maven-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Olivier Lamy (JIRA)" <j...@codehaus.org>
Subject [jira] (WAGON-422) HTTP wagon AuthScope is not definable from settings
Date Wed, 01 Oct 2014 00:23:10 GMT

     [ https://jira.codehaus.org/browse/WAGON-422?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Olivier Lamy updated WAGON-422:
-------------------------------

    Fix Version/s: 2.8

> HTTP wagon AuthScope is not definable from settings
> ---------------------------------------------------
>
>                 Key: WAGON-422
>                 URL: https://jira.codehaus.org/browse/WAGON-422
>             Project: Maven Wagon
>          Issue Type: Bug
>          Components: wagon-http
>    Affects Versions: 2.7, 2.8
>         Environment: All
>            Reporter: leon franzen
>            Assignee: Olivier Lamy
>             Fix For: 2.8
>
>         Attachments: wagon.patch
>
>
> Based on our needs as described in this post to the mailing list:
> {quote}
> We are trying to stand up a highly-available Maven repository that is protected by an
SSO solution using Basic Auth over SSL.  The architecture is as follows:
> 1.)    Maven clients connect over the internet to the repository using maven.example.com
> 2.)    maven.example.com is a hardware load balancer DNS alias that uses HTTP 301 to
redirect to repo.example.com
> 3.)    repo.example.com uses HTTP 302 to redirect the request to login.example.com
> 4.)    login.example.com sends back HTTP 401 to require authentication
> 5.)    The client returns the request with the Authorization header and login.example.com
uses HTTP 302 to redirect the request back to repo.example.com with the proper Authorization
header and retrieve the artifact.
>  
> We define the repository in settings.xml with a url of https://maven.example.com.  The
problem we are running into is that the Maven HTTP Wagon code is setting the AuthScope based
on the Repository URL’s host (and port, if supplied).
>                 Credentials creds = new UsernamePasswordCredentials( username, password
);
>                 String host = getRepository().getHost();
>                 int port = getRepository().getPort() > -1 ? getRepository().getPort()
: AuthScope.ANY_PORT;
>  
>                 credentialsProvider.setCredentials( new AuthScope( host, port ), creds
);
> As such, the AuthScope is created with “maven.example.com” and “-1”
(i.e., AuthScope.ANY_PORT).  This causes the Authorization header to not be returned in response
to the HTTP 401 challenge and Maven simply moves on to try to retrieve the artifact from Maven
Central (but the artifact isn’t there…).
> From reading the code, there doesn’t appear to be any way of telling Maven to set
the AuthScope realm to a value that we specify (and the AuthScope host to AuthScope.ANY_HOST).
 Are we missing something obvious or, as we believe, do we need to enhance Maven to support
this type of configuration?
> {quote}
> We are submitting a patch that provides customization of AuthScope fields via wagon settings.
 Allows AuthScope host and port to differ from the associated repository host and port if
needed.  Value of "ANY" permits more flexible AuthScope.
> An example configuration snippet, providing AuthScope of any host, any port and specific
realm would look like:
> {code:borderStyle=solid}
> <server>
>       <id>server-id</id>
>       <username>user</username>
>       <password>password</password>
>       <configuration>
>           <basicAuthScope>
>               <host>ANY</host>
>               <port>ANY</port>
>               <realm>My Realm</realm>
>            </basicAuthScope>
>            <httpConfiguration>
>                 <all>
>                     <params>
>                         <property>
>                             <name>http.protocol.max-redirects</name>
>                             <value>%i,20</value>
>                         </property>
>                         <property>
>                             <name>http.protocol.allow-circular-redirects</name>
>                             <value>%b,true</value>
>                         </property>
>                     </params>
>                 </all>
>             </httpConfiguration>
>       </configuration>
>     </server>
> {code}
> The feature also allows for the same AuthScope overrides for proxy Basic auth using the
<proxyBasicAuthScope> element..



--
This message was sent by Atlassian JIRA
(v6.1.6#6162)

Mime
View raw message