leon franzen created WAGON-422:
----------------------------------
Summary: HTTP wagon AuthScope is not definable from settings
Key: WAGON-422
URL: https://jira.codehaus.org/browse/WAGON-422
Project: Maven Wagon
Issue Type: Bug
Components: wagon-http
Affects Versions: 2.7, 2.8
Environment: All
Reporter: leon franzen
Attachments: wagon.patch
Based on our needs as described in this post to the mailing list:
{quote}
We are trying to stand up a highly-available Maven repository that is protected
by an SSO solution using Basic Auth over SSL. The architecture is as follows:
1.) Maven clients connect over the internet to the repository using
maven.example.com
2.) maven.example.com is a hardware load balancer DNS alias that uses HTTP
301 to redirect to repo.example.com
3.) repo.example.com uses HTTP 302 to redirect the request to
login.example.com
4.) login.example.com sends back HTTP 401 to require authentication
5.) The client returns the request with the Authorization header and
login.example.com uses HTTP 302 to redirect the request back to
repo.example.com with the proper Authorization header and retrieve the artifact.
We define the repository in settings.xml with a url of
https://maven.example.com. The problem we are running into is that the Maven
HTTP Wagon code is setting the AuthScope based on the Repository URLâs host
(and port, if supplied).
Credentials creds = new UsernamePasswordCredentials( username,
password );
String host = getRepository().getHost();
int port = getRepository().getPort() > -1 ?
getRepository().getPort() : AuthScope.ANY_PORT;
credentialsProvider.setCredentials( new AuthScope( host, port
), creds );
As such, the AuthScope is created with âmaven.example.comâ and â-1â
(i.e., AuthScope.ANY_PORT). This causes the Authorization header to not be
returned in response to the HTTP 401 challenge and Maven simply moves on to try
to retrieve the artifact from Maven Central (but the artifact isnât thereâ¦).
>From reading the code, there doesnât appear to be any way of telling Maven
>to set the AuthScope realm to a value that we specify (and the AuthScope host
>to AuthScope.ANY_HOST). Are we missing something obvious or, as we believe,
>do we need to enhance Maven to support this type of configuration?
{quote}
We are submitting a patch that provides customization of AuthScope fields via
wagon settings. Allows AuthScope host and port to differ from the associated
repository host and port if needed. Value of "ANY" permits more flexible
AuthScope.
An example configuration snippet, providing AuthScope of any host, any port and
specific realm would look like:
{code:borderStyle=solid}
<server>
<id>server-id</id>
<username>user</username>
<password>password</password>
<configuration>
<basicAuthScope>
<host>ANY</host>
<port>ANY</port>
<realm>My Realm</realm>
</basicAuthScope>
<httpConfiguration>
<all>
<params>
<property>
<name>http.protocol.max-redirects</name>
<value>%i,20</value>
</property>
<property>
<name>http.protocol.allow-circular-redirects</name>
<value>%b,true</value>
</property>
</params>
</all>
</httpConfiguration>
</configuration>
</server>
{code}
The feature also allows for the same AuthScope overrides for proxy Basic auth
using the <proxyBasicAuthScope> element..
--
This message was sent by Atlassian JIRA
(v6.1.6#6162)
