We filed an issue for the missing functionality that we need to support protecting a Maven repository with an SSO solution and submitted a patch for it (http://jira.codehaus.org/browse/WAGON-422).
It would be great if someone could take a look at let us know if we need to do anything else to get this included in the next release of Maven. If not, we will be forced to fork the code and create our own wagon and that our customers can use to access our repository. Please let us know which path to pursue... Thanks, Robert -- Robert Patrick <robert.patr...@oracle.com> VP, FMW Platform Engineering, Oracle Corporation 7460 Warren Pkwy, Ste. 300 Office: +1.972.963.2872 Frisco, TX 75034, USA Mobile: +1.469.556.9450 Professional Oracle WebLogic Server by Robert Patrick, Gregory Nyberg, and Philip Aston with Josh Bregman and Paul Done Book Home Page: http://www.wrox.com/ Kindle Version: http://www.amazon.com/ -----Original Message----- From: Stuart McCulloch [mailto:mccu...@gmail.com] Sent: Thursday, September 25, 2014 9:13 AM To: Maven Developers List Subject: Re: Maven wagon-http Issue On 25 Sep 2014, at 03:34, Igor Fedorenko <i...@ifedorenko.com> wrote: > No, you are not missing anything. We don't usually use the connector > as build extension and there appear some sisu/guice related bugs that > result in the exception you see. I took a quick look and it's not actually a bug in sisu/guice causing this - basically the issue is that the @Nullable annotation in the connector code is not visible when it's used as an extension (due to Maven realm filtering). This means the JVM silently removes the annotation as if it was never there, so the code in guice which checks for @Nullable never sees it. Possible solutions would be to add that package to the ones exported from maven core, or use a different @Nullable annotation that is visible from the extension (the package doesn't matter, guice will honour any annotation named @Nullable as long as its visible), or use Provider to defer accessing the value. > I just released version 0.12.1 of the connector, which appears to work > with maven 3.2.3 and I assume will work with earlier 3.2.1 versions too. > You can get the new version from our releases repository [1] or wait > another 15-20 minutes before the artifacts are synced to central. > > Please note that with pom.xml <extensions> you will still use maven > default http/https wagon to download the connector itself. This is why > we normally use the connector as part of custom maven distribution, > like the one we embed in m2e, for example. > > [1] > http://repository.takari.io:8081/nexus/content/repositories/releases/ > > -- > Regards, > Igor > > On 2014-09-24, 22:20, Mark Nelson wrote: >> Same error with 0.12.0 - maybe I am missing some necessary configuration? >> All I did was add a build/extension with the GAV for this wagon. >> Is there anything else I need to do to enable it? >> >> Mark Nelson | Architect | 61.2.9491.1177 Platform Engineering Oracle >> Development http://redstack.wordpress.com/ >> >> "Oracle BPM Suite 11g: Advanced BPMN Topics" >> by Mark Nelson and Tanya Williams >> http://bit.ly/UbNKLD >> >> On 9/25/2014 12:11 PM, Mark Nelson wrote: >>> Thanks for the suggestion, but it still gives the same error. >>> >>> Mark Nelson | Architect | 61.2.9491.1177 Platform Engineering Oracle >>> Development http://redstack.wordpress.com/ >>> >>> "Oracle BPM Suite 11g: Advanced BPMN Topics" >>> by Mark Nelson and Tanya Williams >>> http://bit.ly/UbNKLD >>> >>> On 9/25/2014 12:04 PM, Jason van Zyl wrote: >>>> We updated 0.13.1 of the connector to use Aether 1.0, but 3.2.3 >>>> still uses 0.9.0.M2 so you'll need to use the 0.13.0 version of the >>>> connector. There were API changes in Aether. >>>> >>>> On Sep 24, 2014, at 9:11 PM, Mark Nelson <mark.x.nel...@oracle.com> >>>> wrote: >>>> >>>>> I tired 3.2.1 and 3.2.3. >>>>> >>>>> Mark Nelson | Architect | 61.2.9491.1177 Platform Engineering >>>>> Oracle Development http://redstack.wordpress.com/ >>>>> >>>>> "Oracle BPM Suite 11g: Advanced BPMN Topics" >>>>> by Mark Nelson and Tanya Williams >>>>> http://bit.ly/UbNKLD >>>>> >>>>> On 9/25/2014 11:09 AM, Igor Fedorenko wrote: >>>>>> What maven version do you use? >>>>>> >>>>>> On September 24, 2014 9:00:00 PM EDT, Mark Nelson >>>>>> <mark.x.nel...@oracle.com> wrote: >>>>>>> Hi Igor, >>>>>>> >>>>>>> I am trying to use this okhttp-based wagon, but it is giving me >>>>>>> an odd error that I have not seen before. >>>>>>> I tried different versions of Maven and Java (7 and 8), and I >>>>>>> went through the code to see if I could find any configuration >>>>>>> properties that I needed to set in a build/plugin/configuration >>>>>>> entry, but I could >>>>>>> >>>>>>> not find anything. >>>>>>> >>>>>>> I added the wagon like this: >>>>>>> >>>>>>> <extension> >>>>>>> <groupId>io.takari.aether</groupId> >>>>>>> <artifactId>aether-connector-okhttp</artifactId> >>>>>>> <version>0.13.1</version> >>>>>>> </extension> >>>>>>> >>>>>>> And the error is below. >>>>>>> >>>>>>> Would very much appreciate if you could point out anything I am >>>>>>> missing/doing wrong. >>>>>>> >>>>>>> >>>>>>> [INFO] >>>>>>> ---------------------------------------------------------------- >>>>>>> -------- >>>>>>> >>>>>>> [INFO] BUILD FAILURE >>>>>>> [INFO] >>>>>>> ---------------------------------------------------------------- >>>>>>> -------- >>>>>>> >>>>>>> [INFO] Total time: 0.595 s >>>>>>> [INFO] Finished at: 2014-09-25T10:49:50+10:00 [INFO] Final >>>>>>> Memory: 5M/288M [INFO] >>>>>>> ---------------------------------------------------------------- >>>>>>> -------- >>>>>>> >>>>>>> [ERROR] Internal error: com.google.inject.ProvisionException: >>>>>>> Guice provision errors: >>>>>>> [ERROR] >>>>>>> [ERROR] 1) null returned by binding at >>>>>>> org.eclipse.sisu.wire.LocatorWiring >>>>>>> [ERROR] but parameter 1 of >>>>>>> io.takari.aether.connector.AetherRepositoryConnectorFactory.<ini >>>>>>> t>() >>>>>>> is >>>>>>> >>>>>>> not @Nullable >>>>>>> [ERROR] while locating javax.net.ssl.SSLSocketFactory [ERROR] >>>>>>> for parameter 1 at >>>>>>> io.takari.aether.connector.AetherRepositoryConnectorFactory.<ini >>>>>>> t>(Unknown >>>>>>> >>>>>>> >>>>>>> Source) >>>>>>> [ERROR] while locating >>>>>>> io.takari.aether.connector.AetherRepositoryConnectorFactory >>>>>>> [ERROR] at >>>>>>> ClassRealm[extension>io.takari.aether:aether-connector-okhttp:0. >>>>>>> 13.1, >>>>>>> parent: sun.misc.Launcher$AppClassLoader@5c647e05] >>>>>>> [ERROR] at >>>>>>> ClassRealm[extension>io.takari.aether:aether-connector-okhttp:0. >>>>>>> 13.1, >>>>>>> parent: sun.misc.Launcher$AppClassLoader@5c647e05] >>>>>>> [ERROR] while locating >>>>>>> org.eclipse.aether.spi.connector.RepositoryConnectorFactory >>>>>>> annotated with @com.google.inject.name.Named(value= >>>>>>> okhttp) >>>>>>> [ERROR] >>>>>>> [ERROR] 1 error >>>>>>> [ERROR] -> [Help 1] >>>>>>> org.apache.maven.InternalErrorException: Internal error: >>>>>>> com.google.inject.ProvisionException: Guice provision errors: >>>>>>> >>>>>>> 1) null returned by binding at >>>>>>> org.eclipse.sisu.wire.LocatorWiring >>>>>>> but parameter 1 of >>>>>>> io.takari.aether.connector.AetherRepositoryConnectorFactory.<ini >>>>>>> t>() >>>>>>> is >>>>>>> >>>>>>> not @Nullable >>>>>>> while locating javax.net.ssl.SSLSocketFactory >>>>>>> for parameter 1 at >>>>>>> io.takari.aether.connector.AetherRepositoryConnectorFactory.<ini >>>>>>> t>(Unknown >>>>>>> >>>>>>> >>>>>>> Source) >>>>>>> while locating >>>>>>> io.takari.aether.connector.AetherRepositoryConnectorFactory >>>>>>> at >>>>>>> ClassRealm[extension>io.takari.aether:aether-connector-okhttp:0. >>>>>>> 13.1, >>>>>>> parent: sun.misc.Launcher$AppClassLoader@5c647e05] >>>>>>> at >>>>>>> ClassRealm[extension>io.takari.aether:aether-connector-okhttp:0. >>>>>>> 13.1, >>>>>>> parent: sun.misc.Launcher$AppClassLoader@5c647e05] >>>>>>> while locating >>>>>>> org.eclipse.aether.spi.connector.RepositoryConnectorFactory >>>>>>> annotated with @com.google.inject.name.Named(value=okhttp >>>>>>> ) >>>>>>> >>>>>>> 1 error >>>>>>> at >>>>>>> org.apache.maven.lifecycle.internal.builder.BuilderCommon.handle >>>>>>> BuildError(BuilderCommon.java:147) >>>>>>> >>>>>>> at >>>>>>> org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.build >>>>>>> Project(LifecycleModuleBuilder.java:129) >>>>>>> >>>>>>> at >>>>>>> org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.build >>>>>>> Project(LifecycleModuleBuilder.java:80) >>>>>>> >>>>>>> at >>>>>>> org.apache.maven.lifecycle.internal.builder.singlethreaded.Singl >>>>>>> eThreadedBuilder.build(SingleThreadedBuilder.java:51) >>>>>>> >>>>>>> at >>>>>>> org.apache.maven.lifecycle.internal.LifecycleStarter.execute(Lif >>>>>>> ecycleStarter.java:120) >>>>>>> >>>>>>> at >>>>>>> org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:347) >>>>>>> at >>>>>>> org.apache.maven.DefaultMaven.execute(DefaultMaven.java:154) >>>>>>> at org.apache.maven.cli.MavenCli.execute(MavenCli.java:582) >>>>>>> at org.apache.maven.cli.MavenCli.doMain(MavenCli.java:214) >>>>>>> at org.apache.maven.cli.MavenCli.main(MavenCli.java:158) >>>>>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native >>>>>>> Method) >>>>>>> at >>>>>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessor >>>>>>> Impl.java:62) >>>>>>> >>>>>>> at >>>>>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethod >>>>>>> AccessorImpl.java:43) >>>>>>> >>>>>>> at java.lang.reflect.Method.invoke(Method.java:483) >>>>>>> at >>>>>>> org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced >>>>>>> (Launcher.java:289) >>>>>>> >>>>>>> at >>>>>>> org.codehaus.plexus.classworlds.launcher.Launcher.launch(Launche >>>>>>> r.java:229) >>>>>>> >>>>>>> at >>>>>>> org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCo >>>>>>> de(Launcher.java:415) >>>>>>> >>>>>>> at >>>>>>> org.codehaus.plexus.classworlds.launcher.Launcher.main(Launcher. >>>>>>> java:356) >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> Mark Nelson | Architect | 61.2.9491.1177 Platform Engineering >>>>>>> Oracle Development http://redstack.wordpress.com/ >>>>>>> >>>>>>> "Oracle BPM Suite 11g: Advanced BPMN Topics" >>>>>>> by Mark Nelson and Tanya Williams http://bit.ly/UbNKLD >>>>>>> >>>>>>> On 9/25/2014 7:54 AM, Igor Fedorenko wrote: >>>>>>>> There is yet another http connector implementation [1] (the >>>>>>>> more the merrier, right? :-) ). It is based on square okhttp >>>>>>>> client and is >>>>>>> pretty >>>>>>>> simple. I didn't try redirects, but auth credentials are not >>>>>>>> scoped >>>>>>> to a >>>>>>>> specific url, so there is a chance this connector may work. >>>>>>>> >>>>>>>> This is the connector used in m2e, so it should be reasonable >>>>>>>> well tested at this point. >>>>>>>> >>>>>>>> [1] https://github.com/tesla/aether-connector-okhttp >>>>>>>> >>>>>>>> -- >>>>>>>> Regards, >>>>>>>> Igor >>>>>>>> >>>>>>>> On 2014-09-24, 17:46, Robert Patrick wrote: >>>>>>>>> Hi, >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> Sorry if this isn't worthy of the developers list but I >>>>>>>>> believe that it is appropriate. >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> We are trying to stand up a highly-available Maven repository >>>>>>>>> that >>>>>>> is >>>>>>>>> protected by an SSO solution using Basic Auth over SSL. The >>>>>>>>> architecture is as follows: >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> 1.) Maven clients connect over the internet to the repository >>>>>>>>> using maven.example.com >>>>>>>>> >>>>>>>>> 2.) maven.example.com is a hardware load balancer DNS alias that >>>>>>>>> uses HTTP 301 to redirect to repo.example.com >>>>>>>>> >>>>>>>>> 3.) repo.example.com uses HTTP 302 to redirect the request to >>>>>>>>> login.example.com >>>>>>>>> >>>>>>>>> 4.) login.example.com sends back HTTP 401 to require >>>>>>> authentication >>>>>>>>> 5.) The client returns the request with the Authorization header >>>>>>>>> and login.example.com uses HTTP 302 to redirect the request >>>>>>>>> back to repo.example.com with the proper Authorization header >>>>>>>>> and retrieve the artifact. >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> We define the repository in settings.xml with a url of >>>>>>>>> https://maven.example.com. The problem we are running into is >>>>>>>>> that the Maven HTTP Wagon code is setting the AuthScope based >>>>>>>>> on the Repository URL's host (and port, if supplied). >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> Credentials creds = new >>>>>>> UsernamePasswordCredentials( >>>>>>>>> username, password ); >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> String host = getRepository().getHost(); >>>>>>>>> >>>>>>>>> int port = getRepository().getPort() > -1 ? >>>>>>>>> getRepository().getPort() : AuthScope.ANY_PORT; >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> credentialsProvider.setCredentials( new >>>>>>>>> AuthScope( host, port ), creds ); >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> As such, the AuthScope is created with "maven.example.com" and "-1" >>>>>>>>> (i.e., AuthScope.ANY_PORT). This causes the Authorization >>>>>>>>> header to not be returned in response to the HTTP 401 >>>>>>>>> challenge and Maven simply moves on to try to retrieve the >>>>>>>>> artifact from Maven Central (but the artifact isn't there.). >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> From reading the code, there doesn't appear to be any way of >>>>>>> telling >>>>>>>>> Maven to set the AuthScope realm to a value that we specify >>>>>>>>> (and the AuthScope host to AuthScope.ANY_HOST). Are we >>>>>>>>> missing something obvious or, as we believe, do we need to >>>>>>>>> enhance Maven to support this type of configuration? >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> We really need for this to work so what do you suggest? We >>>>>>>>> had this mostly working with the >>>>>>>>> org.sonatype.maven:wagon-ahc:1.2.1 wagon but we were running >>>>>>>>> into an issue where Maven was dropping the Authorization >>>>>>>>> header when fetching the artifact's checksum file, which made >>>>>>>>> that solution unworkable. >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> Thanks, >>>>>>>>> >>>>>>>>> Robert >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> >>>>>>>>> Robert Patrick <HYPERLINK >>>>>>>>> "mailto:robert.patr...@oracle.com"robert.patr...@oracle.com> >>>>>>>>> >>>>>>>>> VP, FMW Platform Engineering, Oracle Corporation >>>>>>>>> >>>>>>>>> 7460 Warren Pkwy, Ste. 300 Office: +1.972.963.2872 >>>>>>>>> >>>>>>>>> Frisco, TX 75034, USA Mobile: +1.469.556.9450 >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> HYPERLINK >>>>>>>>> >>>>>>> "http://www.amazon.com/Professional-Oracle-WebLogic-Server-Patri >>>>>>> ck/dp/0470484306/"Professional >>>>>>> >>>>>>> >>>>>>>>> Oracle WebLogic Server >>>>>>>>> >>>>>>>>> by Robert Patrick, Gregory Nyberg, and Philip Aston >>>>>>>>> >>>>>>>>> with Josh Bregman and Paul Done >>>>>>>>> >>>>>>>>> Book Home Page: HYPERLINK >>>>>>>>> >>>>>>> "http://www.wrox.com/WileyCDA/WroxTitle/Professional-Oracle-WebL >>>>>>> ogic-Server.productCd-0470484306.html"http://www.wrox.com/ >>>>>>> >>>>>>>>> Kindle Version: HYPERLINK >>>>>>>>> >>>>>>> "http://www.amazon.com/Professional-Oracle-WebLogic-Server-ebook >>>>>>> /dp/B004HD69J2/"http://www.amazon.com/ >>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>> --------------------------------------------------------------- >>>>>>>> ------ >>>>>>>> >>>>>>>> To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For >>>>>>>> additional commands, e-mail: dev-h...@maven.apache.org >>>>>>>> >>>>>>> ---------------------------------------------------------------- >>>>>>> ----- To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org >>>>>>> For additional commands, e-mail: dev-h...@maven.apache.org >>>>> >>>>> ------------------------------------------------------------------ >>>>> --- To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For >>>>> additional commands, e-mail: dev-h...@maven.apache.org >>>>> >>>> Thanks, >>>> >>>> Jason >>>> >>>> ---------------------------------------------------------- >>>> Jason van Zyl >>>> Founder, Apache Maven >>>> http://twitter.com/jvanzyl >>>> http://twitter.com/takari_io >>>> --------------------------------------------------------- >>>> >>>> To do two things at once is to do neither. >>>> -- Publilius Syrus, Roman slave, first century B.C. >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>> >>> >>> -------------------------------------------------------------------- >>> - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For >>> additional commands, e-mail: dev-h...@maven.apache.org >>> >>> >>> >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For >> additional commands, e-mail: dev-h...@maven.apache.org >> > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For > additional commands, e-mail: dev-h...@maven.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org
