org.sonatype.nexus.security.role.NoSuchRoleException

There are no available Samebug tips for this exception. Do you have an idea how to solve this issue? A short tip would help users who saw this issue last week.

  • When an LDAP mapped user uses Nexus we are repeated looping through all of their LDAP groups. This is done for every single privilege check. The comparison done is very inefficient, and an exception is thrown for each group not found mapped to a nexus role. Here's an example, there were 970 of these just for this one group in 11 seconds. All I did was click around the UI a bit while logged in as an LDAP user mapped to nx-admin. This is repeated for every group my test user is a member of. {noformat} 2016-05-20 08:48:24,365-0500 TRACE [qtp1603293723-358] rseddon org.sonatype.nexus.security.internal.RolePermissionResolverImpl - Ignoring missing role: nested org.sonatype.nexus.security.role.NoSuchRoleException: Role not found: nested at org.sonatype.nexus.security.internal.SecurityConfigurationManagerImpl.readRole(SecurityConfigurationManagerImpl.java:197) [na:na] at org.sonatype.nexus.security.internal.RolePermissionResolverImpl.resolvePermissionsInRole(RolePermissionResolverImpl.java:116) [na:na] at org.apache.shiro.realm.AuthorizingRealm.resolveRolePermissions(AuthorizingRealm.java:447) [org.apache.shiro.core:1.2.4] at org.apache.shiro.realm.AuthorizingRealm.getPermissions(AuthorizingRealm.java:415) [org.apache.shiro.core:1.2.4] at org.apache.shiro.realm.AuthorizingRealm.isPermitted(AuthorizingRealm.java:468) [org.apache.shiro.core:1.2.4] at org.apache.shiro.realm.AuthorizingRealm.isPermitted(AuthorizingRealm.java:499) [org.apache.shiro.core:1.2.4] at org.apache.shiro.realm.AuthorizingRealm.isPermitted(AuthorizingRealm.java:489) [org.apache.shiro.core:1.2.4] at org.sonatype.nexus.security.authz.ExceptionCatchingModularRealmAuthorizer.isPermitted(ExceptionCatchingModularRealmAuthorizer.java:256) [org.sonatype.nexus.security:3.0.0.03] at org.apache.shiro.mgt.AuthorizingSecurityManager.isPermitted(AuthorizingSecurityManager.java:125) [org.apache.shiro.core:1.2.4] at org.apache.shiro.subject.support.DelegatingSubject.isPermitted(DelegatingSubject.java:175) [org.apache.shiro.core:1.2.4] at org.sonatype.nexus.rapture.internal.security.SecurityComponent.calculatePermissions(SecurityComponent.java:207) [org.sonatype.nexus.rapture:3.0.0.03] at org.sonatype.nexus.rapture.internal.security.SecurityComponent.getPermissions(SecurityComponent.java:170) [org.sonatype.nexus.rapture:3.0.0.03] at org.sonatype.nexus.rapture.internal.security.SecurityComponent.getState(SecurityComponent.java:179) [org.sonatype.nexus.rapture:3.0.0.03] at org.sonatype.nexus.rapture.internal.state.StateComponent.getState(StateComponent.java:81) [org.sonatype.nexus.rapture:3.0.0.03] at org.sonatype.nexus.rapture.internal.state.StateComponent$$EnhancerByGuice$$c680be9.CGLIB$getState$0(<generated>) [4.0:na] at org.sonatype.nexus.rapture.internal.state.StateComponent$$EnhancerByGuice$$c680be9$$FastClassByGuice$$f5589e80.invoke(<generated>) [4.0:na] at com.google.inject.internal.cglib.proxy.$MethodProxy.invokeSuper(MethodProxy.java:228) [com.google.inject:4.0.0] at com.google.inject.internal.InterceptorStackCallback$InterceptedMethodInvocation.proceed(InterceptorStackCallback.java:75) [com.google.inject:4.0.0] at com.palominolabs.metrics.guice.TimedInterceptor.invoke(TimedInterceptor.java:47) [com.palominolabs.metrics.guice:3.0.2] at com.google.inject.internal.InterceptorStackCallback$InterceptedMethodInvocation.proceed(InterceptorStackCallback.java:75) [com.google.inject:4.0.0] at com.google.inject.internal.InterceptorStackCallback.intercept(InterceptorStackCallback.java:55) [com.google.inject:4.0.0] at org.sonatype.nexus.rapture.internal.state.StateComponent$$EnhancerByGuice$$c680be9.getState(<generated>) [4.0:na] at sun.reflect.GeneratedMethodAccessor107.invoke(Unknown Source) [na:na] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [na:1.8.0_60] at java.lang.reflect.Method.invoke(Method.java:497) [na:1.8.0_60] {noformat} Acceptance Criteria: * Examine how to reduce the exception count as a bare minimum * Some minimal tuning to identify what the deeper issue is * Solve low hanging fruit, gain information on larger issues ** Get together to produce follow up issues/stories based on deeper understanding NOTE: * We will need to test this against a large LDAP instance to verify the fixes if we make any
    via by Rich Seddon,
    • org.sonatype.nexus.security.role.NoSuchRoleException: Role not found: nested at org.sonatype.nexus.security.internal.SecurityConfigurationManagerImpl.readRole(SecurityConfigurationManagerImpl.java:197)[na:na] at org.sonatype.nexus.security.internal.RolePermissionResolverImpl.resolvePermissionsInRole(RolePermissionResolverImpl.java:116)[na:na] at org.apache.shiro.realm.AuthorizingRealm.resolveRolePermissions(AuthorizingRealm.java:447)[org.apache.shiro.core:1.2.4] at org.apache.shiro.realm.AuthorizingRealm.getPermissions(AuthorizingRealm.java:415)[org.apache.shiro.core:1.2.4] at org.apache.shiro.realm.AuthorizingRealm.isPermitted(AuthorizingRealm.java:468)[org.apache.shiro.core:1.2.4] at org.apache.shiro.realm.AuthorizingRealm.isPermitted(AuthorizingRealm.java:499)[org.apache.shiro.core:1.2.4] at org.apache.shiro.realm.AuthorizingRealm.isPermitted(AuthorizingRealm.java:489)[org.apache.shiro.core:1.2.4] at org.sonatype.nexus.security.authz.ExceptionCatchingModularRealmAuthorizer.isPermitted(ExceptionCatchingModularRealmAuthorizer.java:256)[org.sonatype.nexus.security:3.0.0.03] at org.apache.shiro.mgt.AuthorizingSecurityManager.isPermitted(AuthorizingSecurityManager.java:125)[org.apache.shiro.core:1.2.4] at org.apache.shiro.subject.support.DelegatingSubject.isPermitted(DelegatingSubject.java:175)[org.apache.shiro.core:1.2.4] at org.sonatype.nexus.rapture.internal.security.SecurityComponent.calculatePermissions(SecurityComponent.java:207)[org.sonatype.nexus.rapture:3.0.0.03] at org.sonatype.nexus.rapture.internal.security.SecurityComponent.getPermissions(SecurityComponent.java:170)[org.sonatype.nexus.rapture:3.0.0.03] at org.sonatype.nexus.rapture.internal.security.SecurityComponent.getState(SecurityComponent.java:179)[org.sonatype.nexus.rapture:3.0.0.03] at org.sonatype.nexus.rapture.internal.state.StateComponent.getState(StateComponent.java:81)[org.sonatype.nexus.rapture:3.0.0.03] at org.sonatype.nexus.rapture.internal.state.StateComponent$$EnhancerByGuice$$c680be9.CGLIB$getState$0(<generated>)[4.0:na] at org.sonatype.nexus.rapture.internal.state.StateComponent$$EnhancerByGuice$$c680be9$$FastClassByGuice$$f5589e80.invoke(<generated>)[4.0:na] at com.google.inject.internal.cglib.proxy.$MethodProxy.invokeSuper(MethodProxy.java:228)[com.google.inject:4.0.0] at com.google.inject.internal.InterceptorStackCallback$InterceptedMethodInvocation.proceed(InterceptorStackCallback.java:75)[com.google.inject:4.0.0] at com.palominolabs.metrics.guice.TimedInterceptor.invoke(TimedInterceptor.java:47)[com.palominolabs.metrics.guice:3.0.2] at com.google.inject.internal.InterceptorStackCallback$InterceptedMethodInvocation.proceed(InterceptorStackCallback.java:75)[com.google.inject:4.0.0] at com.google.inject.internal.InterceptorStackCallback.intercept(InterceptorStackCallback.java:55)[com.google.inject:4.0.0] at org.sonatype.nexus.rapture.internal.state.StateComponent$$EnhancerByGuice$$c680be9.getState(<generated>)[4.0:na] at sun.reflect.GeneratedMethodAccessor107.invoke(Unknown Source)[na:na] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)[na:1.8.0_60] at java.lang.reflect.Method.invoke(Method.java:497)[na:1.8.0_60]
    No Bugmate found.