher.DispatcherBase.dispatch(DispatcherBase.java:63)[org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.SNAPSHOT]
      2. com.softwarementors.extjs.djn.router.processor.standard.StandardRequestProcessorBase.dispatchStandardMethod(StandardRequestProcessorBase.java:73)[org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.SNAPSHOT]
      3. com.softwarementors.extjs.djn.router.processor.standard.json.JsonRequestProcessor.processIndividualRequest(JsonRequestProcessor.java:502)[org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.SNAPSHOT]
      4. com.softwarementors.extjs.djn.router.processor.standard.json.JsonRequestProcessor.processIndividualRequestsInThisThread(JsonRequestProcessor.java:150)[org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.SNAPSHOT]
      5. com.softwarementors.extjs.djn.router.processor.standard.json.JsonRequestProcessor.process(JsonRequestProcessor.java:133)[org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.SNAPSHOT]
      6. com.softwarementors.extjs.djn.router.RequestRouter.processJsonRequest(RequestRouter.java:83)[org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.SNAPSHOT]
      7. com.softwarementors.extjs.djn.servlet.DirectJNgineServlet.processRequest(DirectJNgineServlet.java:617)[org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.SNAPSHOT]
      8. com.softwarementors.extjs.djn.servlet.DirectJNgineServlet.doPost(DirectJNgineServlet.java:580)[org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.SNAPSHOT]
      8 frames
    10. org.sonatype.nexus
      ExtDirectServlet.doPost
      1. org.sonatype.nexus.extdirect.internal.ExtDirectServlet.doPost(ExtDirectServlet.java:121)[org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.SNAPSHOT]
      1 frame
    11. JavaServlet
      HttpServlet.service
      1. javax.servlet.http.HttpServlet.service(HttpServlet.java:707)[javax.servlet-api:3.1.0]
      2. javax.servlet.http.HttpServlet.service(HttpServlet.java:790)[javax.servlet-api:3.1.0]
      2 frames
    12. Guice - Servlet
      FilterChainInvocation.doFilter
      1. com.google.inject.servlet.ServletDefinition.doServiceImpl(ServletDefinition.java:287)[com.google.inject:4.0.0]
      2. com.google.inject.servlet.ServletDefinition.doService(ServletDefinition.java:277)[com.google.inject:4.0.0]
      3. com.google.inject.servlet.ServletDefinition.service(ServletDefinition.java:182)[com.google.inject:4.0.0]
      4. com.google.inject.servlet.DynamicServletPipeline.service(DynamicServletPipeline.java:70)[com.google.inject:4.0.0]
      5. com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:85)[com.google.inject:4.0.0]
      5 frames
    13. Shiro
      OncePerRequestFilter.doFilter
      1. org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:112)[org.apache.shiro.web:1.2.3]
      1 frame
    14. Guice - Servlet
      FilterChainInvocation.doFilter
      1. com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82)[com.google.inject:4.0.0]
      1 frame
    15. Shiro
      AbstractShiroFilter.executeChain
      1. org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:61)[org.apache.shiro.web:1.2.3]
      2. org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.java:108)[org.apache.shiro.web:1.2.3]
      3. org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:137)[org.apache.shiro.web:1.2.3]
      4. org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)[org.apache.shiro.web:1.2.3]
      5. org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66)[org.apache.shiro.web:1.2.3]
      6. org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(AbstractShiroFilter.java:449)[org.apache.shiro.web:1.2.3]
      6 frames
    16. Nexus Core
      SecurityFilter.executeChain
      1. org.sonatype.nexus.security.SecurityFilter.executeChain(SecurityFilter.java:85)[org.sonatype.nexus.security:3.0.0.SNAPSHOT]
      1 frame
    17. Shiro
      AbstractShiroFilter.doFilterInternal
      1. org.apache.shiro.web.servlet.AbstractShiroFilter$1.call(AbstractShiroFilter.java:365)[org.apache.shiro.web:1.2.3]
      2. org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90)[org.apache.shiro.core:1.2.3]
      3. org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83)[org.apache.shiro.core:1.2.3]
      4. org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:383)[org.apache.shiro.core:1.2.3]
      5. org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:362)[org.apache.shiro.web:1.2.3]
      5 frames
    18. Nexus Core
      SecurityFilter.doFilterInternal
      1. org.sonatype.nexus.security.SecurityFilter.doFilterInternal(SecurityFilter.java:101)[org.sonatype.nexus.security:3.0.0.SNAPSHOT]
      1 frame
    19. Shiro
      OncePerRequestFilter.doFilter
      1. org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)[org.apache.shiro.web:1.2.3]
      1 frame
    20. Guice - Servlet
      FilterChainInvocation.doFilter
      1. com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82)[com.google.inject:4.0.0]
      1 frame
    21. com.sonatype.nexus
      LicensingRedirectFilter.doFilter
      1. com.sonatype.nexus.licensing.internal.LicensingRedirectFilter.doFilter(LicensingRedirectFilter.java:130)[com.sonatype.nexus.plugins.nexus-licensing-plugin:3.0.0.SNAPSHOT]
      1 frame
    22. Guice - Servlet
      FilterChainInvocation.doFilter
      1. com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82)[com.google.inject:4.0.0]
      1 frame
    23. com.codahale.metrics
      AbstractInstrumentedFilter.doFilter
      1. com.codahale.metrics.servlet.AbstractInstrumentedFilter.doFilter(AbstractInstrumentedFilter.java:97)[com.codahale.metrics.servlet:3.0.2]
      1 frame
    24. Guice - Servlet
      FilterChainInvocation.doFilter
      1. com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82)[com.google.inject:4.0.0]
      1 frame
    25. org.sonatype.nexus
      ErrorPageFilter.doFilter
      1. org.sonatype.nexus.internal.web.ErrorPageFilter.doFilter(ErrorPageFilter.java:63)[org.sonatype.nexus.core:3.0.0.SNAPSHOT]
      1 frame
    26. Guice - Servlet
      FilterChainInvocation.doFilter
      1. com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82)[com.google.inject:4.0.0]
      1 frame
    27. org.sonatype.nexus
      EnvironmentFilter.doFilter
      1. org.sonatype.nexus.internal.web.EnvironmentFilter.doFilter(EnvironmentFilter.java:92)[org.sonatype.nexus.core:3.0.0.SNAPSHOT]
      1 frame
    28. Guice - Servlet
      GuiceFilter.doFilter
      1. com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82)[com.google.inject:4.0.0]
      2. com.google.inject.servlet.DynamicFilterPipeline.dispatch(DynamicFilterPipeline.java:104)[com.google.inject:4.0.0]
      3. com.google.inject.servlet.GuiceFilter$1.call(GuiceFilter.java:133)[com.google.inject:4.0.0]
      4. com.google.inject.servlet.GuiceFilter$1.call(GuiceFilter.java:130)[com.google.inject:4.0.0]
      5. com.google.inject.servlet.GuiceFilter$Context.call(GuiceFilter.java:203)[com.google.inject:4.0.0]
      6. com.google.inject.servlet.GuiceFilter.doFilter(GuiceFilter.java:130)[com.google.inject:4.0.0]
      6 frames
    29. org.sonatype.nexus
      DelegatingFilter.doFilter
      1. org.sonatype.nexus.bootstrap.osgi.DelegatingFilter.doFilter(DelegatingFilter.java:73)[org.sonatype.nexus.bootstrap:3.0.0.SNAPSHOT]
      1 frame
    30. Jetty
      HandlerWrapper.handle
      1. org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)[org.eclipse.jetty.servlet:9.2.9.v20150224]
      2. org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:585)[org.eclipse.jetty.servlet:9.2.9.v20150224]
      3. org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)[org.eclipse.jetty.server:9.2.9.v20150224]
      4. org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:577)[org.eclipse.jetty.security:9.2.9.v20150224]
      5. org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:223)[org.eclipse.jetty.server:9.2.9.v20150224]
      6. org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1127)[org.eclipse.jetty.server:9.2.9.v20150224]
      7. org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:515)[org.eclipse.jetty.servlet:9.2.9.v20150224]
      8. org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)[org.eclipse.jetty.server:9.2.9.v20150224]
      9. org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1061)[org.eclipse.jetty.server:9.2.9.v20150224]
      10. org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)[org.eclipse.jetty.server:9.2.9.v20150224]
      11. org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97)[org.eclipse.jetty.server:9.2.9.v20150224]
      11 frames
    31. Metrics Integration for Jetty 9.1 and higher
      InstrumentedHandler.handle
      1. com.codahale.metrics.jetty9.InstrumentedHandler.handle(InstrumentedHandler.java:175)[com.codahale.metrics.jetty9:3.0.2]
      1 frame
    32. Jetty
      QueuedThreadPool$3.run
      1. org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:110)[org.eclipse.jetty.server:9.2.9.v20150224]
      2. org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97)[org.eclipse.jetty.server:9.2.9.v20150224]
      3. org.eclipse.jetty.server.Server.handle(Server.java:497)[org.eclipse.jetty.server:9.2.9.v20150224]
      4. org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:310)[org.eclipse.jetty.server:9.2.9.v20150224]
      5. org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:257)[org.eclipse.jetty.server:9.2.9.v20150224]
      6. org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:540)[org.eclipse.jetty.io:9.2.9.v20150224]
      7. org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:635)[org.eclipse.jetty.util:9.2.9.v20150224]
      8. org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:555)[org.eclipse.jetty.util:9.2.9.v20150224]
      8 frames
    33. Java RT
      Thread.run
      1. java.lang.Thread.run(Thread.java:745)[na:1.8.0_40]
      1 frame