Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
tag: nexus-1.9.2.4-…
Commits on Jan 17, 2012
  1. Brian Demers

    removing IT from this branch, they were removed in prior versions as …

    bdemers authored
    …well, because they depend on other changes from master
  2. Brian Demers
  3. Brian Demers

    cherry pick 1db163f from NXCM-3661

    bdemers authored
    NXCM-3661, Allowing all CRUDS over /service/local for non exposed repositories
Commits on Dec 27, 2011
  1. Tamas Cservenak Brian Demers

    NXCM-3600: always doing security based decisions

    cstamas authored bdemers committed
    Added way back in commit 71b6a9d
    
    The reasons for doing this was _probably_ to enable internal tasks
    (unsolved back than, had no security context) to still run and work
    with unpublished repositories. Hoping the best.
  2. Tamas Cservenak Brian Demers

    NXCM-3600: adding comments about actual bug here

    cstamas authored bdemers committed
    But unable to fix it from here. The problem is "piggybacked" method
    that is not meant to be used like this...
  3. Tamas Cservenak Brian Demers

    NXCM-3600: fixing content plexus resource to honor isExposed flag.

    cstamas authored bdemers committed
    Since not all ResourceStoreContentPlexusResource extending classes are going
    over Router, some of them go directly with Repository instances, and repo instance
    itself does not care about isExposed. That flag is meant for _transport layer_
    to expose it or not for external request.
    
    Conflicts:
    
    	nexus/nexus-rest-api/src/main/java/org/sonatype/nexus/rest/AbstractResourceStoreContentPlexusResource.java
  4. Tamas Cservenak Brian Demers

    Line ending normalization.

    cstamas authored bdemers committed
    No code change, just line endings fixed.
Commits on Dec 19, 2011
  1. [maven-release-plugin] prepare release nexus-1.9.2.4

    Sonatype Release Machine authored
  2. Revert "[maven-release-plugin] prepare release nexus-1.9.2.4"

    Sonatype Release Machine authored
    This reverts commit 09f15c6.
  3. Revert "[maven-release-plugin] prepare for next development iteration"

    Sonatype Release Machine authored
    This reverts commit 49ec678.
  4. Revert "[maven-release-plugin] prepare release nexus-1.9.2.4"

    Sonatype Release Machine authored
    This reverts commit d676390.
  5. [maven-release-plugin] prepare release nexus-1.9.2.4

    Sonatype Release Machine authored
  6. [maven-release-plugin] prepare for next development iteration

    Sonatype Release Machine authored
  7. [maven-release-plugin] prepare release nexus-1.9.2.4

    Sonatype Release Machine authored
Commits on Dec 12, 2011
  1. Benjamin Hanzelmann

    Merge pull request #140 from sonatype/backport-drop-ancient-guava-tat…

    nabcos authored
    …tletale-nexus-1.9.2.x
    
    o fix for multiple guava versions on classpath
Commits on Dec 9, 2011
  1. Benjamin Hanzelmann
  2. Benjamin Hanzelmann

    Merge pull request #132 from sonatype/nexus-4579-backport-1.9.2.x

    nabcos authored
    o [NEXUS-4579] Option for snapshot removal task to delete immediately or move to trash
Commits on Dec 7, 2011
  1. Benjamin Hanzelmann
  2. Benjamin Hanzelmann

    o [NEXUS-4579] Changing EOL to be able to merge cleanly

    nabcos authored nabcos committed
Commits on Nov 18, 2011
  1. Brian Demers

    NEXUS-4630, unset the static SecurityManager instance, this should NO…

    bdemers authored
    …T be used be tests (unless that test does some house keeping)
  2. Brian Demers

    NEXUS-4630, correcting test, not sure how that got in. I assume it wa…

    bdemers authored
    …s some combination of user error though.
  3. Brian Demers
  4. Brian Demers

    NEXUS-4630, Sessions were still getting added to the cache

    bdemers authored
    They had been blocked in the "create" but not the "update".  Both update and create are now handled now.  When a "stateless-session" is created, an attribute is set, when the session is updated, it will NOT be added to the cache if that attribute is found.  Also, we do NOT wrap "stateless-sessions" in a delegating session, the session is stored directly in the Subject.  So Subject.getSession() will return the active session, but SessionManager.getSession*() will NOT.
    All of this trickery needs to be removed when we switch to Shiro 1.2 (unreleased at the moment) where there is proper support for this use case.
    Conflicts:
    
    	nexus/nexus-rest-api/src/main/java/org/sonatype/nexus/security/StatelessAndStatefulWebSessionManager.java
Commits on Nov 17, 2011
  1. Benjamin Hanzelmann

    o [NEXUS-4593] Let checks for existence/last modified of remote items…

    nabcos authored Richard Seddon committed
    … cope with 403
  2. Benjamin Hanzelmann

    o [NEXUS-4593] Do not autoblock proxy remote on HTTP 403 Forbidden

    nabcos authored Richard Seddon committed
Commits on Nov 15, 2011
  1. Brian Demers

    More User-Agent logging

    bdemers authored
  2. Brian Demers

    Fixing the logger class.

    bdemers authored
  3. Brian Demers
  4. Brian Demers

    NEXUS-4630, Use ThreadContext.getSubject, instead of SecuritySystem.g…

    bdemers authored
    …etSubject() so a new Subject is not created when Nexus starts up.
    
    SecuritySystem.getSubject() wrapps SecurityUtils.getSubject() which will create an empty subject and attach it to the current thread.  This happens on startup when ConfigurationCommitEvent is fired.  All threads in the thread pool will inherit this ThreadLocal.
    
    NOTE: this subject is NOT authenticated or authorized, it was just an empty Subject.
  5. Brian Demers

    NEXUS-4630, afterCompletion is NOT needed we do NOT need to cleanup t…

    bdemers authored
    …he anonymous user, as they will NOT have a session.
    
    We also do NOT need to clean up the ThreadContext as is handled by Shiro web framework.
  6. Brian Demers

    NEXUS-4630, Moving the anon session cleanup to 'afterCompletion' this…

    bdemers authored
    … method is called even if the request through an exception.
    
    Conflicts:
    
    	nexus/nexus-rest-api/src/main/java/org/sonatype/nexus/security/filter/authc/NexusHttpAuthenticationFilter.java
Commits on Nov 6, 2011
  1. Brian Demers

    NEXUS-4257, Fixed problem with the happy anonymous login path.

    bdemers authored
    Added happy path test. (A couple of the IT's found this problem, but only after a two hour build).
  2. Brian Demers
  3. Brian Demers

    NEXUS-44257, NEXUS-4257 Catch unknown session exception when logging …

    bdemers authored
    …in the anon user.
    
    This seems to be caused by the DelegatingSession if an unknown session is thrown, the subject will be logged out, then a second login attempt will be made.
Commits on Oct 27, 2011
  1. Brian Demers

    NEXUS-4257, No longer creating a session for anonymous request. Also …

    bdemers authored Richard Seddon committed
    …if you now set the header: "X-Nexus-Session: none" a session will NOT be created.
    
    Cleaned up the test a bit, (changed to hamcrest asserts)
Something went wrong with that request. Please try again.