I’m doing additional working on nexus-casc-plugin for Nexus 3 and trying to get the password reset process to work. At present, resetting an existing password fails due to the plugin not having the authorization and is blocked by Shiro - it needs to have “SYSTEM*”.
How do I write a custom plugin and give it the appropriate permissions “SYSTEM*” permissions - or at least integrated it neatly with the application permission set?
INFO [FelixStartLevel] *SYSTEM com.weareadaptive.nexus.casc.plugin.internal.NexusCascPlugin - User johndoe already exists. Patching it...
ERROR [FelixStartLevel] *SYSTEM com.weareadaptive.nexus.casc.plugin.internal.NexusCascPlugin - Failed transition: NEW -> STARTED
org.apache.shiro.authz.AuthorizationException: *UNKNOWN is not permitted to change the password for johndoe
at org.sonatype.nexus.security.internal.DefaultSecuritySystem.requirePermissionToChangeUserPassword(DefaultSecuritySystem.java:559)
at org.sonatype.nexus.security.internal.DefaultSecuritySystem.changePassword(DefaultSecuritySystem.java:539)
at org.sonatype.nexus.security.internal.DefaultSecuritySystem.changePassword(DefaultSecuritySystem.java:533)
at com.weareadaptive.nexus.casc.plugin.internal.NexusCascPlugin.lambda$18(NexusCascPlugin.java:509)
at java.util.ArrayList.forEach(ArrayList.java:1257)
at com.weareadaptive.nexus.casc.plugin.internal.NexusCascPlugin.applySecurityConfig(NexusCascPlugin.java:477)
at com.weareadaptive.nexus.casc.plugin.internal.NexusCascPlugin.doStart(NexusCascPlugin.java:110)
at org.sonatype.nexus.common.stateguard.StateGuardLifecycleSupport.start(StateGuardLifecycleSupport.java:69)
at org.sonatype.nexus.common.stateguard.MethodInvocationAction.run(MethodInvocationAction.java:39)
at org.sonatype.nexus.common.stateguard.StateGuard$TransitionImpl.run(StateGuard.java:193)
at org.sonatype.nexus.common.stateguard.TransitionsInterceptor.invoke(TransitionsInterceptor.java:56)
at org.sonatype.nexus.extender.NexusLifecycleManager.startComponent(NexusLifecycleManager.java:199)
at org.sonatype.nexus.extender.NexusLifecycleManager.to(NexusLifecycleManager.java:111)
at org.sonatype.nexus.extender.NexusContextListener.moveToPhase(NexusContextListener.java:321)
at org.sonatype.nexus.extender.NexusContextListener.frameworkEvent(NexusContextListener.java:218)
at org.apache.felix.framework.Felix.setActiveStartLevel(Felix.java:1431)
at org.apache.felix.framework.FrameworkStartLevelImpl.run(FrameworkStartLevelImpl.java:308)
at java.lang.Thread.run(Thread.java:748)
2020-04-17 09:34:41,197+0000 ERROR [FelixStartLevel] *SYSTEM org.sonatype.nexus.extender.NexusContextListener - Failed to start nexus
org.apache.shiro.authz.AuthorizationException: *UNKNOWN is not permitted to change the password for johndoe
at org.sonatype.nexus.security.internal.DefaultSecuritySystem.requirePermissionToChangeUserPassword(DefaultSecuritySystem.java:559)
at org.sonatype.nexus.security.internal.DefaultSecuritySystem.changePassword(DefaultSecuritySystem.java:539)
at org.sonatype.nexus.security.internal.DefaultSecuritySystem.changePassword(DefaultSecuritySystem.java:533)
at com.weareadaptive.nexus.casc.plugin.internal.NexusCascPlugin.lambda$18(NexusCascPlugin.java:509)
at java.util.ArrayList.forEach(ArrayList.java:1257)
at com.weareadaptive.nexus.casc.plugin.internal.NexusCascPlugin.applySecurityConfig(NexusCascPlugin.java:477)
at com.weareadaptive.nexus.casc.plugin.internal.NexusCascPlugin.doStart(NexusCascPlugin.java:110)
at org.sonatype.nexus.common.stateguard.StateGuardLifecycleSupport.start(StateGuardLifecycleSupport.java:69)
at org.sonatype.nexus.common.stateguard.MethodInvocationAction.run(MethodInvocationAction.java:39)
at org.sonatype.nexus.common.stateguard.StateGuard$TransitionImpl.run(StateGuard.java:193)
at org.sonatype.nexus.common.stateguard.TransitionsInterceptor.invoke(TransitionsInterceptor.java:56)
at org.sonatype.nexus.extender.NexusLifecycleManager.startComponent(NexusLifecycleManager.java:199)
at org.sonatype.nexus.extender.NexusLifecycleManager.to(NexusLifecycleManager.java:111)
at org.sonatype.nexus.extender.NexusContextListener.moveToPhase(NexusContextListener.java:321)
at org.sonatype.nexus.extender.NexusContextListener.frameworkEvent(NexusContextListener.java:218)
at org.apache.felix.framework.Felix.setActiveStartLevel(Felix.java:1431)
at org.apache.felix.framework.FrameworkStartLevelImpl.run(FrameworkStartLevelImpl.java:308)
at java.lang.Thread.run(Thread.java:748)
2020-04-17 09:34:41,198+0000 ERROR [FelixStartLevel] *SYSTEM Felix - Framework listener delivery error.
org.apache.shiro.authz.AuthorizationException: *UNKNOWN is not permitted to change the password for johndoe
at org.sonatype.nexus.security.internal.DefaultSecuritySystem.requirePermissionToChangeUserPassword(DefaultSecuritySystem.java:559)
at org.sonatype.nexus.security.internal.DefaultSecuritySystem.changePassword(DefaultSecuritySystem.java:539)
at org.sonatype.nexus.security.internal.DefaultSecuritySystem.changePassword(DefaultSecuritySystem.java:533)
at com.weareadaptive.nexus.casc.plugin.internal.NexusCascPlugin.lambda$18(NexusCascPlugin.java:509)
at java.util.ArrayList.forEach(ArrayList.java:1257)
at com.weareadaptive.nexus.casc.plugin.internal.NexusCascPlugin.applySecurityConfig(NexusCascPlugin.java:477)
at com.weareadaptive.nexus.casc.plugin.internal.NexusCascPlugin.doStart(NexusCascPlugin.java:110)
at org.sonatype.nexus.common.stateguard.StateGuardLifecycleSupport.start(StateGuardLifecycleSupport.java:69)
at org.sonatype.nexus.common.stateguard.MethodInvocationAction.run(MethodInvocationAction.java:39)
at org.sonatype.nexus.common.stateguard.StateGuard$TransitionImpl.run(StateGuard.java:193)
at org.sonatype.nexus.common.stateguard.TransitionsInterceptor.invoke(TransitionsInterceptor.java:56)
at org.sonatype.nexus.extender.NexusLifecycleManager.startComponent(NexusLifecycleManager.java:199)
at org.sonatype.nexus.extender.NexusLifecycleManager.to(NexusLifecycleManager.java:111)
at org.sonatype.nexus.extender.NexusContextListener.moveToPhase(NexusContextListener.java:321)
at org.sonatype.nexus.extender.NexusContextListener.frameworkEvent(NexusContextListener.java:218)
at org.apache.felix.framework.Felix.setActiveStartLevel(Felix.java:1431)
at org.apache.felix.framework.FrameworkStartLevelImpl.run(FrameworkStartLevelImpl.java:308)
at java.lang.Thread.run(Thread.java:748)