{"id":31528851,"url":"https://github.com/elwin013/nexus3-gitlab-patauth-plugin","last_synced_at":"2025-10-04T00:35:49.911Z","repository":{"id":184411876,"uuid":"671658643","full_name":"elwin013/nexus3-gitlab-patauth-plugin","owner":"elwin013","description":"A plugin for Sonatype Nexus OSS that adds an authentication realm allowing to authenticate using GitLab username and personal access token (PAT).","archived":false,"fork":false,"pushed_at":"2025-01-10T14:32:34.000Z","size":77,"stargazers_count":4,"open_issues_count":0,"forks_count":1,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-01-10T15:37:24.937Z","etag":null,"topics":["gitlab","nexus3"],"latest_commit_sha":null,"homepage":"","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/elwin013.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":["elwin013"]}},"created_at":"2023-07-27T20:47:00.000Z","updated_at":"2025-01-10T14:32:39.000Z","dependencies_parsed_at":null,"dependency_job_id":"e6780312-6caf-4ee0-b512-dbad7500fdf4","html_url":"https://github.com/elwin013/nexus3-gitlab-patauth-plugin","commit_stats":null,"previous_names":["elwin013/nexus3-gitlab-patauth-plugin"],"tags_count":5,"template":false,"template_full_name":null,"purl":"pkg:github/elwin013/nexus3-gitlab-patauth-plugin","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/elwin013%2Fnexus3-gitlab-patauth-plugin","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/elwin013%2Fnexus3-gitlab-patauth-plugin/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/elwin013%2Fnexus3-gitlab-patauth-plugin/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/elwin013%2Fnexus3-gitlab-patauth-plugin/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/elwin013","download_url":"https://codeload.github.com/elwin013/nexus3-gitlab-patauth-plugin/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/elwin013%2Fnexus3-gitlab-patauth-plugin/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":278250015,"owners_count":25955839,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-03T02:00:06.070Z","response_time":53,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["gitlab","nexus3"],"created_at":"2025-10-04T00:35:48.446Z","updated_at":"2025-10-04T00:35:49.900Z","avatar_url":"https://github.com/elwin013.png","language":"Java","funding_links":["https://github.com/sponsors/elwin013"],"categories":[],"sub_categories":[],"readme":"# nexus3-gitlab-patauth-plugin\n\nA plugin for Sonatype Nexus OSS that adds an authentication realm allowing to authenticate using GitLab username and\npersonal access token (PAT) with scopes:\n* `read_user` to get information about the user,\n* `read_api` to get information about available groups for the user who is logging in.\n\nSuccessfully logged-in user groups will be mapped into roles (if a role in Nexus is created). For more details on that\nand additional configuration—see below.\n\nThe reason for `read_api` scope is security—it is safer to use only non-admin user credentials in the other services.\n\nVerified working with Nexus 3.42.0, 3.56.0 and 3.58.1, 3.67.0, 3.76.0. Should work with other versions too. :-)\n\n## Setup\n\n### Installation\n\nIn below steps `${NEXUS_DIR}` is a Nexus directory with binaries. In most cases it is `/opt/sonatype/nexus` or `/opt/nexus`.\n\n#### 1. Add plugin to Nexus\n\nIn general, do the steps mentioned in [this nexus development guide](https://sonatype-nexus-community.github.io/nexus-development-guides/plugin-install.html).\n\nThe simplest solution is to run single command to download `jar` into the `${NEXUS_DIR}/deploy` folder.\nExample of command for the current version below—it assumes that your `${NEXUS_DIR}` is `/opt/sonatype/nexus`.\nPlease note that in some cases it can be `/opt/nexus` - you should tweak it accordingly.\n\n```sh\nwget -O /opt/sonatype/nexus/deploy/nexus3-gitlab-patauth-plugin-3.0.1.jar https://github.com/elwin013/nexus3-gitlab-patauth-plugin/releases/download/v3.0.1/nexus3-gitlab-patauth-plugin-3.0.1.jar\n```\n\n#### 2. Create configuration\n\nCreate `${NEXUS_DIR}/etc/gitlabpatauth.properties` configuration. You can copy `gitlabpatauth.properties.README`\nfrom this repository and tweak it to your needs. For details see the aforementioned file and _Configuration_ section\nbelow.\n\n#### 3. Restart nexus :-)\n\nRestart Nexus to let it pick up the newly installed plugin.\n\n#### 4. Enable _GitLab PAT Authentication Realm_\n\nGo to Nexus Administration → Security → Realms and enable _GitLab PAT Authentication Realm_ (move it to the right) and\nsave. It should go after the built-in realms.\n\n#### 5. Create roles that should be mapped and add permissions\n\nGo to Administration → Security → Roles and create any roles (with type \"Nexus role\") that you want to be mapped.\nPlease note that `id` of the role needs to be equal to the path of the GitLab group.\n\n### Configuration\n\nPlease see `gitlabpatauth.properties.README` for the properties file with default values. Copy this file to\n`${NEXUS_DIR}/etc/gitlabpatauth.properties` and tweak them accordingly.\n\nAvailable properties:\n* `gitlab.url` - URL of Gitlab instance\n* `gitlab.cache-ttl-minutes` - Time to cache login info of a user\n* `gitlab.group-minimal-access-level` - Minimal user's access level for group - groups, where the user has access above\n   or equal to this level, will be fetched from GitLab\n* `gitlab.groups-allowed` - Comma separated list of allowed groups to login\n* `gitlab.groups-mapped` - Comma separated list of mapped groups to roles\n\nFor default values please see `gitlabpatauth.properties.README` file.\n\n## Usage\n\n### Generate Personal Access Token\n\nBelow steps must be done by every user who wants to access Nexus:\n1. Go to `${GITLAB_URL}/-/profile/personal_access_tokens` (where `${GITLAB_URL}` is your GitLab instance)\n2. Add a new personal access token with any name scopes `read_user` and `read_api`\n3. Save the generated token\n\n### Login to Nexus\n\nAfter generating the token, users can log in to Nexus using their Gitlab username and token. That pair can be also used\nfor logging in to download dependencies (for example, in Maven's `settings.xml` or when using `npm login`).\n\n## Development\n\nFor development purposes, there is a Dockerfile and docker-compose.yml file in this repository.  This allows quickly\nspinning up a Nexus instance with a preinstalled plugin. Nexus instance will be available on port 8081 and debugging port\n(for Java remote debug) is 8082.\n\nDocker compose configuration creates docker volume for `nexus-data` - thanks to that there is no need to set up\nNexus from scratch every time the container is recreated.\n\nThere are run configurations for Intellij that allow to spin it up with one click (`run nexus with plugin` which\nrun packaging and recreates the container) and connect remote debugging (`debug plugin` configuration).\n\nTo build a plugin run `mvn clean package`.\n\n## Additional notes\n\n### Accessing the internal H2 database\n\nFrom version 3.70 OrientDB database is no longer supported in Nexus. One of the possible replacements is H2.\n\nTo access the database, you need to add the following lines to `/opt/sonatype/sonatype-work/nexus3/etc/nexus.properties`\n\n```\nnexus.h2.httpListenerEnabled=true\nnexus.h2.httpListenerPort=8099\n```\n\nAfter restart, you can access it through UI on port 8099 (in case of Docker Compose setup it will be at `http://localhost:8099`).\nIn the login window change the JDBC URL to `jdbc:h2:file:nexus`, leave `User Name` and `Password` empty - as on the image:\n\n![nexus-h2-access.png](nexus-h2-access.png)\n\n## License\n\n[MIT](LICENSE)","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Felwin013%2Fnexus3-gitlab-patauth-plugin","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Felwin013%2Fnexus3-gitlab-patauth-plugin","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Felwin013%2Fnexus3-gitlab-patauth-plugin/lists"}