[
https://issues.apache.org/jira/browse/IVY-1633?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17461774#comment-17461774
]
Jaikiran Pai commented on IVY-1633:
-----------------------------------
Hello John, I took a quick look at this. It appears that even Java's
implementation of HTTPURLConnection doesn't handle redirects of this form where
ther userinfo is part of the redirected "Location".
Looking at your patch, I think one thing we might have to consider in that
change is the "priority" of which credential gets used for that particular URL.
What I mean is, the IvyAuthenticator uses a CredentialsStore which is queried
for credentials, for a particular realm and host. In your patch, that
credential store will be queried first and only if it returns null then the
user/pass from the URL (if any) is used. I think it should be the other way
around. The userinfo (if any) in the requesting URL should be first checked and
only if it is missing, then the credential store should be queried. We will
have to see if there are any other implications of this.
FWIW, there seems to be a JDK issue requesting a similar enhancement (not
specifically to redirected requests, but URLs in general)
[https://bugs.openjdk.java.net/browse/JDK-5043482] and the recommendation seems
to be use an Authenticator (like the IvyAuthenticator) to handle this use case.
> Unable to follow redirects with user info in URL
> ------------------------------------------------
>
> Key: IVY-1633
> URL: https://issues.apache.org/jira/browse/IVY-1633
> Project: Ivy
> Issue Type: Improvement
> Components: Maven Compatibility
> Affects Versions: 2.5.0
> Environment: % java -version
> java version "1.8.0_271"
> Java(TM) SE Runtime Environment (build 1.8.0_271-b09)
> Java HotSpot(TM) 64-Bit Server VM (build 25.271-b09, mixed mode)
> % ant -version
> Apache Ant(TM) version 1.10.12 compiled on October 13 2021
> % ls /usr/local/Cellar/ant/1.10.12/libexec/lib/ivy*
> /usr/local/Cellar/ant/1.10.12/libexec/lib/ivy-2.5.0.jar
> Reporter: John Robert Fallows
> Priority: Major
> Attachments: ivy-userinfo.patch
>
>
> Maven2 compatible repositories sending 302 redirect with user info embedded
> in the location response header are followed properly by Maven but not by Ivy.
> See example at [https://github.com/aklivity/toystore].
> {quote}% ./mvnw dependency:resolve
> [INFO] Scanning for projects...
> [INFO]
> [INFO] --------------------< io.aklivity.sandbox:toystore
> >--------------------
> [INFO] Building toystore develop-SNAPSHOT
> [INFO] --------------------------------[ jar
> ]---------------------------------
> Downloading from anonymous:
> https://maven.packages.aklivity.io/io/aklivity/sandbox/toys/0.3/toys-0.3.pom
> Downloaded from anonymous:
> https://maven.packages.aklivity.io/io/aklivity/sandbox/toys/0.3/toys-0.3.pom
> (550 B at 348 B/s)
> Downloading from anonymous:
> https://maven.packages.aklivity.io/io/aklivity/sandbox/parent/0.3/parent-0.3.pom
> Downloaded from anonymous:
> https://maven.packages.aklivity.io/io/aklivity/sandbox/parent/0.3/parent-0.3.pom
> (1.8 kB at 1.9 kB/s)
> Downloading from anonymous:
> https://maven.packages.aklivity.io/io/aklivity/sandbox/toys/0.3/toys-0.3.jar
> Downloaded from anonymous:
> https://maven.packages.aklivity.io/io/aklivity/sandbox/toys/0.3/toys-0.3.jar
> (1.5 kB at 1.4 kB/s)
> [INFO]
> [INFO] --- maven-dependency-plugin:2.8:resolve (default-cli) @ toystore ---
> [INFO]
> [INFO] The following files have been resolved:
> [INFO] io.aklivity.sandbox:toys:jar:0.3:compile
> [INFO]
> [INFO]
> ------------------------------------------------------------------------
> [INFO] BUILD SUCCESS
> [INFO]
> ------------------------------------------------------------------------
> {quote}
> whereas for Ivy
> {quote}% ant
> Buildfile: /Users/jfallows/GitHub/aklivity/toystore/build.xml
>
> resolve:
> [ivy:convertpom] :: Apache Ivy 2.5.0 - 20191020104435 ::
> https://ant.apache.org/ivy/ ::
> [ivy:convertpom] :: loading settings :: file =
> /Users/jfallows/GitHub/aklivity/toystore/ivysettings.xml
> [ivy:retrieve] :: resolving dependencies ::
> io.aklivity.sandbox#toystore;develop-SNAPSHOT
> [ivy:retrieve] confs: [default, master, compile, provided, runtime, test,
> system, sources, javadoc, optional]
> [ivy:retrieve] :: resolution report :: resolve 1148ms :: artifacts dl 0ms
> ---------------------------------------------------------------------
> | | modules || artifacts |
> | conf | number| search|dwnlded|evicted|| number|dwnlded|
> ---------------------------------------------------------------------
> | default | 1 | 0 | 0 | 0 || 0 | 0 |
> | master | 0 | 0 | 0 | 0 || 0 | 0 |
> | compile | 1 | 0 | 0 | 0 || 0 | 0 |
> | provided | 0 | 0 | 0 | 0 || 0 | 0 |
> | runtime | 1 | 0 | 0 | 0 || 0 | 0 |
> | test | 1 | 0 | 0 | 0 || 0 | 0 |
> | system | 0 | 0 | 0 | 0 || 0 | 0 |
> | sources | 0 | 0 | 0 | 0 || 0 | 0 |
> | javadoc | 0 | 0 | 0 | 0 || 0 | 0 |
> | optional | 0 | 0 | 0 | 0 || 0 | 0 |
> ---------------------------------------------------------------------
> [ivy:retrieve]
> [ivy:retrieve] :: problems summary ::
> [ivy:retrieve] :::: WARNINGS
> [ivy:retrieve] module not found: io.aklivity.sandbox#toys;0.3
> [ivy:retrieve] ==== ibiblio: tried
> [ivy:retrieve]
> https://maven.packages.aklivity.io/io/aklivity/sandbox/toys/0.3/toys-0.3.pom
> [ivy:retrieve] -- artifact io.aklivity.sandbox#toys;0.3!toys.jar:
> [ivy:retrieve]
> https://maven.packages.aklivity.io/io/aklivity/sandbox/toys/0.3/toys-0.3.jar
> [ivy:retrieve] ==== ibiblio: tried
> [ivy:retrieve]
> https://repo1.maven.org/maven2/io/aklivity/sandbox/toys/0.3/toys-0.3.pom
> [ivy:retrieve] -- artifact io.aklivity.sandbox#toys;0.3!toys.jar:
> [ivy:retrieve]
> https://repo1.maven.org/maven2/io/aklivity/sandbox/toys/0.3/toys-0.3.jar
> [ivy:retrieve] ::::::::::::::::::::::::::::::::::::::::::::::
> [ivy:retrieve] :: UNRESOLVED DEPENDENCIES ::
> [ivy:retrieve] ::::::::::::::::::::::::::::::::::::::::::::::
> [ivy:retrieve] :: io.aklivity.sandbox#toys;0.3: not found
> [ivy:retrieve] ::::::::::::::::::::::::::::::::::::::::::::::
> [ivy:retrieve]
> [ivy:retrieve] :: USE VERBOSE OR DEBUG MESSAGE LEVEL FOR MORE DETAILS
> {quote}
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
