How to get the authenticated user calling a REST API?


When a Nexus groovy script is called using REST API (POST /v1/script/{name}/run), how is it possible to retreive the authenticated user ? Is there a possiblity to get the “Authorization” header or any other possibility ?

Exercise caution around permissions to the scripting API as it can allow a high level of control over nexus.

Thank you for your fast answer, I had less luck with my question on Stackoverflow :slightly_smiling_face:

Can you please tell me more about your advice ?

In Nexus documentation, it says that you must give the user explicit privileges to do each action of the script. But when we test this, we can see any for example that a user with no privileges can run the script which list all repositories and size (it’s like he’s granted full access to OrientDB), do you confirm this behavior ?

UPDATE : also I tried to add :

String userId = UserIdHelper.get();"UserId : ${userId}")

in a task, and instead of the logged in user, I had :
UserId : *TASK

Am I using the right syntax ?

The scripts aren’t isolated inside of Nexus and can access any internal API. Thus you can call methods which check permissions but also internal calls which will not.

Regarding the user, are you running that script as a task instead of via the REST API?

ok so you never know if the method you call will check permissions or not, you have to do it yourself right ?

About my test, it doesn’t work in a task (userId = “*TASK”) but it works in a API script.