[maven-resolver] branch master updated: [MRESOLVER-341] Preemptive PUT auth (#265)

Tue, 07 Mar 2023 02:54:23 -0800 

This is an automated email from the ASF dual-hosted git repository.

cstamas pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/maven-resolver.git


The following commit(s) were added to refs/heads/master by this push:
     new 28fec45f [MRESOLVER-341] Preemptive PUT auth (#265)
28fec45f is described below

commit 28fec45f15f24bbee8b3584f09425e75ae7104ab
Author: Tamas Cservenak <[email protected]>
AuthorDate: Tue Mar 7 11:54:13 2023 +0100

    [MRESOLVER-341] Preemptive PUT auth (#265)
    
    As resolver faces many broken servers that
    does expect broken behaviour to blindly do
    preemptive auth for PUT.
    
    By default this is enabled to do same thing as Wagon did.
    
    ---
    
    https://issues.apache.org/jira/browse/MRESOLVER-341
---
 .../eclipse/aether/transport/http/HttpTransporter.java    | 15 +++++++++++----
 .../aether/transport/http/HttpTransporterTest.java        | 14 ++++++++++++++
 src/site/markdown/configuration.md                        |  3 ++-
 3 files changed, 27 insertions(+), 5 deletions(-)

diff --git 
a/maven-resolver-transport-http/src/main/java/org/eclipse/aether/transport/http/HttpTransporter.java
 
b/maven-resolver-transport-http/src/main/java/org/eclipse/aether/transport/http/HttpTransporter.java
index da56f33a..ea304f2e 100644
--- 
a/maven-resolver-transport-http/src/main/java/org/eclipse/aether/transport/http/HttpTransporter.java
+++ 
b/maven-resolver-transport-http/src/main/java/org/eclipse/aether/transport/http/HttpTransporter.java
@@ -97,6 +97,8 @@ final class HttpTransporter extends AbstractTransporter {
 
     static final String SUPPORT_WEBDAV = "aether.connector.http.supportWebDav";
 
+    static final String PREEMPTIVE_PUT_AUTH = 
"aether.connector.http.preemptivePutAuth";
+
     private static final Pattern CONTENT_RANGE_PATTERN =
             Pattern.compile("\\s*bytes\\s+([0-9]+)\\s*-\\s*([0-9]+)\\s*/.*");
 
@@ -122,6 +124,8 @@ final class HttpTransporter extends AbstractTransporter {
 
     private final boolean preemptiveAuth;
 
+    private final boolean preemptivePutAuth;
+
     private final boolean supportWebDav;
 
     HttpTransporter(
@@ -168,7 +172,10 @@ final class HttpTransporter extends AbstractTransporter {
                 ConfigurationProperties.DEFAULT_HTTP_PREEMPTIVE_AUTH,
                 ConfigurationProperties.HTTP_PREEMPTIVE_AUTH + "." + 
repository.getId(),
                 ConfigurationProperties.HTTP_PREEMPTIVE_AUTH);
-        this.supportWebDav =
+        this.preemptivePutAuth = // defaults to true: Wagon does same
+                ConfigUtils.getBoolean(
+                        session, true, PREEMPTIVE_PUT_AUTH + "." + 
repository.getId(), PREEMPTIVE_PUT_AUTH);
+        this.supportWebDav = // defaults to false: who needs it will enable it
                 ConfigUtils.getBoolean(session, false, SUPPORT_WEBDAV + "." + 
repository.getId(), SUPPORT_WEBDAV);
         String credentialEncoding = ConfigUtils.getString(
                 session,
@@ -367,11 +374,11 @@ final class HttpTransporter extends AbstractTransporter {
     }
 
     private void prepare(HttpUriRequest request, SharingHttpContext context) {
-        if (preemptiveAuth) {
-            context.getAuthCache().put(server, new BasicScheme());
+        final boolean put = 
HttpPut.METHOD_NAME.equalsIgnoreCase(request.getMethod());
+        if (preemptiveAuth || (preemptivePutAuth && put)) {
+            state.setAuthScheme(server, new BasicScheme());
         }
         if (supportWebDav) {
-            boolean put = 
HttpPut.METHOD_NAME.equalsIgnoreCase(request.getMethod());
             if (state.getWebDav() == null && (put || 
isPayloadPresent(request))) {
                 HttpOptions req = commonHeaders(new 
HttpOptions(request.getURI()));
                 try (CloseableHttpResponse response = client.execute(server, 
req, context)) {
diff --git 
a/maven-resolver-transport-http/src/test/java/org/eclipse/aether/transport/http/HttpTransporterTest.java
 
b/maven-resolver-transport-http/src/test/java/org/eclipse/aether/transport/http/HttpTransporterTest.java
index bcba729d..200f5b8d 100644
--- 
a/maven-resolver-transport-http/src/test/java/org/eclipse/aether/transport/http/HttpTransporterTest.java
+++ 
b/maven-resolver-transport-http/src/test/java/org/eclipse/aether/transport/http/HttpTransporterTest.java
@@ -910,8 +910,22 @@ public class HttpTransporterTest {
         assertEquals(1, listener.startedCount);
     }
 
+    @Test
+    public void testPut_PreemptiveIsDefault() throws Exception {
+        httpServer.setAuthentication("testuser", "testpass");
+        auth = new AuthenticationBuilder()
+                .addUsername("testuser")
+                .addPassword("testpass")
+                .build();
+        newTransporter(httpServer.getHttpUrl());
+        PutTask task = new 
PutTask(URI.create("repo/file.txt")).setDataString("upload");
+        transporter.put(task);
+        assertEquals(1, httpServer.getLogEntries().size()); // put w/ auth
+    }
+
     @Test
     public void testPut_AuthCache() throws Exception {
+        session.setConfigProperty(HttpTransporter.PREEMPTIVE_PUT_AUTH, false);
         httpServer.setAuthentication("testuser", "testpass");
         auth = new AuthenticationBuilder()
                 .addUsername("testuser")
diff --git a/src/site/markdown/configuration.md 
b/src/site/markdown/configuration.md
index 8f13f059..bb286c2f 100644
--- a/src/site/markdown/configuration.md
+++ b/src/site/markdown/configuration.md
@@ -37,7 +37,8 @@ Option | Type | Description | Default Value | Supports Repo 
ID Suffix
 `aether.connector.http.cacheState` | boolean | Flag indicating whether a 
memory-based cache is used for user tokens, connection managers, expect 
continue requests and authentication schemes. | `true` | no
 `aether.connector.http.credentialEncoding` | String | The encoding/charset to 
use when exchanging credentials with HTTP servers. | `"ISO-8859-1"` | yes
 `aether.connector.http.headers` | `Map<String, String>` | The request headers 
to use for HTTP-based repository connectors. The headers are specified using a 
map of strings mapping a header name to its value. The repository-specific 
headers map is supposed to be complete, i.e. is not merged with the general 
headers map. | - | yes
-`aether.connector.http.preemptiveAuth` | boolean | Should HTTP client use 
preemptive-authentication (works only w/ BASIC) or not. | `false` | yes
+`aether.connector.http.preemptiveAuth` | boolean | Should HTTP client use 
preemptive-authentication for all HTTP verbs (works only w/ BASIC). By default 
is disabled, as it is considered less secure. | `false` | yes
+`aether.connector.http.preemptivePutAuth` | boolean | Should HTTP client use 
preemptive-authentication for HTTP PUTs only (works only w/ BASIC). By default 
is enabled (same as Wagon). | `true` | yes
 `aether.connector.http.retryHandler.count` | int | The maximum number of times 
a request to a remote HTTP server should be retried in case of an error. | `3` 
| yes
 `aether.connector.http.supportWebDav` | boolean | If enabled, transport makes 
best effort to deploy to WebDAV server. This mode is not recommended, better 
use real Maven Repository Manager instead. | `false` | yes
 `aether.connector.https.cipherSuites` | String | Comma-separated list of 
[Cipher 
Suites](https://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#ciphersuites)
 which are enabled for HTTPS connections. | - (no restriction) | no

Reply via email to