org.apache.shiro.authz.AuthorizationException: User is not permitted: nexus:settings:read

Sonatype JIRA | Peter Lynch | 2 years ago
  1. 0

    Add Rut Auth to the top of the active realms list in Nexus 3, above both XML realms. Add the RUT Auth capability with the header value of username. Send the following request: {noformat} > curl -H "Username: admin" -H "Content-Type: application/json" -d '{"action": "coreui_AnonymousSettings","method": "read","data": null,"type": "rpc","tid": 44}' -v -4 "http://localhost:8081/service/extdirect" * Hostname was NOT found in DNS cache * Trying 127.0.0.1... * Connected to localhost (127.0.0.1) port 8081 (#0) > POST /service/extdirect HTTP/1.1 > User-Agent: curl/7.38.0 > Host: localhost:8081 > Accept: */* > Username: admin > Content-Type: application/json > Content-Length: 92 > * upload completely sent off: 92 out of 92 bytes < HTTP/1.1 200 OK < Date: Thu, 27 Nov 2014 17:34:12 GMT * Server Nexus/3.0.0-b2014101001 is not blacklisted < Server: Nexus/3.0.0-b2014101001 < X-Frame-Options: SAMEORIGIN < X-Content-Type-Options: nosniff < Content-Type: application/json;charset=UTF-8 < Set-Cookie: JSESSIONID=2216dc80-e71f-419e-b604-6c0ab4594ffc; Path=/; HttpOnly < Set-Cookie: rememberMe=deleteMe; Path=/; Max-Age=0; Expires=Wed, 26-Nov-2014 17:34:12 GMT < Content-Length: 198 < * Connection #0 to host localhost left intact {"tid":44,"action":"coreui_AnonymousSettings","method":"read","result":{"message":"User is not permitted: nexus:settings:read","authenticationRequired":false,"success":false,"data":[]},"type":"rpc"} {noformat} Note the "User is not permitted" message. Debug Logs from this request show RUT auth is not even consulted: {noformat} 2014-11-27 13:29:46,632-0400 DEBUG [qtp1529955279-190] org.apache.shiro.session.mgt.DefaultSessionManager - Unable to resolve session ID from SessionKey [org.apache.shiro.web.session.mgt.WebSessionKey@14f7b204]. Returning null to indicate a session could not be found. 2014-11-27 13:29:46,632-0400 DEBUG [qtp1529955279-190] *UNKNOWN com.softwarementors.extjs.djn.router.processor.standard.json.JsonRequestProcessor - Request data (JSON)=>{"action": "coreui_AnonymousSettings","method": "read","data": null,"type": "rpc","tid": 44} 2014-11-27 13:29:46,632-0400 DEBUG [qtp1529955279-190] *UNKNOWN org.sonatype.nexus.extdirect.internal.ExtDirectServlet - Creating instance of action class 'org.sonatype.nexus.coreui.AnonymousSettingsComponent' mapped to 'coreui_AnonymousSettings 2014-11-27 13:29:46,632-0400 DEBUG [qtp1529955279-190] *UNKNOWN org.sonatype.nexus.extdirect.internal.ExtDirectServlet - Invoking action method: coreui_AnonymousSettings.read, java-method: org.sonatype.nexus.coreui.AnonymousSettingsComponent.read 2014-11-27 13:29:46,632-0400 DEBUG [qtp1529955279-190] *UNKNOWN org.apache.shiro.realm.AuthenticatingRealm - Looked up AuthenticationInfo [anonymous] from doGetAuthenticationInfo 2014-11-27 13:29:46,634-0400 DEBUG [qtp1529955279-190] *UNKNOWN org.apache.shiro.authc.AbstractAuthenticator - Authentication successful for token [org.apache.shiro.authc.UsernamePasswordToken - anonymous, rememberMe=false]. Returned account [anonymous] 2014-11-27 13:29:46,634-0400 DEBUG [qtp1529955279-190] *UNKNOWN org.apache.shiro.subject.support.DefaultSubjectContext - No SecurityManager available in subject context map. Falling back to SecurityUtils.getSecurityManager() lookup. 2014-11-27 13:29:46,634-0400 DEBUG [qtp1529955279-190] *UNKNOWN org.apache.shiro.subject.support.DefaultSubjectContext - No SecurityManager available in subject context map. Falling back to SecurityUtils.getSecurityManager() lookup. 2014-11-27 13:29:46,634-0400 DEBUG [qtp1529955279-190] *UNKNOWN org.apache.shiro.session.mgt.DefaultSessionManager - Creating new EIS record for new session instance [org.apache.shiro.session.mgt.SimpleSession,id=null] 2014-11-27 13:29:46,634-0400 DEBUG [qtp1529955279-190] *UNKNOWN net.sf.ehcache.store.disk.Segment - put added 0 on heap 2014-11-27 13:29:46,634-0400 DEBUG [qtp1529955279-190] *UNKNOWN net.sf.ehcache.store.disk.Segment - put added 0 on heap 2014-11-27 13:29:46,634-0400 DEBUG [qtp1529955279-190] *UNKNOWN net.sf.ehcache.store.disk.Segment - put updated, deleted 0 on heap 2014-11-27 13:29:46,634-0400 DEBUG [qtp1529955279-190] *UNKNOWN org.apache.shiro.web.servlet.SimpleCookie - Added HttpServletResponse Cookie [JSESSIONID=c9127c75-5986-4eef-a6d4-53eddf6edd14; Path=/; HttpOnly] 2014-11-27 13:29:46,634-0400 DEBUG [shiro-activeSessionCache.data] *SYSTEM net.sf.ehcache.store.disk.Segment - fault removed 0 from heap 2014-11-27 13:29:46,634-0400 DEBUG [qtp1529955279-190] *UNKNOWN net.sf.ehcache.store.disk.Segment - put added 0 on heap 2014-11-27 13:29:46,634-0400 DEBUG [shiro-activeSessionCache.data] *SYSTEM net.sf.ehcache.store.disk.Segment - fault added 0 on disk 2014-11-27 13:29:46,634-0400 DEBUG [shiro-activeSessionCache.data] *SYSTEM net.sf.ehcache.store.disk.Segment - fault installation failed, deleted 0 from heap 2014-11-27 13:29:46,634-0400 DEBUG [shiro-activeSessionCache.data] *SYSTEM net.sf.ehcache.store.disk.Segment - fault installation failed deleted 0 from disk 2014-11-27 13:29:46,634-0400 DEBUG [qtp1529955279-190] *UNKNOWN net.sf.ehcache.store.disk.Segment - put updated, deleted 0 on heap 2014-11-27 13:29:46,634-0400 DEBUG [qtp1529955279-190] *UNKNOWN net.sf.ehcache.store.disk.Segment - put added 0 on heap 2014-11-27 13:29:46,634-0400 DEBUG [qtp1529955279-190] *UNKNOWN net.sf.ehcache.store.disk.Segment - put updated, deleted 0 on heap 2014-11-27 13:29:46,635-0400 DEBUG [qtp1529955279-190] *UNKNOWN org.apache.shiro.web.servlet.SimpleCookie - Added HttpServletResponse Cookie [rememberMe=deleteMe; Path=/; Max-Age=0; Expires=Wed, 26-Nov-2014 17:29:46 GMT] 2014-11-27 13:29:46,635-0400 DEBUG [qtp1529955279-190] *UNKNOWN org.apache.shiro.mgt.AbstractRememberMeManager - AuthenticationToken did not indicate RememberMe is requested. RememberMe functionality will not be executed for corresponding account. 2014-11-27 13:29:46,635-0400 DEBUG [shiro-activeSessionCache.data] *SYSTEM net.sf.ehcache.store.disk.Segment - fault removed 0 from heap 2014-11-27 13:29:46,635-0400 DEBUG [shiro-activeSessionCache.data] *SYSTEM net.sf.ehcache.store.disk.Segment - fault added 0 on disk 2014-11-27 13:29:46,635-0400 DEBUG [shiro-activeSessionCache.data] *SYSTEM net.sf.ehcache.store.disk.Segment - fault installation failed, deleted 0 from heap 2014-11-27 13:29:46,635-0400 DEBUG [shiro-activeSessionCache.data] *SYSTEM net.sf.ehcache.store.disk.Segment - fault installation failed deleted 0 from disk 2014-11-27 13:29:46,635-0400 DEBUG [shiro-activeSessionCache.data] *SYSTEM net.sf.ehcache.store.disk.Segment - fault removed 0 from heap 2014-11-27 13:29:46,635-0400 DEBUG [shiro-activeSessionCache.data] *SYSTEM net.sf.ehcache.store.disk.Segment - fault added 0 on disk 2014-11-27 13:29:46,635-0400 DEBUG [shiro-activeSessionCache.data] *SYSTEM net.sf.ehcache.store.disk.Segment - fault installation failed, deleted 0 from heap 2014-11-27 13:29:46,635-0400 DEBUG [shiro-activeSessionCache.data] *SYSTEM net.sf.ehcache.store.disk.Segment - fault installation failed deleted 0 from disk 2014-11-27 13:29:46,635-0400 DEBUG [shiro-activeSessionCache.data] *SYSTEM net.sf.ehcache.store.disk.Segment - fault removed 0 from heap 2014-11-27 13:29:46,635-0400 DEBUG [shiro-activeSessionCache.data] *SYSTEM net.sf.ehcache.store.disk.Segment - fault added 0 on disk 2014-11-27 13:29:46,638-0400 DEBUG [qtp1529955279-190] anonymous org.sonatype.nexus.extdirect.internal.ExtDirectServlet - Failed to invoke action method: coreui_AnonymousSettings.read, java-method: org.sonatype.nexus.coreui.AnonymousSettingsComponent.read org.apache.shiro.authz.AuthorizationException: User is not permitted: nexus:settings:read at org.sonatype.security.authorization.ExceptionCatchingModularRealmAuthorizer.checkPermission(ExceptionCatchingModularRealmAuthorizer.java:68) [na:na] at org.apache.shiro.mgt.AuthorizingSecurityManager.checkPermission(AuthorizingSecurityManager.java:137) [na:na] at org.apache.shiro.subject.support.DelegatingSubject.checkPermission(DelegatingSubject.java:205) [org.apache.shiro.core:1.2.3] at org.apache.shiro.authz.aop.PermissionAnnotationHandler.assertAuthorized(PermissionAnnotationHandler.java:74) [na:na] at org.apache.shiro.authz.aop.AuthorizingAnnotationMethodInterceptor.assertAuthorized(AuthorizingAnnotationMethodInterceptor.java:84) [na:na] at org.apache.shiro.authz.aop.AuthorizingAnnotationMethodInterceptor.invoke(AuthorizingAnnotationMethodInterceptor.java:67) [na:na] at org.apache.shiro.guice.aop.AopAllianceMethodInterceptorAdapter.invoke(AopAllianceMethodInterceptorAdapter.java:36) [na:na] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [na:1.8.0_25] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) [na:1.8.0_25] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [na:1.8.0_25] at java.lang.reflect.Method.invoke(Method.java:483) [na:1.8.0_25] at com.softwarementors.extjs.djn.router.dispatcher.DispatcherBase.invokeJavaMethod(DispatcherBase.java:142) [org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.b2014101001] at com.softwarementors.extjs.djn.router.dispatcher.DispatcherBase.invokeMethod(DispatcherBase.java:133) [org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.b2014101001] at org.sonatype.nexus.extdirect.internal.ExtDirectServlet$3.invokeMethod(ExtDirectServlet.java:225) [org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.b2014101001] at com.softwarementors.extjs.djn.router.dispatcher.DispatcherBase.dispatch(DispatcherBase.java:63) [org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.b2014101001] at com.softwarementors.extjs.djn.router.processor.standard.StandardRequestProcessorBase.dispatchStandardMethod(StandardRequestProcessorBase.java:73) [org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.b2014101001] at com.softwarementors.extjs.djn.router.processor.standard.json.JsonRequestProcessor.processIndividualRequest(JsonRequestProcessor.java:502) [org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.b2014101001] at com.softwarementors.extjs.djn.router.processor.standard.json.JsonRequestProcessor.processIndividualRequestsInThisThread(JsonRequestProcessor.java:150) [org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.b2014101001] at com.softwarementors.extjs.djn.router.processor.standard.json.JsonRequestProcessor.process(JsonRequestProcessor.java:133) [org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.b2014101001] at com.softwarementors.extjs.djn.router.RequestRouter.processJsonRequest(RequestRouter.java:83) [org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.b2014101001] at com.softwarementors.extjs.djn.servlet.DirectJNgineServlet.processRequest(DirectJNgineServlet.java:617) [org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.b2014101001] at com.softwarementors.extjs.djn.servlet.DirectJNgineServlet.doPost(DirectJNgineServlet.java:580) [org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.b2014101001] at org.sonatype.nexus.extdirect.internal.ExtDirectServlet.doPost(ExtDirectServlet.java:133) [org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.b2014101001] at javax.servlet.http.HttpServlet.service(HttpServlet.java:755) [javax.servlet:3.0.0.v201112011016] at javax.servlet.http.HttpServlet.service(HttpServlet.java:848) [javax.servlet:3.0.0.v201112011016] at com.google.inject.servlet.ServletDefinition.doServiceImpl(ServletDefinition.java:300) [org.sonatype.sisu.guice:3.2.2] at com.google.inject.servlet.ServletDefinition.doService(ServletDefinition.java:284) [org.sonatype.sisu.guice:3.2.2] at com.google.inject.servlet.ServletDefinition.service(ServletDefinition.java:187) [org.sonatype.sisu.guice:3.2.2] at com.google.inject.servlet.AbstractServletPipeline.service(AbstractServletPipeline.java:61) [org.sonatype.sisu.guice:3.2.2] at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:85) [org.sonatype.sisu.guice:3.2.2] at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:112) [org.apache.shiro.web:1.2.3] at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82) [org.sonatype.sisu.guice:3.2.2] at org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(AbstractShiroFilter.java:449) [org.apache.shiro.web:1.2.3] at org.sonatype.nexus.web.SecurityFilter.executeChain(SecurityFilter.java:71) [org.sonatype.nexus.core:3.0.0.b2014101001] at org.apache.shiro.web.servlet.AbstractShiroFilter$1.call(AbstractShiroFilter.java:365) [org.apache.shiro.web:1.2.3] at org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90) [org.apache.shiro.core:1.2.3] at org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83) [org.apache.shiro.core:1.2.3] at org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:383) [org.apache.shiro.core:1.2.3] at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:362) [org.apache.shiro.web:1.2.3] at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125) [org.apache.shiro.web:1.2.3] at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82) [org.sonatype.sisu.guice:3.2.2] at com.codahale.metrics.servlet.AbstractInstrumentedFilter.doFilter(AbstractInstrumentedFilter.java:97) [com.codahale.metrics.servlet:3.0.2] at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82) [org.sonatype.sisu.guice:3.2.2] at org.sonatype.nexus.web.internal.CommonHeadersFilter.doFilter(CommonHeadersFilter.java:67) [org.sonatype.nexus.core:3.0.0.b2014101001] at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82) [org.sonatype.sisu.guice:3.2.2] at org.sonatype.nexus.web.internal.ErrorPageFilter.doFilter(ErrorPageFilter.java:66) [org.sonatype.nexus.core:3.0.0.b2014101001] at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82) [org.sonatype.sisu.guice:3.2.2] at org.sonatype.nexus.web.internal.BaseUrlHolderFilter.doFilter(BaseUrlHolderFilter.java:68) [org.sonatype.nexus.core:3.0.0.b2014101001] at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82) [org.sonatype.sisu.guice:3.2.2] at com.google.inject.servlet.AbstractFilterPipeline.dispatch(AbstractFilterPipeline.java:95) [org.sonatype.sisu.guice:3.2.2] at com.google.inject.servlet.GuiceFilter$1.call(GuiceFilter.java:133) [org.sonatype.sisu.guice:3.2.2] at com.google.inject.servlet.GuiceFilter$1.call(GuiceFilter.java:130) [org.sonatype.sisu.guice:3.2.2] at com.google.inject.servlet.GuiceFilter$Context.call(GuiceFilter.java:203) [org.sonatype.sisu.guice:3.2.2] at com.google.inject.servlet.GuiceFilter.doFilter(GuiceFilter.java:130) [org.sonatype.sisu.guice:3.2.2] at org.sonatype.nexus.bootstrap.osgi.DelegatingFilter.doFilter(DelegatingFilter.java:73) [org.sonatype.nexus.bootstrap:3.0.0.b2014101001] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1419) [org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520] at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:455) [org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520] at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:137) [org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520] at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:557) [org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520] at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:231) [org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520] at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1075) [org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520] at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:384) [org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520] at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:193) [org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520] at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1009) [org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520] at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135) [org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520] at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116) [org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520] at com.codahale.metrics.jetty8.InstrumentedHandler.handle(InstrumentedHandler.java:192) [com.codahale.metrics.jetty8:3.0.2] at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:154) [org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520] at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116) [org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520] at org.eclipse.jetty.server.Server.handle(Server.java:370) [org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520] at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:489) [org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520] at org.eclipse.jetty.server.AbstractHttpConnection.content(AbstractHttpConnection.java:960) [org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520] at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.content(AbstractHttpConnection.java:1021) [org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520] at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:865) [org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520] at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:240) [org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520] at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82) [org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520] at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:668) [org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520] at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:52) [org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520] at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:608) [org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520] at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:543) [org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520] at java.lang.Thread.run(Thread.java:745) [na:1.8.0_25] Caused by: org.apache.shiro.authz.AuthorizationException: Not authorized to invoke method: public org.sonatype.nexus.coreui.AnonymousSettingsXO org.sonatype.nexus.coreui.AnonymousSettingsComponent.read() at org.apache.shiro.authz.aop.AuthorizingAnnotationMethodInterceptor.assertAuthorized(AuthorizingAnnotationMethodInterceptor.java:90) [na:na] ... 76 common frames omitted 2014-11-27 13:29:46,640-0400 DEBUG [qtp1529955279-190] anonymous com.softwarementors.extjs.djn.Timer - - Java method dispatch time (AnonymousSettingsComponent.read): 7.93 ms. 2014-11-27 13:29:46,641-0400 DEBUG [qtp1529955279-190] anonymous com.softwarementors.extjs.djn.router.processor.standard.json.JsonRequestProcessor - ResponseData data (JSON)=>{"tid":44,"action":"coreui_AnonymousSettings","method":"read","result":{"message":"User is not permitted: nexus:settings:read","authenticationRequired":false,"success":false,"data":[]},"type":"rpc"} 2014-11-27 13:29:46,641-0400 DEBUG [qtp1529955279-190] anonymous com.softwarementors.extjs.djn.Timer - Total servlet processing time: 8.86 ms. {noformat}

    Sonatype JIRA | 2 years ago | Peter Lynch
    org.apache.shiro.authz.AuthorizationException: User is not permitted: nexus:settings:read
  2. 0

    While running through security, I noticed that if you have just Roles permission, you get a warning that you cannot read privilges. While this is true, it is not necessary to create a role. Similarly, I think the placement of the warning is confusing. You get the warning before you enter the place where the fact you cannot read potentially matters (drilling down into/creating the role). Note, that the users page has a similar issue when it comes to listing roles however that page CANNOT be used without, so there is no ticket for that. The combination of the ability for it to be used and confusing warning are causing me to file. See attached screen, let me know if unclear. I had debug off during this test. No errors appeared in the js console. Below appeared in the nexus.log. I did not check older NX3 or NX2 at this time. {quote} 2015-09-17 11:58:47,887-0400 ERROR [pool-6-thread-10] joedragons org.sonatype.nexus.extdirect.internal.ExtDirectServlet - Failed to invoke action method: coreui_Privilege.read, java-method: org.sonatype.nexus.coreui.PrivilegeComponent.read org.apache.shiro.authz.AuthorizationException: User is not permitted: nexus:privileges:read at org.sonatype.nexus.security.authz.ExceptionCatchingModularRealmAuthorizer.checkPermission(ExceptionCatchingModularRealmAuthorizer.java:66) [na:na] at org.apache.shiro.mgt.AuthorizingSecurityManager.checkPermission(AuthorizingSecurityManager.java:137) [na:na] at org.apache.shiro.subject.support.DelegatingSubject.checkPermission(DelegatingSubject.java:205) [org.apache.shiro.core:1.2.4] at org.apache.shiro.authz.aop.PermissionAnnotationHandler.assertAuthorized(PermissionAnnotationHandler.java:74) [na:na] at org.apache.shiro.authz.aop.AuthorizingAnnotationMethodInterceptor.assertAuthorized(AuthorizingAnnotationMethodInterceptor.java:84) [na:na] at org.apache.shiro.authz.aop.AuthorizingAnnotationMethodInterceptor.invoke(AuthorizingAnnotationMethodInterceptor.java:67) [na:na] at org.apache.shiro.guice.aop.AopAllianceMethodInterceptorAdapter.invoke(AopAllianceMethodInterceptorAdapter.java:36) [na:na] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [na:1.8.0_40] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) [na:1.8.0_40] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [na:1.8.0_40] at java.lang.reflect.Method.invoke(Method.java:497) [na:1.8.0_40] at com.softwarementors.extjs.djn.router.dispatcher.DispatcherBase.invokeJavaMethod(DispatcherBase.java:142) [org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.SNAPSHOT] at com.softwarementors.extjs.djn.router.dispatcher.DispatcherBase.invokeMethod(DispatcherBase.java:133) [org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.SNAPSHOT] at org.sonatype.nexus.extdirect.internal.ExtDirectServlet$3.invokeMethod(ExtDirectServlet.java:201) [org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.SNAPSHOT] at com.softwarementors.extjs.djn.router.dispatcher.DispatcherBase.dispatch(DispatcherBase.java:63) [org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.SNAPSHOT] at com.softwarementors.extjs.djn.router.processor.standard.StandardRequestProcessorBase.dispatchStandardMethod(StandardRequestProcessorBase.java:73) [org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.SNAPSHOT] at com.softwarementors.extjs.djn.router.processor.standard.json.JsonRequestProcessor.processIndividualRequest(JsonRequestProcessor.java:502) [org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.SNAPSHOT] at com.softwarementors.extjs.djn.router.processor.standard.json.DefaultJsonRequestProcessorThread.processRequest(DefaultJsonRequestProcessorThread.java:72) [org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.SNAPSHOT] at com.softwarementors.extjs.djn.servlet.ssm.SsmJsonRequestProcessorThread.processRequest(SsmJsonRequestProcessorThread.java:43) [org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.SNAPSHOT] at org.sonatype.nexus.extdirect.internal.ExtDirectJsonRequestProcessorThread.access$1(ExtDirectJsonRequestProcessorThread.java:1) [org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.SNAPSHOT] at org.sonatype.nexus.extdirect.internal.ExtDirectJsonRequestProcessorThread$1.call(ExtDirectJsonRequestProcessorThread.java:59) [org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.SNAPSHOT] at org.sonatype.nexus.extdirect.internal.ExtDirectJsonRequestProcessorThread$1.call(ExtDirectJsonRequestProcessorThread.java:1) [org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.SNAPSHOT] at com.google.inject.servlet.GuiceFilter$Context.call(GuiceFilter.java:203) [com.google.inject:4.0.0] at com.google.inject.servlet.ServletScopes$3.call(ServletScopes.java:232) [com.google.inject:4.0.0] at org.sonatype.nexus.extdirect.internal.ExtDirectJsonRequestProcessorThread.processRequest(ExtDirectJsonRequestProcessorThread.java:73) [org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.SNAPSHOT] at com.softwarementors.extjs.djn.router.processor.standard.json.DefaultJsonRequestProcessorThread.call(DefaultJsonRequestProcessorThread.java:56) [org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.SNAPSHOT] at com.softwarementors.extjs.djn.router.processor.standard.json.DefaultJsonRequestProcessorThread.call(DefaultJsonRequestProcessorThread.java:30) [org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.SNAPSHOT] at java.util.concurrent.FutureTask.run(FutureTask.java:266) [na:1.8.0_40] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [na:1.8.0_40] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [na:1.8.0_40] at java.lang.Thread.run(Thread.java:745) [na:1.8.0_40] Caused by: org.apache.shiro.authz.AuthorizationException: Not authorized to invoke method: public java.util.List org.sonatype.nexus.coreui.PrivilegeComponent.read() at org.apache.shiro.authz.aop.AuthorizingAnnotationMethodInterceptor.assertAuthorized(AuthorizingAnnotationMethodInterceptor.java:90) [na:na] ... 26 common frames omitted {quote}

    Sonatype JIRA | 1 year ago | Joe Tom
    org.apache.shiro.authz.AuthorizationException: User is not permitted: nexus:privileges:read
  3. 0

    A user with UI: Capabilities Admin and UI: Base UI Privileges cannot get the Capabilities Types ( returns 403) even though the roles do give the user Capability Types: Read access. {noformat} > curl -u cap:admin123 http://localhost:8081/nexus/service/siesta/capabilities/types {"id":"fdd3b733-9d27-4ab9-8c4a-3ae7b18f7944","message":"User is not permitted: nexus:capabilityTypesread"} {noformat} {noformat} jvm 1 | 2014-02-10 11:07:12 DEBUG [qtp253747277-78] cap org.sonatype.nexus.plugins.siesta.AuthorizationExceptionMapper - (ID fdd3b733-9d27-4ab9-8c4a-3ae7b18f7944) Mapping exception: org.apache.shiro.authz.AuthorizationException: User is not permitted: nexus:capabilityTypesread jvm 1 | 2014-02-10 11:07:12 WARN [qtp253747277-78] cap org.sonatype.nexus.plugins.siesta.AuthorizationExceptionMapper - (ID fdd3b733-9d27-4ab9-8c4a-3ae7b18f7944) Response: [403] ErrorXO{id='fdd3b733-9d27-4ab9-8c4a-3ae7b18f7944', message='User is not permitted: nexus:capabilityTypesread'} mapped from org.apache.shiro.authz.AuthorizationException/User is not permitted: nexus:capabilityTypesread jvm 1 | org.apache.shiro.authz.AuthorizationException: User is not permitted: nexus:capabilityTypesread jvm 1 | at org.sonatype.security.authorization.ExceptionCatchingModularRealmAuthorizer.checkPermission(ExceptionCatchingModularRealmAuthorizer.java:66) ~[nexus-security-2.7.1-01.jar:2.7.1-01] jvm 1 | at org.apache.shiro.mgt.AuthorizingSecurityManager.checkPermission(AuthorizingSecurityManager.java:137) ~[shiro-core-1.2.2.jar:1.2.2] jvm 1 | at org.apache.shiro.subject.support.DelegatingSubject.checkPermission(DelegatingSubject.java:205) [shiro-core-1.2.2.jar:1.2.2] jvm 1 | at org.apache.shiro.authz.aop.PermissionAnnotationHandler.assertAuthorized(PermissionAnnotationHandler.java:74) ~[shiro-core-1.2.2.jar:1.2.2] jvm 1 | at org.apache.shiro.authz.aop.AuthorizingAnnotationMethodInterceptor.assertAuthorized(AuthorizingAnnotationMethodInterceptor.java:84) ~[shiro-core-1.2.2.jar:1.2.2] jvm 1 | at org.apache.shiro.authz.aop.AuthorizingAnnotationMethodInterceptor.invoke(AuthorizingAnnotationMethodInterceptor.java:67) ~[shiro-core-1.2.2.jar:1.2.2] jvm 1 | at org.apache.shiro.guice.aop.AopAllianceMethodInterceptorAdapter.invoke(AopAllianceMethodInterceptorAdapter.java:36) ~[shiro-guice-1.2.2.jar:1.2.2] jvm 1 | at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.7.0_51] jvm 1 | at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) ~[na:1.7.0_51] jvm 1 | at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.7.0_51] jvm 1 | at java.lang.reflect.Method.invoke(Method.java:606) ~[na:1.7.0_51] jvm 1 | at com.sun.jersey.spi.container.JavaMethodInvokerFactory$1.invoke(JavaMethodInvokerFactory.java:60) ~[jersey-server-1.17.1.jar:1.17.1] jvm 1 | at com.sun.jersey.server.impl.model.method.dispatch.AbstractResourceMethodDispatchProvider$TypeOutInvoker._dispatch(AbstractResourceMethodDispatchProvider.java:185) ~[jersey-server-1.17.1.jar:1.17.1] jvm 1 | at com.sun.jersey.server.impl.model.method.dispatch.ResourceJavaMethodDispatcher.dispatch(ResourceJavaMethodDispatcher.java:75) ~[jersey-server-1.17.1.jar:1.17.1] jvm 1 | at com.sun.jersey.server.impl.uri.rules.HttpMethodRule.accept(HttpMethodRule.java:302) ~[jersey-server-1.17.1.jar:1.17.1] jvm 1 | at com.sun.jersey.server.impl.uri.rules.ResourceClassRule.accept(ResourceClassRule.java:108) ~[jersey-server-1.17.1.jar:1.17.1] jvm 1 | at com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147) ~[jersey-server-1.17.1.jar:1.17.1] jvm 1 | at com.sun.jersey.server.impl.uri.rules.RootResourceClassesRule.accept(RootResourceClassesRule.java:84) ~[jersey-server-1.17.1.jar:1.17.1] jvm 1 | at com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1511) [jersey-server-1.17.1.jar:1.17.1] jvm 1 | at com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1442) [jersey-server-1.17.1.jar:1.17.1] jvm 1 | at com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1391) [jersey-server-1.17.1.jar:1.17.1] jvm 1 | at com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1381) [jersey-server-1.17.1.jar:1.17.1] jvm 1 | at com.sun.jersey.spi.container.servlet.WebComponent.service(WebComponent.java:416) [jersey-servlet-1.17.1.jar:1.17.1] jvm 1 | at com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:538) [jersey-servlet-1.17.1.jar:1.17.1] jvm 1 | at com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:716) [jersey-servlet-1.17.1.jar:1.17.1] jvm 1 | at org.sonatype.sisu.siesta.server.internal.SiestaServlet.service(SiestaServlet.java:121) [siesta-server-1.5.2.jar:1.5.2] jvm 1 | at javax.servlet.http.HttpServlet.service(HttpServlet.java:848) [javax.servlet-3.0.0.v201112011016.jar:na] jvm 1 | at com.google.inject.servlet.ServletDefinition.doServiceImpl(ServletDefinition.java:278) [guice-servlet-3.1.4.jar:3.1.4] jvm 1 | at com.google.inject.servlet.ServletDefinition.doService(ServletDefinition.java:268) [guice-servlet-3.1.4.jar:3.1.4] jvm 1 | at com.google.inject.servlet.ServletDefinition.service(ServletDefinition.java:180) [guice-servlet-3.1.4.jar:3.1.4] jvm 1 | at com.google.inject.servlet.ManagedServletPipeline.service(ManagedServletPipeline.java:93) [guice-servlet-3.1.4.jar:3.1.4] jvm 1 | at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:85) [guice-servlet-3.1.4.jar:3.1.4] jvm 1 | at org.sonatype.nexus.web.MdcUserContextFilter.doFilter(MdcUserContextFilter.java:57) [nexus-web-utils-2.7.1-01.jar:2.7.1-01] jvm 1 | at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82) [guice-servlet-3.1.4.jar:3.1.4] jvm 1 | at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:61) [shiro-web-1.2.2.jar:1.2.2] jvm 1 | at org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.java:108) [shiro-web-1.2.2.jar:1.2.2] jvm 1 | at org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:137) [shiro-web-1.2.2.jar:1.2.2] jvm 1 | at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125) [shiro-web-1.2.2.jar:1.2.2] jvm 1 | at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66) [shiro-web-1.2.2.jar:1.2.2] jvm 1 | at org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.java:108) [shiro-web-1.2.2.jar:1.2.2] jvm 1 | at org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:137) [shiro-web-1.2.2.jar:1.2.2] jvm 1 | at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125) [shiro-web-1.2.2.jar:1.2.2] jvm 1 | at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66) [shiro-web-1.2.2.jar:1.2.2] jvm 1 | at org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(AbstractShiroFilter.java:449) [shiro-web-1.2.2.jar:1.2.2] jvm 1 | at org.apache.shiro.web.servlet.AbstractShiroFilter$1.call(AbstractShiroFilter.java:365) [shiro-web-1.2.2.jar:1.2.2] jvm 1 | at org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90) [shiro-core-1.2.2.jar:1.2.2] jvm 1 | at org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83) [shiro-core-1.2.2.jar:1.2.2] jvm 1 | at org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:383) [shiro-core-1.2.2.jar:1.2.2] jvm 1 | at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:362) [shiro-web-1.2.2.jar:1.2.2] jvm 1 | at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125) [shiro-web-1.2.2.jar:1.2.2] jvm 1 | at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82) [guice-servlet-3.1.4.jar:3.1.4] jvm 1 | at com.google.inject.servlet.ManagedFilterPipeline.dispatch(ManagedFilterPipeline.java:120) [guice-servlet-3.1.4.jar:3.1.4] jvm 1 | at org.sonatype.nexus.web.NexusGuiceFilter$MultiFilterChain.doFilter(NexusGuiceFilter.java:83) [nexus-web-utils-2.7.1-01.jar:2.7.1-01] jvm 1 | at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:89) [guice-servlet-3.1.4.jar:3.1.4] jvm 1 | at com.google.inject.servlet.ManagedFilterPipeline.dispatch(ManagedFilterPipeline.java:120) [guice-servlet-3.1.4.jar:3.1.4] jvm 1 | at org.sonatype.nexus.web.NexusGuiceFilter$MultiFilterChain.doFilter(NexusGuiceFilter.java:83) [nexus-web-utils-2.7.1-01.jar:2.7.1-01] jvm 1 | at org.sonatype.nexus.web.NexusGuiceFilter$MultiFilterPipeline.dispatch(NexusGuiceFilter.java:57) [nexus-web-utils-2.7.1-01.jar:2.7.1-01] jvm 1 | at com.google.inject.servlet.GuiceFilter$1.call(GuiceFilter.java:132) [guice-servlet-3.1.4.jar:3.1.4] jvm 1 | at com.google.inject.servlet.GuiceFilter$1.call(GuiceFilter.java:129) [guice-servlet-3.1.4.jar:3.1.4] jvm 1 | at com.google.inject.servlet.GuiceFilter$Context.call(GuiceFilter.java:206) [guice-servlet-3.1.4.jar:3.1.4] jvm 1 | at com.google.inject.servlet.GuiceFilter.doFilter(GuiceFilter.java:129) [guice-servlet-3.1.4.jar:3.1.4] jvm 1 | at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1419) [jetty-servlet-8.1.11.v20130520.jar:8.1.11.v20130520] jvm 1 | at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:455) [jetty-servlet-8.1.11.v20130520.jar:8.1.11.v20130520] jvm 1 | at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:137) [jetty-server-8.1.11.v20130520.jar:8.1.11.v20130520] jvm 1 | at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:557) [jetty-security-8.1.11.v20130520.jar:8.1.11.v20130520] jvm 1 | at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:231) [jetty-server-8.1.11.v20130520.jar:8.1.11.v20130520] jvm 1 | at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1075) [jetty-server-8.1.11.v20130520.jar:8.1.11.v20130520] jvm 1 | at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:384) [jetty-servlet-8.1.11.v20130520.jar:8.1.11.v20130520] jvm 1 | at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:193) [jetty-server-8.1.11.v20130520.jar:8.1.11.v20130520] jvm 1 | at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1009) [jetty-server-8.1.11.v20130520.jar:8.1.11.v20130520] jvm 1 | at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135) [jetty-server-8.1.11.v20130520.jar:8.1.11.v20130520] jvm 1 | at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116) [jetty-server-8.1.11.v20130520.jar:8.1.11.v20130520] jvm 1 | at com.yammer.metrics.jetty.InstrumentedHandler.handle(InstrumentedHandler.java:200) [metrics-jetty-2.2.0.jar:na] jvm 1 | at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:154) [jetty-server-8.1.11.v20130520.jar:8.1.11.v20130520] jvm 1 | at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116) [jetty-server-8.1.11.v20130520.jar:8.1.11.v20130520] jvm 1 | at org.eclipse.jetty.server.Server.handle(Server.java:370) [jetty-server-8.1.11.v20130520.jar:8.1.11.v20130520] jvm 1 | at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:489) [jetty-server-8.1.11.v20130520.jar:8.1.11.v20130520] jvm 1 | at org.eclipse.jetty.server.AbstractHttpConnection.headerComplete(AbstractHttpConnection.java:949) [jetty-server-8.1.11.v20130520.jar:8.1.11.v20130520] jvm 1 | at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.headerComplete(AbstractHttpConnection.java:1011) [jetty-server-8.1.11.v20130520.jar:8.1.11.v20130520] jvm 1 | at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:644) [jetty-http-8.1.11.v20130520.jar:8.1.11.v20130520] jvm 1 | at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:235) [jetty-http-8.1.11.v20130520.jar:8.1.11.v20130520] jvm 1 | at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82) [jetty-server-8.1.11.v20130520.jar:8.1.11.v20130520] jvm 1 | at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:668) [jetty-io-8.1.11.v20130520.jar:8.1.11.v20130520] jvm 1 | at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:52) [jetty-io-8.1.11.v20130520.jar:8.1.11.v20130520] jvm 1 | at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:608) [jetty-util-8.1.11.v20130520.jar:8.1.11.v20130520] jvm 1 | at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:543) [jetty-util-8.1.11.v20130520.jar:8.1.11.v20130520] jvm 1 | at java.lang.Thread.run(Thread.java:744) [na:1.7.0_51] jvm 1 | Caused by: org.apache.shiro.authz.AuthorizationException: Not authorized to invoke method: public java.util.List org.sonatype.nexus.plugins.capabilities.internal.rest.CapabilityTypesResource.get(java.lang.Boolean) jvm 1 | at org.apache.shiro.authz.aop.AuthorizingAnnotationMethodInterceptor.assertAuthorized(AuthorizingAnnotationMethodInterceptor.java:90) ~[shiro-core-1.2.2.jar:1.2.2] jvm 1 | ... 82 common frames omitted {noformat}

    Sonatype JIRA | 3 years ago | Peter Lynch
    org.apache.shiro.authz.AuthorizationException: User is not permitted: nexus:capabilityTypesread
  4. Speed up your debug routine!

    Automated exception search integrated into your IDE

  5. 0

    While logged in as anonymous with admin role, I was creating an LDAP connection and noticed that when I tried to Verify Mapping or Create, I got the below error. It appears you have to be authenticated to do this, which to me infers the anonymous role should not be granted this capability at all (or this is wrong). I did not check older NX3 or NX2 at this time. {code} 2015-06-16 17:35:54,932-0400 ERROR [qtp1151413344-115] *UNKNOWN org.sonatype.nexus.extdirect.internal.ExtDirectServlet - Failed to invoke action method: ldap_LdapServer.verifyUserMapping, java-method: org.sonatype.nexus.ldap.internal.ui.LdapServerComponent.verifyUserMapping org.apache.shiro.authz.UnauthenticatedException: The current Subject is not authenticated. Access denied. at org.apache.shiro.authz.aop.AuthenticatedAnnotationHandler.assertAuthorized(AuthenticatedAnnotationHandler.java:53) [na:na] at org.apache.shiro.authz.aop.AuthorizingAnnotationMethodInterceptor.assertAuthorized(AuthorizingAnnotationMethodInterceptor.java:84) [na:na] at org.apache.shiro.authz.aop.AuthorizingAnnotationMethodInterceptor.invoke(AuthorizingAnnotationMethodInterceptor.java:67) [na:na] at org.apache.shiro.guice.aop.AopAllianceMethodInterceptorAdapter.invoke(AopAllianceMethodInterceptorAdapter.java:36) [na:na] at org.apache.shiro.guice.aop.AopAllianceMethodInvocationAdapter.proceed(AopAllianceMethodInvocationAdapter.java:49) [na:na] at org.apache.shiro.authz.aop.AuthorizingAnnotationMethodInterceptor.invoke(AuthorizingAnnotationMethodInterceptor.java:68) [na:na] at org.apache.shiro.guice.aop.AopAllianceMethodInterceptorAdapter.invoke(AopAllianceMethodInterceptorAdapter.java:36) [na:na] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [na:1.8.0_40] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) [na:1.8.0_40] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [na:1.8.0_40] at java.lang.reflect.Method.invoke(Method.java:497) [na:1.8.0_40] at com.softwarementors.extjs.djn.router.dispatcher.DispatcherBase.invokeJavaMethod(DispatcherBase.java:142) [org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.SNAPSHOT] at com.softwarementors.extjs.djn.router.dispatcher.DispatcherBase.invokeMethod(DispatcherBase.java:133) [org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.SNAPSHOT] at org.sonatype.nexus.extdirect.internal.ExtDirectServlet$3.invokeMethod(ExtDirectServlet.java:201) [org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.SNAPSHOT] at com.softwarementors.extjs.djn.router.dispatcher.DispatcherBase.dispatch(DispatcherBase.java:63) [org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.SNAPSHOT] at com.softwarementors.extjs.djn.router.processor.standard.StandardRequestProcessorBase.dispatchStandardMethod(StandardRequestProcessorBase.java:73) [org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.SNAPSHOT] at com.softwarementors.extjs.djn.router.processor.standard.json.JsonRequestProcessor.processIndividualRequest(JsonRequestProcessor.java:502) [org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.SNAPSHOT] at com.softwarementors.extjs.djn.router.processor.standard.json.JsonRequestProcessor.processIndividualRequestsInThisThread(JsonRequestProcessor.java:150) [org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.SNAPSHOT] at com.softwarementors.extjs.djn.router.processor.standard.json.JsonRequestProcessor.process(JsonRequestProcessor.java:133) [org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.SNAPSHOT] at com.softwarementors.extjs.djn.router.RequestRouter.processJsonRequest(RequestRouter.java:83) [org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.SNAPSHOT] at com.softwarementors.extjs.djn.servlet.DirectJNgineServlet.processRequest(DirectJNgineServlet.java:617) [org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.SNAPSHOT] at com.softwarementors.extjs.djn.servlet.DirectJNgineServlet.doPost(DirectJNgineServlet.java:580) [org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.SNAPSHOT] at org.sonatype.nexus.extdirect.internal.ExtDirectServlet.doPost(ExtDirectServlet.java:121) [org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.SNAPSHOT] at javax.servlet.http.HttpServlet.service(HttpServlet.java:707) [javax.servlet-api:3.1.0] at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) [javax.servlet-api:3.1.0] at com.google.inject.servlet.ServletDefinition.doServiceImpl(ServletDefinition.java:287) [com.google.inject:4.0.0] at com.google.inject.servlet.ServletDefinition.doService(ServletDefinition.java:277) [com.google.inject:4.0.0] at com.google.inject.servlet.ServletDefinition.service(ServletDefinition.java:182) [com.google.inject:4.0.0] at com.google.inject.servlet.DynamicServletPipeline.service(DynamicServletPipeline.java:70) [com.google.inject:4.0.0] at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:85) [com.google.inject:4.0.0] at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:112) [org.apache.shiro.web:1.2.3] at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82) [com.google.inject:4.0.0] at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:61) [org.apache.shiro.web:1.2.3] at org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.java:108) [org.apache.shiro.web:1.2.3] at org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:137) [org.apache.shiro.web:1.2.3] at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125) [org.apache.shiro.web:1.2.3] at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66) [org.apache.shiro.web:1.2.3] at org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(AbstractShiroFilter.java:449) [org.apache.shiro.web:1.2.3] at org.sonatype.nexus.security.SecurityFilter.executeChain(SecurityFilter.java:85) [org.sonatype.nexus.security:3.0.0.SNAPSHOT] at org.apache.shiro.web.servlet.AbstractShiroFilter$1.call(AbstractShiroFilter.java:365) [org.apache.shiro.web:1.2.3] at org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90) [org.apache.shiro.core:1.2.3] at org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83) [org.apache.shiro.core:1.2.3] at org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:383) [org.apache.shiro.core:1.2.3] at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:362) [org.apache.shiro.web:1.2.3] at org.sonatype.nexus.security.SecurityFilter.doFilterInternal(SecurityFilter.java:101) [org.sonatype.nexus.security:3.0.0.SNAPSHOT] at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125) [org.apache.shiro.web:1.2.3] at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82) [com.google.inject:4.0.0] at com.sonatype.nexus.licensing.internal.LicensingRedirectFilter.doFilter(LicensingRedirectFilter.java:130) [com.sonatype.nexus.plugins.nexus-licensing-plugin:3.0.0.SNAPSHOT] at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82) [com.google.inject:4.0.0] at com.codahale.metrics.servlet.AbstractInstrumentedFilter.doFilter(AbstractInstrumentedFilter.java:97) [com.codahale.metrics.servlet:3.0.2] at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82) [com.google.inject:4.0.0] at org.sonatype.nexus.internal.web.ErrorPageFilter.doFilter(ErrorPageFilter.java:63) [org.sonatype.nexus.core:3.0.0.SNAPSHOT] at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82) [com.google.inject:4.0.0] at org.sonatype.nexus.internal.web.EnvironmentFilter.doFilter(EnvironmentFilter.java:92) [org.sonatype.nexus.core:3.0.0.SNAPSHOT] at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82) [com.google.inject:4.0.0] at com.google.inject.servlet.DynamicFilterPipeline.dispatch(DynamicFilterPipeline.java:104) [com.google.inject:4.0.0] at com.google.inject.servlet.GuiceFilter$1.call(GuiceFilter.java:133) [com.google.inject:4.0.0] at com.google.inject.servlet.GuiceFilter$1.call(GuiceFilter.java:130) [com.google.inject:4.0.0] at com.google.inject.servlet.GuiceFilter$Context.call(GuiceFilter.java:203) [com.google.inject:4.0.0] at com.google.inject.servlet.GuiceFilter.doFilter(GuiceFilter.java:130) [com.google.inject:4.0.0] at org.sonatype.nexus.bootstrap.osgi.DelegatingFilter.doFilter(DelegatingFilter.java:73) [org.sonatype.nexus.bootstrap:3.0.0.SNAPSHOT] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652) [org.eclipse.jetty.servlet:9.2.9.v20150224] at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:585) [org.eclipse.jetty.servlet:9.2.9.v20150224] at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143) [org.eclipse.jetty.server:9.2.9.v20150224] at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:577) [org.eclipse.jetty.security:9.2.9.v20150224] at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:223) [org.eclipse.jetty.server:9.2.9.v20150224] at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1127) [org.eclipse.jetty.server:9.2.9.v20150224] at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:515) [org.eclipse.jetty.servlet:9.2.9.v20150224] at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185) [org.eclipse.jetty.server:9.2.9.v20150224] at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1061) [org.eclipse.jetty.server:9.2.9.v20150224] at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) [org.eclipse.jetty.server:9.2.9.v20150224] at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97) [org.eclipse.jetty.server:9.2.9.v20150224] at com.codahale.metrics.jetty9.InstrumentedHandler.handle(InstrumentedHandler.java:175) [com.codahale.metrics.jetty9:3.0.2] at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:110) [org.eclipse.jetty.server:9.2.9.v20150224] at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97) [org.eclipse.jetty.server:9.2.9.v20150224] at org.eclipse.jetty.server.Server.handle(Server.java:497) [org.eclipse.jetty.server:9.2.9.v20150224] at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:310) [org.eclipse.jetty.server:9.2.9.v20150224] at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:257) [org.eclipse.jetty.server:9.2.9.v20150224] at org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:540) [org.eclipse.jetty.io:9.2.9.v20150224] at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:635) [org.eclipse.jetty.util:9.2.9.v20150224] at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:555) [org.eclipse.jetty.util:9.2.9.v20150224] at java.lang.Thread.run(Thread.java:745) [na:1.8.0_40] Caused by: org.apache.shiro.authz.AuthorizationException: Not authorized to invoke method: public java.util.Collection org.sonatype.nexus.ldap.internal.ui.LdapServerComponent.verifyUserMapping(org.sonatype.nexus.ldap.internal.ui.LdapServerXO) at org.apache.shiro.authz.aop.AuthorizingAnnotationMethodInterceptor.assertAuthorized(AuthorizingAnnotationMethodInterceptor.java:90) [na:na] ... 80 common frames omitted {code}

    Sonatype JIRA | 1 year ago | Joe Tom
    org.apache.shiro.authz.UnauthenticatedException: The current Subject is not authenticated. Access denied.
  6. 0

    Why is a request to a @RequiresUser not redirected to the login page?

    Stack Overflow | 2 years ago | Markus W Mahlberg
    org.apache.shiro.authz.AuthorizationException: Not authorized to invoke method: public java.lang.String org.example.product.ExampleApp.controller.Index.secured()

    Not finding the right solution?
    Take a tour to get the most out of Samebug.

    Tired of useless tips?

    Automated exception search integrated into your IDE

    Root Cause Analysis

    1. org.apache.shiro.authz.AuthorizationException

      Not authorized to invoke method: public org.sonatype.nexus.coreui.AnonymousSettingsXO org.sonatype.nexus.coreui.AnonymousSettingsComponent.read()

      at org.apache.shiro.authz.aop.AuthorizingAnnotationMethodInterceptor.assertAuthorized()
    2. Shiro
      AuthorizingAnnotationMethodInterceptor.invoke
      1. org.apache.shiro.authz.aop.AuthorizingAnnotationMethodInterceptor.assertAuthorized(AuthorizingAnnotationMethodInterceptor.java:90)[na:na]
      2. org.apache.shiro.authz.aop.AuthorizingAnnotationMethodInterceptor.invoke(AuthorizingAnnotationMethodInterceptor.java:67)[na:na]
      2 frames
    3. Apache Shiro :: Support :: Guice
      AopAllianceMethodInterceptorAdapter.invoke
      1. org.apache.shiro.guice.aop.AopAllianceMethodInterceptorAdapter.invoke(AopAllianceMethodInterceptorAdapter.java:36)[na:na]
      1 frame
    4. Java RT
      Method.invoke
      1. sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)[na:1.8.0_25]
      2. sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)[na:1.8.0_25]
      3. sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)[na:1.8.0_25]
      4. java.lang.reflect.Method.invoke(Method.java:483)[na:1.8.0_25]
      4 frames
    5. com.softwarementors.extjs
      DispatcherBase.invokeMethod
      1. com.softwarementors.extjs.djn.router.dispatcher.DispatcherBase.invokeJavaMethod(DispatcherBase.java:142)[org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.b2014101001]
      2. com.softwarementors.extjs.djn.router.dispatcher.DispatcherBase.invokeMethod(DispatcherBase.java:133)[org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.b2014101001]
      2 frames
    6. org.sonatype.nexus
      ExtDirectServlet$3.invokeMethod
      1. org.sonatype.nexus.extdirect.internal.ExtDirectServlet$3.invokeMethod(ExtDirectServlet.java:225)[org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.b2014101001]
      1 frame
    7. com.softwarementors.extjs
      DirectJNgineServlet.doPost
      1. com.softwarementors.extjs.djn.router.dispatcher.DispatcherBase.dispatch(DispatcherBase.java:63)[org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.b2014101001]
      2. com.softwarementors.extjs.djn.router.processor.standard.StandardRequestProcessorBase.dispatchStandardMethod(StandardRequestProcessorBase.java:73)[org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.b2014101001]
      3. com.softwarementors.extjs.djn.router.processor.standard.json.JsonRequestProcessor.processIndividualRequest(JsonRequestProcessor.java:502)[org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.b2014101001]
      4. com.softwarementors.extjs.djn.router.processor.standard.json.JsonRequestProcessor.processIndividualRequestsInThisThread(JsonRequestProcessor.java:150)[org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.b2014101001]
      5. com.softwarementors.extjs.djn.router.processor.standard.json.JsonRequestProcessor.process(JsonRequestProcessor.java:133)[org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.b2014101001]
      6. com.softwarementors.extjs.djn.router.RequestRouter.processJsonRequest(RequestRouter.java:83)[org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.b2014101001]
      7. com.softwarementors.extjs.djn.servlet.DirectJNgineServlet.processRequest(DirectJNgineServlet.java:617)[org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.b2014101001]
      8. com.softwarementors.extjs.djn.servlet.DirectJNgineServlet.doPost(DirectJNgineServlet.java:580)[org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.b2014101001]
      8 frames
    8. org.sonatype.nexus
      ExtDirectServlet.doPost
      1. org.sonatype.nexus.extdirect.internal.ExtDirectServlet.doPost(ExtDirectServlet.java:133)[org.sonatype.nexus.plugins.nexus-extdirect-plugin:3.0.0.b2014101001]
      1 frame
    9. JavaServlet
      HttpServlet.service
      1. javax.servlet.http.HttpServlet.service(HttpServlet.java:755)[javax.servlet:3.0.0.v201112011016]
      2. javax.servlet.http.HttpServlet.service(HttpServlet.java:848)[javax.servlet:3.0.0.v201112011016]
      2 frames
    10. Guice - Servlet
      FilterChainInvocation.doFilter
      1. com.google.inject.servlet.ServletDefinition.doServiceImpl(ServletDefinition.java:300)[org.sonatype.sisu.guice:3.2.2]
      2. com.google.inject.servlet.ServletDefinition.doService(ServletDefinition.java:284)[org.sonatype.sisu.guice:3.2.2]
      3. com.google.inject.servlet.ServletDefinition.service(ServletDefinition.java:187)[org.sonatype.sisu.guice:3.2.2]
      4. com.google.inject.servlet.AbstractServletPipeline.service(AbstractServletPipeline.java:61)[org.sonatype.sisu.guice:3.2.2]
      5. com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:85)[org.sonatype.sisu.guice:3.2.2]
      5 frames
    11. Shiro
      OncePerRequestFilter.doFilter
      1. org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:112)[org.apache.shiro.web:1.2.3]
      1 frame
    12. Guice - Servlet
      FilterChainInvocation.doFilter
      1. com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82)[org.sonatype.sisu.guice:3.2.2]
      1 frame
    13. Shiro
      AbstractShiroFilter.executeChain
      1. org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(AbstractShiroFilter.java:449)[org.apache.shiro.web:1.2.3]
      1 frame
    14. ${project.groupId}:${project.artifactId}
      SecurityFilter.executeChain
      1. org.sonatype.nexus.web.SecurityFilter.executeChain(SecurityFilter.java:71)[org.sonatype.nexus.core:3.0.0.b2014101001]
      1 frame
    15. Shiro
      OncePerRequestFilter.doFilter
      1. org.apache.shiro.web.servlet.AbstractShiroFilter$1.call(AbstractShiroFilter.java:365)[org.apache.shiro.web:1.2.3]
      2. org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90)[org.apache.shiro.core:1.2.3]
      3. org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83)[org.apache.shiro.core:1.2.3]
      4. org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:383)[org.apache.shiro.core:1.2.3]
      5. org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:362)[org.apache.shiro.web:1.2.3]
      6. org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)[org.apache.shiro.web:1.2.3]
      6 frames
    16. Guice - Servlet
      FilterChainInvocation.doFilter
      1. com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82)[org.sonatype.sisu.guice:3.2.2]
      1 frame
    17. com.codahale.metrics
      AbstractInstrumentedFilter.doFilter
      1. com.codahale.metrics.servlet.AbstractInstrumentedFilter.doFilter(AbstractInstrumentedFilter.java:97)[com.codahale.metrics.servlet:3.0.2]
      1 frame
    18. Guice - Servlet
      FilterChainInvocation.doFilter
      1. com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82)[org.sonatype.sisu.guice:3.2.2]
      1 frame
    19. ${project.groupId}:${project.artifactId}
      CommonHeadersFilter.doFilter
      1. org.sonatype.nexus.web.internal.CommonHeadersFilter.doFilter(CommonHeadersFilter.java:67)[org.sonatype.nexus.core:3.0.0.b2014101001]
      1 frame
    20. Guice - Servlet
      FilterChainInvocation.doFilter
      1. com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82)[org.sonatype.sisu.guice:3.2.2]
      1 frame
    21. ${project.groupId}:${project.artifactId}
      ErrorPageFilter.doFilter
      1. org.sonatype.nexus.web.internal.ErrorPageFilter.doFilter(ErrorPageFilter.java:66)[org.sonatype.nexus.core:3.0.0.b2014101001]
      1 frame
    22. Guice - Servlet
      FilterChainInvocation.doFilter
      1. com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82)[org.sonatype.sisu.guice:3.2.2]
      1 frame
    23. ${project.groupId}:${project.artifactId}
      BaseUrlHolderFilter.doFilter
      1. org.sonatype.nexus.web.internal.BaseUrlHolderFilter.doFilter(BaseUrlHolderFilter.java:68)[org.sonatype.nexus.core:3.0.0.b2014101001]
      1 frame
    24. Guice - Servlet
      GuiceFilter.doFilter
      1. com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:82)[org.sonatype.sisu.guice:3.2.2]
      2. com.google.inject.servlet.AbstractFilterPipeline.dispatch(AbstractFilterPipeline.java:95)[org.sonatype.sisu.guice:3.2.2]
      3. com.google.inject.servlet.GuiceFilter$1.call(GuiceFilter.java:133)[org.sonatype.sisu.guice:3.2.2]
      4. com.google.inject.servlet.GuiceFilter$1.call(GuiceFilter.java:130)[org.sonatype.sisu.guice:3.2.2]
      5. com.google.inject.servlet.GuiceFilter$Context.call(GuiceFilter.java:203)[org.sonatype.sisu.guice:3.2.2]
      6. com.google.inject.servlet.GuiceFilter.doFilter(GuiceFilter.java:130)[org.sonatype.sisu.guice:3.2.2]
      6 frames
    25. org.sonatype.nexus
      DelegatingFilter.doFilter
      1. org.sonatype.nexus.bootstrap.osgi.DelegatingFilter.doFilter(DelegatingFilter.java:73)[org.sonatype.nexus.bootstrap:3.0.0.b2014101001]
      1 frame
    26. Jetty
      HandlerWrapper.handle
      1. org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1419)[org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520]
      2. org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:455)[org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520]
      3. org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:137)[org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520]
      4. org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:557)[org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520]
      5. org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:231)[org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520]
      6. org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1075)[org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520]
      7. org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:384)[org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520]
      8. org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:193)[org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520]
      9. org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1009)[org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520]
      10. org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135)[org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520]
      11. org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)[org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520]
      11 frames
    27. com.codahale.metrics
      InstrumentedHandler.handle
      1. com.codahale.metrics.jetty8.InstrumentedHandler.handle(InstrumentedHandler.java:192)[com.codahale.metrics.jetty8:3.0.2]
      1 frame
    28. Jetty
      AsyncHttpConnection.handle
      1. org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:154)[org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520]
      2. org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)[org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520]
      3. org.eclipse.jetty.server.Server.handle(Server.java:370)[org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520]
      4. org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:489)[org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520]
      5. org.eclipse.jetty.server.AbstractHttpConnection.content(AbstractHttpConnection.java:960)[org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520]
      6. org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.content(AbstractHttpConnection.java:1021)[org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520]
      7. org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:865)[org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520]
      8. org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:240)[org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520]
      9. org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82)[org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520]
      9 frames
    29. GWT dev
      SelectChannelEndPoint$1.run
      1. org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:668)[org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520]
      2. org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:52)[org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520]
      2 frames
    30. Jetty
      QueuedThreadPool$3.run
      1. org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:608)[org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520]
      2. org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:543)[org.eclipse.jetty.aggregate.jetty-all-server:8.1.11.v20130520]
      2 frames
    31. Java RT
      Thread.run
      1. java.lang.Thread.run(Thread.java:745)[na:1.8.0_25]
      1 frame