Repository Management with Nexus
20.4. User Account Plugin
Nexus Professional’s User Account Plugin allows anonymous users to sign-up for a Nexus account without administrative intervention. This "self-serve" capability for user account creation is especially important when an open source project is using Nexus as a primary means for distribution. In such an environment, there may be hundreds of Nexus users who all need a basic level of read-only access, and making these users wait for an administrator to create an account makes little sense. In such a setting, anyone can create an account, activate the account via a verification email, and then access a repository with a default level of access you can define.
The user account plugin is an optional plugin that comes as part of the Nexus Professional download. The directory containing the plugin code is called nexus-user-account-plugin-X.Y.Z. Install the plugin following the instructions in Section 20.1, “Installing Additional Plugins”.
After a restart of Nexus the installed plugin will be available for use but still be deactivated. To configure the User Account Plugin, click on Server under the Administration section of the Nexus menu, and scroll down to the section named "User Sign Up". The User Sign Up section is shown in Figure 20.6, “Configuring the User Account Plugin”.
To activate the User Sign Up feature, set the "User Sign Up" feature to "On". This will expose a "Sign Up" link next to the "Log In" link in the Nexus user interface. The Selected Roles in this configuration section are the default roles assigned to users who successfully signed up for an account.
In addition it is necessary for the anonymous user to have the role "UI: User Account Sign Up" assigned. This should be automatically configured during the plugin install. You can use the Role Tree tab for the anonymous user to inspect if that is correctly configured, and if necessary add the role
Once User Sign Up has been activated via the Server settings as shown in Section 20.4.2, “Configuring the User Account Plugin”, users will see a Sign Up link next to the Log In link in the top right hand corner of the Nexus interface. Clicking on this Sign Up link will display the Nexus Sign Up dialog shown in Figure 20.7, “Nexus Sign Up Form”. This form accepts a username, password, the first and last name of the new user, and an email account. It also asks the users to type in some text from a captcha form element. If a user cannot read the text in the captcha, they can click on the captcha to refresh it with new text.
Once the new user clicks on the Sign Up button, they will receive a confirmation dialog which instructs them to check for an activation email.
The user will then receive an email containing an activation link.
The SMTP settings in your Nexus Server configuration need to be set up for the activation email to be sent successfully.
When a user signs up for a Nexus account, the newly created account is disabled until they click on the activation link contained in this email. A sample of the activation email is shown in Figure 20.9, “Nexus Activation Email”.
Upon successful login from the activation email link, the user will be directed to the Summary panel of the users Profile.
The example activation email in Figure 20.9, “Nexus Activation Email”, points to localhost:8081. You can change this URL by changing the Base URL setting in the Application Server Settings section of the Server configuration. To change this setting, click on the Server link under Administration in the Nexus menu.
If a user does not receive the activation email after signing up for a new account, an Administrator may need to manually activate a new user. To do this, go to the list of Nexus users by clicking on the Users link under Security in the Nexus menu. Locate and select the new user in the list of Nexus users, and change the Status from Disabled to Enabled as shown in Figure 20.10, “Manually Activating a Signed Up User”.
The default user permissions in the User Sign Up feature only includes "UI: Base UI Privileges". If a user signs up with just this simple permission, the only thing they will be able to do is login, change their password, and logout. Figure 20.11, “User Interface with only the Base UI Privileges”, shows the interface a user would see after logging in with only the base UI privileges.
To provide some sensible default permissions, click on the Server under the Administration section of the Nexus menu and scroll down to the User Sign Up section of the Server settings. Make sure that the selected default roles for new users contain some ability to browse, search, and view repositories.
Figure 20.12, “Selecting Default Roles for New Users” shows a default User Sign Up role containing the Nexus Deployment Role. If your server were available to the public this wouldn’t be a wise default role as it would allow anyone to sign up for an account, activate an account, and start publishing artifacts to hosted repositories with little or no oversight. Such a default role may only make sense if you are running an internal, corporate instance of Nexus Professional and you are comfortable granting any developer in the organization deployment permissions.