Permalink
Commits on Jan 17, 2012
  1. @bdemers

    removing IT from this branch, they were removed in prior versions as …

    …well, because they depend on other changes from master
    bdemers committed Jan 17, 2012
  2. @bdemers
  3. @bdemers

    cherry pick 1db163f from NXCM-3661

    NXCM-3661, Allowing all CRUDS over /service/local for non exposed repositories
    bdemers committed Jan 13, 2012
Commits on Dec 27, 2011
  1. @cstamas @bdemers

    NXCM-3600: always doing security based decisions

    Added way back in commit 71b6a9d
    
    The reasons for doing this was _probably_ to enable internal tasks
    (unsolved back than, had no security context) to still run and work
    with unpublished repositories. Hoping the best.
    cstamas committed with bdemers Dec 20, 2011
  2. @cstamas @bdemers

    NXCM-3600: adding comments about actual bug here

    But unable to fix it from here. The problem is "piggybacked" method
    that is not meant to be used like this...
    cstamas committed with bdemers Dec 20, 2011
  3. @cstamas @bdemers

    NXCM-3600: fixing content plexus resource to honor isExposed flag.

    Since not all ResourceStoreContentPlexusResource extending classes are going
    over Router, some of them go directly with Repository instances, and repo instance
    itself does not care about isExposed. That flag is meant for _transport layer_
    to expose it or not for external request.
    
    Conflicts:
    
    	nexus/nexus-rest-api/src/main/java/org/sonatype/nexus/rest/AbstractResourceStoreContentPlexusResource.java
    cstamas committed with bdemers Dec 27, 2011
  4. @cstamas @bdemers

    Line ending normalization.

    No code change, just line endings fixed.
    cstamas committed with bdemers Dec 27, 2011
Commits on Dec 19, 2011
  1. [maven-release-plugin] prepare release nexus-1.9.2.4

    Sonatype Release Machine committed Dec 19, 2011
  2. Revert "[maven-release-plugin] prepare release nexus-1.9.2.4"

    This reverts commit 09f15c6.
    Sonatype Release Machine committed Dec 19, 2011
  3. Revert "[maven-release-plugin] prepare for next development iteration"

    This reverts commit 49ec678.
    Sonatype Release Machine committed Dec 19, 2011
  4. Revert "[maven-release-plugin] prepare release nexus-1.9.2.4"

    This reverts commit d676390.
    Sonatype Release Machine committed Dec 19, 2011
  5. [maven-release-plugin] prepare release nexus-1.9.2.4

    Sonatype Release Machine committed Dec 19, 2011
  6. [maven-release-plugin] prepare for next development iteration

    Sonatype Release Machine committed Dec 19, 2011
  7. [maven-release-plugin] prepare release nexus-1.9.2.4

    Sonatype Release Machine committed Dec 19, 2011
Commits on Dec 12, 2011
  1. @nabcos

    Merge pull request #140 from sonatype/backport-drop-ancient-guava-tat…

    …tletale-nexus-1.9.2.x
    
    o fix for multiple guava versions on classpath
    nabcos committed Dec 12, 2011
Commits on Dec 9, 2011
  1. @nabcos
  2. @nabcos

    Merge pull request #132 from sonatype/nexus-4579-backport-1.9.2.x

    o [NEXUS-4579] Option for snapshot removal task to delete immediately or move to trash
    nabcos committed Dec 9, 2011
Commits on Dec 7, 2011
  1. @nabcos
  2. @nabcos @nabcos
Commits on Nov 18, 2011
  1. @bdemers

    NEXUS-4630, unset the static SecurityManager instance, this should NO…

    …T be used be tests (unless that test does some house keeping)
    bdemers committed Nov 18, 2011
  2. @bdemers

    NEXUS-4630, correcting test, not sure how that got in. I assume it wa…

    …s some combination of user error though.
    bdemers committed Nov 18, 2011
  3. @bdemers
  4. @bdemers

    NEXUS-4630, Sessions were still getting added to the cache

    They had been blocked in the "create" but not the "update".  Both update and create are now handled now.  When a "stateless-session" is created, an attribute is set, when the session is updated, it will NOT be added to the cache if that attribute is found.  Also, we do NOT wrap "stateless-sessions" in a delegating session, the session is stored directly in the Subject.  So Subject.getSession() will return the active session, but SessionManager.getSession*() will NOT.
    All of this trickery needs to be removed when we switch to Shiro 1.2 (unreleased at the moment) where there is proper support for this use case.
    Conflicts:
    
    	nexus/nexus-rest-api/src/main/java/org/sonatype/nexus/security/StatelessAndStatefulWebSessionManager.java
    bdemers committed Nov 18, 2011
Commits on Nov 17, 2011
  1. @nabcos

    o [NEXUS-4593] Let checks for existence/last modified of remote items…

    … cope with 403
    nabcos committed with Richard Seddon Nov 10, 2011
  2. @nabcos
Commits on Nov 15, 2011
  1. @bdemers

    More User-Agent logging

    bdemers committed Nov 15, 2011
  2. @bdemers

    Fixing the logger class.

    bdemers committed Nov 15, 2011
  3. @bdemers
  4. @bdemers

    NEXUS-4630, Use ThreadContext.getSubject, instead of SecuritySystem.g…

    …etSubject() so a new Subject is not created when Nexus starts up.
    
    SecuritySystem.getSubject() wrapps SecurityUtils.getSubject() which will create an empty subject and attach it to the current thread.  This happens on startup when ConfigurationCommitEvent is fired.  All threads in the thread pool will inherit this ThreadLocal.
    
    NOTE: this subject is NOT authenticated or authorized, it was just an empty Subject.
    bdemers committed Nov 14, 2011
  5. @bdemers

    NEXUS-4630, afterCompletion is NOT needed we do NOT need to cleanup t…

    …he anonymous user, as they will NOT have a session.
    
    We also do NOT need to clean up the ThreadContext as is handled by Shiro web framework.
    bdemers committed Nov 14, 2011
  6. @bdemers

    NEXUS-4630, Moving the anon session cleanup to 'afterCompletion' this…

    … method is called even if the request through an exception.
    
    Conflicts:
    
    	nexus/nexus-rest-api/src/main/java/org/sonatype/nexus/security/filter/authc/NexusHttpAuthenticationFilter.java
    bdemers committed Nov 14, 2011
Commits on Nov 6, 2011
  1. @bdemers

    NEXUS-4257, Fixed problem with the happy anonymous login path.

    Added happy path test. (A couple of the IT's found this problem, but only after a two hour build).
    bdemers committed Nov 6, 2011
  2. @bdemers
  3. @bdemers

    NEXUS-44257, NEXUS-4257 Catch unknown session exception when logging …

    …in the anon user.
    
    This seems to be caused by the DelegatingSession if an unknown session is thrown, the subject will be logged out, then a second login attempt will be made.
    bdemers committed Nov 4, 2011
Commits on Oct 27, 2011
  1. @bdemers

    NEXUS-4257, No longer creating a session for anonymous request. Also …

    …if you now set the header: "X-Nexus-Session: none" a session will NOT be created.
    
    Cleaned up the test a bit, (changed to hamcrest asserts)
    bdemers committed with Richard Seddon Oct 27, 2011