maven-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Robert Patrick <robert.patr...@oracle.com>
Subject RE: Maven wagon-http Issue
Date Thu, 25 Sep 2014 12:50:09 GMT
We have looked at this wagon and it does not seem to address our problem.

What I would like to propose is that we go extend the existing Maven wagon-http provider to
allow configuration of the wagon to be able to support more flexible scoping of the credentials
than what is currently possible.  Would you, the Maven developers, be open to such a change?
 If so, what process do we need to go through to make, test, commit the change?

Thanks,
Robert

--
Robert Patrick <robert.patrick@oracle.com>
VP, FMW Platform Engineering, Oracle Corporation
7460 Warren Pkwy, Ste. 300	Office: +1.972.963.2872
Frisco, TX 75034, USA		Mobile: +1.469.556.9450

Professional Oracle WebLogic Server
by Robert Patrick, Gregory Nyberg, and Philip Aston
with Josh Bregman and Paul Done
Book Home Page: http://www.wrox.com/
Kindle Version: http://www.amazon.com/


-----Original Message-----
From: Mark Nelson 
Sent: Thursday, September 25, 2014 12:27 AM
To: dev@maven.apache.org
Subject: Re: Maven wagon-http Issue

Thanks a lot Igor,

I tried this release, and I am still getting authorization errors (see below).  In order to
see what is going on, I have been using a HTTP proxy (fiddler) to see all the requests, headers,
cookies, etc.  To do that, I need to tell Maven to ignore the SSL, which I have been doing
using these command line options:

-Dmaven.wagon.http.ssl.insecure=true -Dmaven.wagon.http.ssl.allowall=true

Is there a capability to do something like this with your wagon? That will let me work out
how far it is getting/where it is failing.  I will try to use a -Djavax.net.debug=ALL and
see if I can learn anything from that.

         ... 31 more
Caused by: io.takari.aether.connector.AuthorizationException: Access denied to https://*****.
Error code 401, Authorization Required
         at
io.takari.aether.connector.AetherRepositoryConnector.handleResponseCode(AetherRepositoryConnector.java:367)
         at
io.takari.aether.connector.AetherRepositoryConnector.access$900(AetherRepositoryConnector.java:95)
         at
io.takari.aether.connector.AetherRepositoryConnector$GetTask.resumableGet(AetherRepositoryConnector.java:614)
         at
io.takari.aether.connector.AetherRepositoryConnector$GetTask.run(AetherRepositoryConnector.java:456)
         at
io.takari.aether.connector.AetherRepositoryConnector.get(AetherRepositoryConnector.java:297)
         ... 33 more
[ERROR]
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following
articles:
[ERROR] [Help 1]
http://cwiki.apache.org/confluence/display/MAVEN/DependencyResolutionException

Thanks again,

Mark Nelson | Architect | 61.2.9491.1177 Platform Engineering Oracle Development http://redstack.wordpress.com/

"Oracle BPM Suite 11g: Advanced BPMN Topics"
by Mark Nelson and Tanya Williams
http://bit.ly/UbNKLD

On 9/25/2014 12:34 PM, Igor Fedorenko wrote:
> No, you are not missing anything. We don't usually use the connector 
> as build extension and there appear some sisu/guice related bugs that 
> result in the exception you see.
>
> I just released version 0.12.1 of the connector, which appears to work 
> with maven 3.2.3 and I assume will work with earlier 3.2.1 versions too.
> You can get the new version from our releases repository [1] or wait 
> another 15-20 minutes before the artifacts are synced to central.
>
> Please note that with pom.xml <extensions> you will still use maven 
> default http/https wagon to download the connector itself. This is why 
> we normally use the connector as part of custom maven distribution, 
> like the one we embed in m2e, for example.
>
> [1] 
> http://repository.takari.io:8081/nexus/content/repositories/releases/
>
> --
> Regards,
> Igor
>
> On 2014-09-24, 22:20, Mark Nelson wrote:
>> Same error with 0.12.0 - maybe I am missing some necessary 
>> configuration?
>> All I did was add a build/extension with the GAV for this wagon.
>> Is there anything else I need to do to enable it?
>>
>> Mark Nelson | Architect | 61.2.9491.1177 Platform Engineering Oracle 
>> Development http://redstack.wordpress.com/
>>
>> "Oracle BPM Suite 11g: Advanced BPMN Topics"
>> by Mark Nelson and Tanya Williams
>> http://bit.ly/UbNKLD
>>
>> On 9/25/2014 12:11 PM, Mark Nelson wrote:
>>> Thanks for the suggestion, but it still gives the same error.
>>>
>>> Mark Nelson | Architect | 61.2.9491.1177 Platform Engineering Oracle 
>>> Development http://redstack.wordpress.com/
>>>
>>> "Oracle BPM Suite 11g: Advanced BPMN Topics"
>>> by Mark Nelson and Tanya Williams
>>> http://bit.ly/UbNKLD
>>>
>>> On 9/25/2014 12:04 PM, Jason van Zyl wrote:
>>>> We updated 0.13.1 of the connector to use Aether 1.0, but 3.2.3 
>>>> still uses 0.9.0.M2 so you'll need to use the 0.13.0 version of the 
>>>> connector. There were API changes in Aether.
>>>>
>>>> On Sep 24, 2014, at 9:11 PM, Mark Nelson <mark.x.nelson@oracle.com>
>>>> wrote:
>>>>
>>>>> I tired 3.2.1 and 3.2.3.
>>>>>
>>>>> Mark Nelson | Architect | 61.2.9491.1177 Platform Engineering 
>>>>> Oracle Development http://redstack.wordpress.com/
>>>>>
>>>>> "Oracle BPM Suite 11g: Advanced BPMN Topics"
>>>>> by Mark Nelson and Tanya Williams
>>>>> http://bit.ly/UbNKLD
>>>>>
>>>>> On 9/25/2014 11:09 AM, Igor Fedorenko wrote:
>>>>>> What maven version do you use?
>>>>>>
>>>>>> On September 24, 2014 9:00:00 PM EDT, Mark Nelson 
>>>>>> <mark.x.nelson@oracle.com> wrote:
>>>>>>> Hi Igor,
>>>>>>>
>>>>>>> I am trying to use this okhttp-based wagon, but it is giving
me 
>>>>>>> an odd error that I have not seen before.
>>>>>>> I tried different versions of Maven and Java (7 and 8), and I

>>>>>>> went through the code to see if I could find any configuration

>>>>>>> properties that I needed to set in a build/plugin/configuration

>>>>>>> entry, but I could
>>>>>>>
>>>>>>> not find anything.
>>>>>>>
>>>>>>> I added the wagon like this:
>>>>>>>
>>>>>>>        <extension>
>>>>>>> <groupId>io.takari.aether</groupId>
>>>>>>> <artifactId>aether-connector-okhttp</artifactId>
>>>>>>>          <version>0.13.1</version>
>>>>>>>        </extension>
>>>>>>>
>>>>>>> And the error is below.
>>>>>>>
>>>>>>> Would very much appreciate if you could point out anything I
am 
>>>>>>> missing/doing wrong.
>>>>>>>
>>>>>>>
>>>>>>> [INFO]
>>>>>>> ----------------------------------------------------------------
>>>>>>> --------
>>>>>>>
>>>>>>>
>>>>>>> [INFO] BUILD FAILURE
>>>>>>> [INFO]
>>>>>>> ----------------------------------------------------------------
>>>>>>> --------
>>>>>>>
>>>>>>>
>>>>>>> [INFO] Total time: 0.595 s
>>>>>>> [INFO] Finished at: 2014-09-25T10:49:50+10:00 [INFO] Final 
>>>>>>> Memory: 5M/288M [INFO]
>>>>>>> ----------------------------------------------------------------
>>>>>>> --------
>>>>>>>
>>>>>>>
>>>>>>> [ERROR] Internal error: com.google.inject.ProvisionException:

>>>>>>> Guice provision errors:
>>>>>>> [ERROR]
>>>>>>> [ERROR] 1) null returned by binding at 
>>>>>>> org.eclipse.sisu.wire.LocatorWiring
>>>>>>> [ERROR] but parameter 1 of
>>>>>>> io.takari.aether.connector.AetherRepositoryConnectorFactory.<ini
>>>>>>> t>()
>>>>>>>
>>>>>>> is
>>>>>>>
>>>>>>> not @Nullable
>>>>>>> [ERROR] while locating javax.net.ssl.SSLSocketFactory [ERROR]

>>>>>>> for parameter 1 at 
>>>>>>> io.takari.aether.connector.AetherRepositoryConnectorFactory.<ini
>>>>>>> t>(Unknown
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Source)
>>>>>>> [ERROR] while locating
>>>>>>> io.takari.aether.connector.AetherRepositoryConnectorFactory
>>>>>>> [ERROR] at
>>>>>>> ClassRealm[extension>io.takari.aether:aether-connector-okhttp:0.
>>>>>>> 13.1,
>>>>>>>
>>>>>>> parent: sun.misc.Launcher$AppClassLoader@5c647e05]
>>>>>>> [ERROR] at
>>>>>>> ClassRealm[extension>io.takari.aether:aether-connector-okhttp:0.
>>>>>>> 13.1,
>>>>>>>
>>>>>>> parent: sun.misc.Launcher$AppClassLoader@5c647e05]
>>>>>>> [ERROR] while locating
>>>>>>> org.eclipse.aether.spi.connector.RepositoryConnectorFactory
>>>>>>> annotated
>>>>>>> with @com.google.inject.name.Named(value=
>>>>>>> okhttp)
>>>>>>> [ERROR]
>>>>>>> [ERROR] 1 error
>>>>>>> [ERROR] -> [Help 1]
>>>>>>> org.apache.maven.InternalErrorException: Internal error:
>>>>>>> com.google.inject.ProvisionException: Guice provision errors:
>>>>>>>
>>>>>>> 1) null returned by binding at org.eclipse.sisu.wire.LocatorWiring
>>>>>>>   but parameter 1 of
>>>>>>> io.takari.aether.connector.AetherRepositoryConnectorFactory.<ini
>>>>>>> t>()
>>>>>>>
>>>>>>> is
>>>>>>>
>>>>>>> not @Nullable
>>>>>>>    while locating javax.net.ssl.SSLSocketFactory
>>>>>>>      for parameter 1 at
>>>>>>> io.takari.aether.connector.AetherRepositoryConnectorFactory.<ini
>>>>>>> t>(Unknown
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Source)
>>>>>>>    while locating
>>>>>>> io.takari.aether.connector.AetherRepositoryConnectorFactory
>>>>>>>    at
>>>>>>> ClassRealm[extension>io.takari.aether:aether-connector-okhttp:0.
>>>>>>> 13.1,
>>>>>>>
>>>>>>> parent: sun.misc.Launcher$AppClassLoader@5c647e05]
>>>>>>>    at
>>>>>>> ClassRealm[extension>io.takari.aether:aether-connector-okhttp:0.
>>>>>>> 13.1,
>>>>>>>
>>>>>>> parent: sun.misc.Launcher$AppClassLoader@5c647e05]
>>>>>>>    while locating
>>>>>>> org.eclipse.aether.spi.connector.RepositoryConnectorFactory
>>>>>>> annotated
>>>>>>> with @com.google.inject.name.Named(value=okhttp
>>>>>>> )
>>>>>>>
>>>>>>> 1 error
>>>>>>>          at
>>>>>>> org.apache.maven.lifecycle.internal.builder.BuilderCommon.handle
>>>>>>> BuildError(BuilderCommon.java:147)
>>>>>>>
>>>>>>>
>>>>>>>          at
>>>>>>> org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.build
>>>>>>> Project(LifecycleModuleBuilder.java:129)
>>>>>>>
>>>>>>>
>>>>>>>          at
>>>>>>> org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.build
>>>>>>> Project(LifecycleModuleBuilder.java:80)
>>>>>>>
>>>>>>>
>>>>>>>          at
>>>>>>> org.apache.maven.lifecycle.internal.builder.singlethreaded.Singl
>>>>>>> eThreadedBuilder.build(SingleThreadedBuilder.java:51)
>>>>>>>
>>>>>>>
>>>>>>>          at
>>>>>>> org.apache.maven.lifecycle.internal.LifecycleStarter.execute(Lif
>>>>>>> ecycleStarter.java:120)
>>>>>>>
>>>>>>>
>>>>>>>       at
>>>>>>> org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:347)
>>>>>>>         at
>>>>>>> org.apache.maven.DefaultMaven.execute(DefaultMaven.java:154)
>>>>>>>          at
>>>>>>> org.apache.maven.cli.MavenCli.execute(MavenCli.java:582)
>>>>>>>          at org.apache.maven.cli.MavenCli.doMain(MavenCli.java:214)
>>>>>>>          at org.apache.maven.cli.MavenCli.main(MavenCli.java:158)
>>>>>>>          at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
>>>>>>> Method)
>>>>>>>          at
>>>>>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessor
>>>>>>> Impl.java:62)
>>>>>>>
>>>>>>>
>>>>>>>          at
>>>>>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethod
>>>>>>> AccessorImpl.java:43)
>>>>>>>
>>>>>>>
>>>>>>>          at java.lang.reflect.Method.invoke(Method.java:483)
>>>>>>>          at
>>>>>>> org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced
>>>>>>> (Launcher.java:289)
>>>>>>>
>>>>>>>
>>>>>>>          at
>>>>>>> org.codehaus.plexus.classworlds.launcher.Launcher.launch(Launche
>>>>>>> r.java:229)
>>>>>>>
>>>>>>>
>>>>>>>          at
>>>>>>> org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCo
>>>>>>> de(Launcher.java:415)
>>>>>>>
>>>>>>>
>>>>>>>          at
>>>>>>> org.codehaus.plexus.classworlds.launcher.Launcher.main(Launcher.
>>>>>>> java:356)
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Mark Nelson | Architect | 61.2.9491.1177 Platform Engineering

>>>>>>> Oracle Development http://redstack.wordpress.com/
>>>>>>>
>>>>>>> "Oracle BPM Suite 11g: Advanced BPMN Topics"
>>>>>>> by Mark Nelson and Tanya Williams http://bit.ly/UbNKLD
>>>>>>>
>>>>>>> On 9/25/2014 7:54 AM, Igor Fedorenko wrote:
>>>>>>>> There is yet another http connector implementation [1] (the

>>>>>>>> more the merrier, right? :-) ). It is based on square okhttp

>>>>>>>> client and is
>>>>>>> pretty
>>>>>>>> simple. I didn't try redirects, but auth credentials are
not 
>>>>>>>> scoped
>>>>>>> to a
>>>>>>>> specific url, so there is a chance this connector may work.
>>>>>>>>
>>>>>>>> This is the connector used in m2e, so it should be reasonable

>>>>>>>> well tested at this point.
>>>>>>>>
>>>>>>>> [1] https://github.com/tesla/aether-connector-okhttp
>>>>>>>>
>>>>>>>> --
>>>>>>>> Regards,
>>>>>>>> Igor
>>>>>>>>
>>>>>>>> On 2014-09-24, 17:46, Robert Patrick wrote:
>>>>>>>>> Hi,
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Sorry if this isn't worthy of the developers list but
I 
>>>>>>>>> believe that it is appropriate.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> We are trying to stand up a highly-available Maven repository

>>>>>>>>> that
>>>>>>> is
>>>>>>>>> protected by an SSO solution using Basic Auth over SSL.
The 
>>>>>>>>> architecture is as follows:
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> 1.)    Maven clients connect over the internet to the
repository
>>>>>>>>> using maven.example.com
>>>>>>>>>
>>>>>>>>> 2.)    maven.example.com is a hardware load balancer
DNS alias 
>>>>>>>>> that
>>>>>>>>> uses HTTP 301 to redirect to repo.example.com
>>>>>>>>>
>>>>>>>>> 3.)    repo.example.com uses HTTP 302 to redirect the
request to
>>>>>>>>> login.example.com
>>>>>>>>>
>>>>>>>>> 4.)    login.example.com sends back HTTP 401 to require
>>>>>>> authentication
>>>>>>>>> 5.)    The client returns the request with the Authorization

>>>>>>>>> header
>>>>>>>>> and login.example.com uses HTTP 302 to redirect the request

>>>>>>>>> back to repo.example.com with the proper Authorization
header 
>>>>>>>>> and retrieve the artifact.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> We define the repository in settings.xml with a url of

>>>>>>>>> https://maven.example.com.  The problem we are running
into is 
>>>>>>>>> that the Maven HTTP Wagon code is setting the AuthScope
based 
>>>>>>>>> on the Repository URL's host (and port, if supplied).
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>                   Credentials creds = new
>>>>>>> UsernamePasswordCredentials(
>>>>>>>>> username, password );
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>                   String host = getRepository().getHost();
>>>>>>>>>
>>>>>>>>>                   int port = getRepository().getPort()
> -1 ?
>>>>>>>>> getRepository().getPort() : AuthScope.ANY_PORT;
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> credentialsProvider.setCredentials( new AuthScope( host,
port 
>>>>>>>>> ), creds );
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> As such, the AuthScope is created with "maven.example.com"
and 
>>>>>>>>> "-1"
>>>>>>>>> (i.e., AuthScope.ANY_PORT).  This causes the Authorization

>>>>>>>>> header to not be returned in response to the HTTP 401

>>>>>>>>> challenge and Maven simply moves on to try to retrieve
the 
>>>>>>>>> artifact from Maven Central (but the artifact isn't there.).
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>   From reading the code, there doesn't appear to be any
way of
>>>>>>> telling
>>>>>>>>> Maven to set the AuthScope realm to a value that we specify

>>>>>>>>> (and the AuthScope host to AuthScope.ANY_HOST).  Are
we 
>>>>>>>>> missing something obvious or, as we believe, do we need
to 
>>>>>>>>> enhance Maven to support this type of configuration?
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> We really need for this to work so what do you suggest?
 We 
>>>>>>>>> had this mostly working with the 
>>>>>>>>> org.sonatype.maven:wagon-ahc:1.2.1 wagon but we were
running 
>>>>>>>>> into an issue where Maven was dropping the Authorization

>>>>>>>>> header when fetching the artifact's checksum file, which
made 
>>>>>>>>> that solution unworkable.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Thanks,
>>>>>>>>>
>>>>>>>>> Robert
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>>
>>>>>>>>> Robert Patrick <HYPERLINK
>>>>>>>>> "mailto:robert.patrick@oracle.com"robert.patrick@oracle.com>
>>>>>>>>>
>>>>>>>>> VP, FMW Platform Engineering, Oracle Corporation
>>>>>>>>>
>>>>>>>>> 7460 Warren Pkwy, Ste. 300       Office: +1.972.963.2872
>>>>>>>>>
>>>>>>>>> Frisco, TX 75034, USA                   Mobile: +1.469.556.9450
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> HYPERLINK
>>>>>>>>>
>>>>>>> "http://www.amazon.com/Professional-Oracle-WebLogic-Server-Patri
>>>>>>> ck/dp/0470484306/"Professional
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>>> Oracle WebLogic Server
>>>>>>>>>
>>>>>>>>> by Robert Patrick, Gregory Nyberg, and Philip Aston
>>>>>>>>>
>>>>>>>>> with Josh Bregman and Paul Done
>>>>>>>>>
>>>>>>>>> Book Home Page: HYPERLINK
>>>>>>>>>
>>>>>>> "http://www.wrox.com/WileyCDA/WroxTitle/Professional-Oracle-WebL
>>>>>>> ogic-Server.productCd-0470484306.html"http://www.wrox.com/
>>>>>>>
>>>>>>>
>>>>>>>>> Kindle Version: HYPERLINK
>>>>>>>>>
>>>>>>> "http://www.amazon.com/Professional-Oracle-WebLogic-Server-ebook
>>>>>>> /dp/B004HD69J2/"http://www.amazon.com/
>>>>>>>
>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>> ---------------------------------------------------------------
>>>>>>>> ------
>>>>>>>>
>>>>>>>>
>>>>>>>> To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For 
>>>>>>>> additional commands, e-mail: dev-help@maven.apache.org
>>>>>>>>
>>>>>>> ----------------------------------------------------------------
>>>>>>> -----
>>>>>>>
>>>>>>> To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org For

>>>>>>> additional commands, e-mail: dev-help@maven.apache.org
>>>>>
>>>>> ------------------------------------------------------------------
>>>>> --- To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org For 
>>>>> additional commands, e-mail: dev-help@maven.apache.org
>>>>>
>>>> Thanks,
>>>>
>>>> Jason
>>>>
>>>> ----------------------------------------------------------
>>>> Jason van Zyl
>>>> Founder,  Apache Maven
>>>> http://twitter.com/jvanzyl
>>>> http://twitter.com/takari_io
>>>> ---------------------------------------------------------
>>>>
>>>> To do two things at once is to do neither.
>>>>     -- Publilius Syrus, Roman slave, first century B.C.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>
>>>
>>> --------------------------------------------------------------------
>>> - To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org For 
>>> additional commands, e-mail: dev-help@maven.apache.org
>>>
>>>
>>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org For 
>> additional commands, e-mail: dev-help@maven.apache.org
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org For 
> additional commands, e-mail: dev-help@maven.apache.org
>
>
>


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org For additional commands, e-mail:
dev-help@maven.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org


Mime
View raw message