Return-Path: Delivered-To: apmail-geronimo-dev-archive@www.apache.org Received: (qmail 75191 invoked from network); 15 Sep 2008 17:39:17 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 15 Sep 2008 17:39:17 -0000 Received: (qmail 63820 invoked by uid 500); 15 Sep 2008 17:39:13 -0000 Delivered-To: apmail-geronimo-dev-archive@geronimo.apache.org Received: (qmail 63274 invoked by uid 500); 15 Sep 2008 17:39:12 -0000 Mailing-List: contact dev-help@geronimo.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: Reply-To: dev@geronimo.apache.org List-Id: Delivered-To: mailing list dev@geronimo.apache.org Received: (qmail 63263 invoked by uid 99); 15 Sep 2008 17:39:12 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 15 Sep 2008 10:39:12 -0700 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: local policy) Received: from [98.136.44.54] (HELO smtp109.prem.mail.sp1.yahoo.com) (98.136.44.54) by apache.org (qpsmtpd/0.29) with SMTP; Mon, 15 Sep 2008 17:38:13 +0000 Received: (qmail 62081 invoked from network); 15 Sep 2008 17:38:45 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Received:X-YMail-OSG:X-Yahoo-Newman-Property:Message-Id:From:To:Content-Type:Content-Transfer-Encoding:Mime-Version:Subject:Date:X-Mailer; b=dmo5V+wMQKk/0Kv28jyLSc3/KL0D8UiJnFhRR0Swqtw4GGINWf52qy2UMW8vAlwfqyS5x4SEcrq7MGnzsfjap9Hkdhyud2e2xNjjxZjFqCzvbiPqM2qRJxUsLmyMa1uGpw9Pbb9CJow71DPto7NHeSSS7mbdLsiOa0Wb3Fi2QJ4= ; Received: from unknown (HELO ?10.11.55.45?) (david_jencks@63.105.20.225 with plain) by smtp109.prem.mail.sp1.yahoo.com with SMTP; 15 Sep 2008 17:38:44 -0000 X-YMail-OSG: roS5RYgVM1kOJMyRKe9G8ZZ5Mb9ydqdhHhmZM1Wu8Lzl06m3.0jYqN3qQ8MtYxHOsHIWARCpyNWAXAuC1P8u6dBcEe5xvz4FkKbOd87Vu5pgqvpgAXhA7MNwwZuftCaTm7yjr_22ftL1JpR1GJEgFxL0 X-Yahoo-Newman-Property: ymail-3 Message-Id: From: David Jencks To: "Geronimo Dev List (JIRA)" Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Apple Message framework v926) Subject: No credentials for plugin installer gbean use of remote plugin repos Date: Mon, 15 Sep 2008 10:38:42 -0700 X-Mailer: Apple Mail (2.926) X-Virus-Checked: Checked by ClamAV on apache.org I discovered a pretty big hole in our plugin system,https://issues.apache.org/jira/browse/GERONIMO-4304 . Basically there doesnt' seem to be a way to supply credentials for the plugin installer to access a password protected plugin repo, such as another geronimo server. I can think of 2 immediate solutions to this. 1. include space for username and password in the plugin list schema sourceRepository element. This intrusively ties us to basic auth and implies that the credentials are going to be easily visible in a lot of places. On the other hand it doesn't require extra configuration of the server to know about specific plugin repos which is more convenient than... 2. configure the plugin installer gbean with a repo registry that includes credentials. This would also make it easy to restrict a server to using only registered plugin repos which might be a desirable feature. I'm going to go ahead with (2) but would really appreciate comments and other ideas as I don't think I've fully thought through the consequences of either choice. thanks david jencks