commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Geir Magnusson Jr." <ge...@adeptra.com>
Subject Re: JJar via authenticating proxy
Date Mon, 03 Jun 2002 11:49:23 GMT
On 6/3/02 7:22 AM, "Ross Gardler" <ross@wkwyw.net> wrote:

> (copied back to jakarta-commons in case anywone there has a better idea)
> 

I assume that you didn't guess I sent it privately for a reason?
 
I didn't want there to be any expectation of delivery, as I have an awful
track record lately on this...

But I am working to use for a client, so I expect it'll roll soon.

<sigh>

> Geir Magnusson Jr. wrote:
>>> Is it possible to use the JJar ANT task via an authenticating proxy?
> 
>>> It works fine through a non-authenticating proxy using the
>>> http.proxyHost and http.proxyPort system properties, but with an
>>> authenticating proxy a 407 (authentication failure) is returned.
> 
> 
>> Working on JJAR now, and will be posting code back to commons in the next
>> week or so.
>> 
>> How would this work?  How do you specify the auth info?
> 
> 
> 
> This issue has come about on the Centipede build system which uses JJar
> (www.krysalis.org/centipede).
> 
> The following code snippet illustrates how to connet to an
> authenticating server:
> 

[SNIP]

That is what I thought - the standard HTTP basic auth stuff.  I have the
same code elsewhere I can roll in.


> 
> 1. Put the username and password in the ANT build file and pass them to
> the JJAR test
> 
> 2. Have ant ask for the username and password interactively and pass the
> values to the JJAR task
> 
> 3. Define our own System propoerties to hold the username and password
> and have JJAR extract them from there
> 
> 1 & 3 have a problem in that we either have to force the user to encode
> the values before setting them or we create a security problem by
> storing them unencoded.

Well, uuencoding doesn't make anything secret, just gibberish at first
glance.  And since we would be sending what is effectively cleartext
anyway...
 
> 2 is perhaps the best. We could set a property in the build file
> indicating whether we are connecting through an authenticating proxy or
> not, thus prompting the user for username and password. Furthermore,
> using this method we allow the user to decide if they want to store the
> username/password in the build file and thus prevent the need to type
> them each time.
> 
> What do you think?
>

The problem with 2 is that it doesn't work for anything automated - for
example a build system that is run automatically for testing would need to
have the values somewhere.

I think what we need is to give people the choice - one option to specify
the values like #1, and one for #2, so if you want to keep it secret and do
interactively, you can.

Since we are talking about a security system that does everything in
cleartext, doing something fancier doesn't make sense at first.

-- 
Geir Magnusson Jr.
Research & Development, Adeptra Inc.
geirm@adeptra.com
+1-203-247-1713



--
To unsubscribe, e-mail:   <mailto:commons-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:commons-dev-help@jakarta.apache.org>


Mime
View raw message