Re: [*EXT*] Re: Wagon : allow send Authorization header on redirect

Sun, 29 Nov 2020 02:38:47 -0800 

I did miss WAGON-590 when looking around for solution.
Ideally :
- by default, AuthScope is targeted as in master
- a new param 'maven.wagon.http.ssl.location-trusted' set AuthScope to 
AuthScope.ANY

Thus, secured by default for common users but can be bypassed when needed.

Regards,
Ionel


-- 
Ionel GARDAIS
Tech'Advantage CIO - IT Team manager

----- Mail original -----
De: "Michael Osipov" <micha...@apache.org>
À: users@maven.apache.org
Envoyé: Samedi 28 Novembre 2020 22:11:00
Objet: [*EXT*] Re: Wagon : allow send Authorization header on redirect

Am 2020-11-28 um 22:01 schrieb Ionel GARDAIS:
> Hi list,
> 
> Is there a way to allow maven to send Authorization header on redirect like 
> curl's --location-trusted ?
> 
>>From what I understand, 
> [ 
> https://github.com/apache/maven-wagon/blob/c956aac9007303ce9e1746c834d58dff097ce3d6/wagon-providers/wagon-http-shared/src/main/java/org/apache/maven/wagon/shared/http/AbstractHttpClientWagon.java#L613
>  | 
> https://github.com/apache/maven-wagon/blob/c956aac9007303ce9e1746c834d58dff097ce3d6/wagon-providers/wagon-http-shared/src/main/java/org/apache/maven/wagon/shared/http/AbstractHttpClientWagon.java#L613
>  ]
> restricts authentication to the target host.
> 
> However, if an SSO redirect occurs when connecting to the maven repository, 
> auth is lost as the host is likely to have a different hostname.
> 
> Is ' maven.wagon.http.ssl.location-trusted ' something that could be 
> implemented to bypass AuthScope ?
> Or alternatively, how to authenticate maven with a multi-round auth ?
> (My use case is a Nexus OSS repo with RUT enabled, behind oauth2-proxy)

Read my extensive analysis on that topic here: 
https://issues.apache.org/jira/browse/WAGON-590

I never liked that stupid redirect hell many systems perform these days, 
including OIDC with Authorization Code Flow.

A question aside, how do you plan to pass the flow with stock Wagon w/o 
having a browser, are you using ROPC Grant?

Michael

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@maven.apache.org
For additional commands, e-mail: users-h...@maven.apache.org
--
232 avenue Napoleon BONAPARTE 92500 RUEIL MALMAISON
Capital EUR 219 300,00 - RCS Nanterre B 408 832 301 - TVA FR 09 408 832 301


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@maven.apache.org
For additional commands, e-mail: users-h...@maven.apache.org

Reply via email to