[
https://jira.codehaus.org/browse/WAGON-422?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Olivier Lamy updated WAGON-422:
-------------------------------
Fix Version/s: 2.8
> HTTP wagon AuthScope is not definable from settings
> ---------------------------------------------------
>
> Key: WAGON-422
> URL: https://jira.codehaus.org/browse/WAGON-422
> Project: Maven Wagon
> Issue Type: Bug
> Components: wagon-http
> Affects Versions: 2.7, 2.8
> Environment: All
> Reporter: leon franzen
> Assignee: Olivier Lamy
> Fix For: 2.8
>
> Attachments: wagon.patch
>
>
> Based on our needs as described in this post to the mailing list:
> {quote}
> We are trying to stand up a highly-available Maven repository that is
> protected by an SSO solution using Basic Auth over SSL. The architecture is
> as follows:
> 1.) Maven clients connect over the internet to the repository using
> maven.example.com
> 2.) maven.example.com is a hardware load balancer DNS alias that uses HTTP
> 301 to redirect to repo.example.com
> 3.) repo.example.com uses HTTP 302 to redirect the request to
> login.example.com
> 4.) login.example.com sends back HTTP 401 to require authentication
> 5.) The client returns the request with the Authorization header and
> login.example.com uses HTTP 302 to redirect the request back to
> repo.example.com with the proper Authorization header and retrieve the
> artifact.
>
> We define the repository in settings.xml with a url of
> https://maven.example.com. The problem we are running into is that the Maven
> HTTP Wagon code is setting the AuthScope based on the Repository URLâs host
> (and port, if supplied).
> Credentials creds = new UsernamePasswordCredentials(
> username, password );
> String host = getRepository().getHost();
> int port = getRepository().getPort() > -1 ?
> getRepository().getPort() : AuthScope.ANY_PORT;
>
> credentialsProvider.setCredentials( new AuthScope( host, port
> ), creds );
> As such, the AuthScope is created with âmaven.example.comâ and â-1â
> (i.e., AuthScope.ANY_PORT). This causes the Authorization header to not be
> returned in response to the HTTP 401 challenge and Maven simply moves on to
> try to retrieve the artifact from Maven Central (but the artifact isnât
> thereâ¦).
> From reading the code, there doesnât appear to be any way of telling Maven
> to set the AuthScope realm to a value that we specify (and the AuthScope host
> to AuthScope.ANY_HOST). Are we missing something obvious or, as we believe,
> do we need to enhance Maven to support this type of configuration?
> {quote}
> We are submitting a patch that provides customization of AuthScope fields via
> wagon settings. Allows AuthScope host and port to differ from the associated
> repository host and port if needed. Value of "ANY" permits more flexible
> AuthScope.
> An example configuration snippet, providing AuthScope of any host, any port
> and specific realm would look like:
> {code:borderStyle=solid}
> <server>
> <id>server-id</id>
> <username>user</username>
> <password>password</password>
> <configuration>
> <basicAuthScope>
> <host>ANY</host>
> <port>ANY</port>
> <realm>My Realm</realm>
> </basicAuthScope>
> <httpConfiguration>
> <all>
> <params>
> <property>
> <name>http.protocol.max-redirects</name>
> <value>%i,20</value>
> </property>
> <property>
>
> <name>http.protocol.allow-circular-redirects</name>
> <value>%b,true</value>
> </property>
> </params>
> </all>
> </httpConfiguration>
> </configuration>
> </server>
> {code}
> The feature also allows for the same AuthScope overrides for proxy Basic auth
> using the <proxyBasicAuthScope> element..
--
This message was sent by Atlassian JIRA
(v6.1.6#6162)
