geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Jencks <david_jen...@yahoo.com>
Subject No credentials for plugin installer gbean use of remote plugin repos
Date Mon, 15 Sep 2008 17:38:42 GMT
I discovered a pretty big hole in our plugin system,https://issues.apache.org/jira/browse/GERONIMO-4304

.

Basically there doesnt' seem to be a way to supply credentials for the  
plugin installer to access a password protected plugin repo, such as  
another geronimo server.

I can think of 2 immediate solutions to this.

1. include space for username and password in the plugin list schema  
sourceRepository element.  This intrusively ties us to basic auth and  
implies that the credentials are going to be easily visible in a lot  
of places.  On the other hand it doesn't require extra configuration  
of the server to know about specific plugin repos which is more  
convenient than...

2. configure the plugin installer gbean with a repo registry that  
includes credentials.  This would also make it easy to restrict a  
server to using only registered plugin repos which might be a  
desirable feature.

I'm going to go ahead with (2) but would really appreciate comments  
and other ideas as I don't think I've fully thought through the  
consequences of either choice.

thanks
david jencks


Mime
View raw message