On 6/3/02 7:22 AM, "Ross Gardler" <[EMAIL PROTECTED]> wrote:
> (copied back to jakarta-commons in case anywone there has a better idea) > I assume that you didn't guess I sent it privately for a reason? I didn't want there to be any expectation of delivery, as I have an awful track record lately on this... But I am working to use for a client, so I expect it'll roll soon. <sigh> > Geir Magnusson Jr. wrote: >>> Is it possible to use the JJar ANT task via an authenticating proxy? > >>> It works fine through a non-authenticating proxy using the >>> http.proxyHost and http.proxyPort system properties, but with an >>> authenticating proxy a 407 (authentication failure) is returned. > > >> Working on JJAR now, and will be posting code back to commons in the next >> week or so. >> >> How would this work? How do you specify the auth info? > > > > This issue has come about on the Centipede build system which uses JJar > (www.krysalis.org/centipede). > > The following code snippet illustrates how to connet to an > authenticating server: > [SNIP] That is what I thought - the standard HTTP basic auth stuff. I have the same code elsewhere I can roll in. > > 1. Put the username and password in the ANT build file and pass them to > the JJAR test > > 2. Have ant ask for the username and password interactively and pass the > values to the JJAR task > > 3. Define our own System propoerties to hold the username and password > and have JJAR extract them from there > > 1 & 3 have a problem in that we either have to force the user to encode > the values before setting them or we create a security problem by > storing them unencoded. Well, uuencoding doesn't make anything secret, just gibberish at first glance. And since we would be sending what is effectively cleartext anyway... > 2 is perhaps the best. We could set a property in the build file > indicating whether we are connecting through an authenticating proxy or > not, thus prompting the user for username and password. Furthermore, > using this method we allow the user to decide if they want to store the > username/password in the build file and thus prevent the need to type > them each time. > > What do you think? > The problem with 2 is that it doesn't work for anything automated - for example a build system that is run automatically for testing would need to have the values somewhere. I think what we need is to give people the choice - one option to specify the values like #1, and one for #2, so if you want to keep it secret and do interactively, you can. Since we are talking about a security system that does everything in cleartext, doing something fancier doesn't make sense at first. -- Geir Magnusson Jr. Research & Development, Adeptra Inc. [EMAIL PROTECTED] +1-203-247-1713 -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
