Jérôme - Please see the comments on KNOX-641.
thanks, --larry On Wed, Jan 6, 2016 at 11:24 AM, Kevin Minder <[email protected]> wrote: > I can certainly appreciate the issue of including external resources in > automated tests. Nothing has driven me more crazy over the years. The > flip side of this of course is not finding out about a breakage until > someone is willing to go through the manual testing which will typically > happen just before a release. Also the implication is that these testing > procedures must be very will documented so that they can be continue to be > run once any of us are no longer active in the project. > > > > On 1/6/16, 2:12 AM, "Jérôme LELEU" <[email protected]> wrote: > > >Hi, > > > >Yes, you can hit the CAS server at Heroku. Notice it's a Heroku free > server > >so it needs to be re-activated first (it takes a couple of seconds). So > for > >a UI test, you should first hit it, wait 30 seconds and then perform the > >test. > > > >Just my 2 cents: > >Using automated UI tests was my first strategy for pac4j but I finally > >gave up because public providers change very often, at least enough to > make > >the maintenance tests a nightmare. Currently, I'm using manual tests (the > >same for all demos), it takes me around 5 minutes to play them all by hand > >(for a demo) and I launched manually the UI tests I have for every major > >pac4j release. Just to say UI tests are not that easy. For a CAS server, > >it's fairly feasible as the CAS server and protocol change rarely. > >That's why for Knox, I did some compromise with a simulated web test > (based > >on the basic auth). See: > > > https://github.com/apache/knox/pull/2/files#diff-d0c880ca71b310dbe57975c577535e97R47 > > > >Thanks. > >Best regards, > >Jérôme > > > > > > > >2016-01-05 21:20 GMT+01:00 Kevin Minder <[email protected]>: > > > >> From my perspective it would be ideal if there were some automatable > >> functional tests for this. I’m not advocating that these be something > >> included in “mvn clean install” as that is running too long as it is. > >> Given that I don’t have as much context as Larry, I have some questions > >> about what this would take. Lets say we had permission to hit > >> https://casserverpac4j.herokuapp.com/login as part of some low > frequency > >> automated tests (e.g. Once nighty). What static credentials and other > test > >> automation infrastructure would need to be implemented in support of > this? > >> I understand that the test suite would require at a minimum > >> 1) a test driver > >> 2) a protected mock UI and > >> 3) an appropriately configured Knox > >> 4) a profile enabled maven module > >> 5) an Apache jenkins job > >> but I’m sure I’m missing other things. I’m certainly willing to help > >> setup the skeleton infrastructure (e.g. test driver, mock UI, maven > module, > >> jenkins job) > >> > >> > >> > >> On 1/5/16, 2:54 PM, "larry mccay" <[email protected]> wrote: > >> > >> >Okay, very good. > >> >I've used TestShib for the picketlink provider - thanks for the > pointers! > >> > > >> >On Tue, Jan 5, 2016 at 1:38 PM, Jérôme LELEU <[email protected]> wrote: > >> > > >> >> The online CAS server (https://casserverpac4j.herokuapp.com/login) > uses > >> >> the > >> >> CAS protocol. SAML support can be tested using some online IdP like > >> Okta, > >> >> TestShib, OpenFeide, Ssocircle... > >> >> > >> >> > >> >> 2016-01-05 17:32 GMT+01:00 larry mccay <[email protected]>: > >> >> > >> >> > Great - thanks for that pointer! > >> >> > > >> >> > I will take a look at that and help drive the release related > testing. > >> >> > Merge testing will be gated on CAS server (is this SAML or CAS > >> protocol?) > >> >> > and testBasicAuth. > >> >> > > >> >> > On Tue, Jan 5, 2016 at 10:52 AM, Jérôme LELEU <[email protected]> > >> wrote: > >> >> > > >> >> > > Hi, > >> >> > > > >> >> > > Glad to hear back from you! > >> >> > > > >> >> > > The core pac4j project is fully tested by unit tests (and some > >> >> > integration > >> >> > > tests I run for major version), then all pac4j implementations > are > >> each > >> >> > > tested by the appropriate demo: j2e-pac4j-demo tests j2e-pac4j, > >> >> > > spring-webmvc-pac4j-demo tests spring-webmvc-pac4j, etc. > >> >> > > > >> >> > > So if you take a look at: > >> >> > > > >> >> > > > >> >> > > >> >> > >> > https://github.com/pac4j/j2e-pac4j-demo/blob/master/src/main/java/org/pac4j/demo/j2e/config/DemoConfigFactory.java#L27 > >> >> > > (for example), you have all the required information to test. > >> >> > > > >> >> > > I can do that on my own, but it can be good for the Knox > community > >> to > >> >> > start > >> >> > > working / testing the pac4j support. It's up to yoy. > >> >> > > > >> >> > > Thanks. > >> >> > > Best regards, > >> >> > > Jérôme > >> >> > > > >> >> > > > >> >> > > 2016-01-05 16:11 GMT+01:00 larry mccay <[email protected]>: > >> >> > > > >> >> > > > Hello Jérôme - > >> >> > > > > >> >> > > > Happy New Year! > >> >> > > > > >> >> > > > I am going to start reviewing your updates today, hopefully. > >> >> > > > I was thinking that we need to start discussions on what the > key > >> >> > usecases > >> >> > > > are and how to go about testing them. > >> >> > > > We can certainly test the testBasicAuth and against the hosted > CAS > >> >> > server > >> >> > > > but what about FB, openid, OAuth, etc? > >> >> > > > > >> >> > > > I'm not sure that FB would be a key feature but OpenID Connect > and > >> >> > OAuth > >> >> > > > would be - as is SAML. > >> >> > > > I think CAS buys us SAML testing - assuming that the > >> configuration of > >> >> > the > >> >> > > > hosted server is actually a SAML 2 instance. > >> >> > > > > >> >> > > > What about the others? > >> >> > > > > >> >> > > > I don't know that we need to be able to test them all before > merge > >> >> but > >> >> > > some > >> >> > > > sort of manual verification would be great. > >> >> > > > We would need to be able to test them before the next release > >> which > >> >> > would > >> >> > > > be featuring the pac4j functionality. > >> >> > > > > >> >> > > > Maybe you can describe how you go about testing such things for > >> the > >> >> > pac4j > >> >> > > > project itself? > >> >> > > > > >> >> > > > thanks, > >> >> > > > > >> >> > > > --larry > >> >> > > > > >> >> > > > > >> >> > > > On Tue, Jan 5, 2016 at 9:55 AM, Jérôme LELEU <[email protected] > > > >> >> wrote: > >> >> > > > > >> >> > > > > Hi, > >> >> > > > > > >> >> > > > > Happy new year! > >> >> > > > > > >> >> > > > > A few days ago, I updated my patch of the pac4j gateway > provider > >> >> > > > according > >> >> > > > > to all comments on > >> https://issues.apache.org/jira/browse/KNOX-641 > >> >> as > >> >> > > > well > >> >> > > > > as the documentation on KNOX-642. > >> >> > > > > > >> >> > > > > Is everything ok for the merge? > >> >> > > > > > >> >> > > > > Thanks. > >> >> > > > > Best regards, > >> >> > > > > Jérôme > >> >> > > > > > >> >> > > > > > >> >> > > > > 2015-12-14 15:28 GMT+01:00 larry mccay < > [email protected]>: > >> >> > > > > > >> >> > > > > > Hi Jérôme - > >> >> > > > > > > >> >> > > > > > Not sure if you saw but I added review comments to > KNOX-641. > >> >> > > > > > > >> >> > > > > > I think that we need to determine whether we want the > >> >> testBasicAuth > >> >> > > in > >> >> > > > > the > >> >> > > > > > provider itself. > >> >> > > > > > > >> >> > > > > > Let's follow up on the JIRA. > >> >> > > > > > > >> >> > > > > > thanks, > >> >> > > > > > > >> >> > > > > > --larry > >> >> > > > > > > >> >> > > > > > On Fri, Dec 11, 2015 at 8:44 AM, Jérôme LELEU < > >> [email protected]> > >> >> > > > wrote: > >> >> > > > > > > >> >> > > > > > > Hi, > >> >> > > > > > > > >> >> > > > > > > No problem. It can go into a version 0.8.0 if needed. The > >> truth > >> >> > is > >> >> > > > that > >> >> > > > > > > there is only one change outside the new pac4j module, > so I > >> >> think > >> >> > > > risks > >> >> > > > > > are > >> >> > > > > > > extremly limited. > >> >> > > > > > > > >> >> > > > > > > Just let met know. > >> >> > > > > > > > >> >> > > > > > > Thanks. > >> >> > > > > > > Best regards, > >> >> > > > > > > Jérôme > >> >> > > > > > > > >> >> > > > > > > > >> >> > > > > > > 2015-12-11 14:23 GMT+01:00 larry mccay < > >> [email protected] > >> >> >: > >> >> > > > > > > > >> >> > > > > > > > Hi Jérôme - > >> >> > > > > > > > > >> >> > > > > > > > I have unfortunately not had a chance to pull, review > and > >> >> test > >> >> > it > >> >> > > > yet > >> >> > > > > > and > >> >> > > > > > > > have intended to do that today. > >> >> > > > > > > > I apologize for the delay. > >> >> > > > > > > > > >> >> > > > > > > > I was actually thinking that this would go into a > follow > >> up > >> >> > > release > >> >> > > > > > that > >> >> > > > > > > we > >> >> > > > > > > > would try and get done rapidly after the 0.7.0 release > >> but we > >> >> > can > >> >> > > > > > discuss > >> >> > > > > > > > the target and its chances of destabilizing 0.7.0. > >> >> > > > > > > > > >> >> > > > > > > > I believe that it is rather self-contained with only a > few > >> >> > > changes > >> >> > > > to > >> >> > > > > > > > external modules. > >> >> > > > > > > > > >> >> > > > > > > > Opening the JIRAs is perfect and I was going to do that > >> once > >> >> I > >> >> > > > > started > >> >> > > > > > > the > >> >> > > > > > > > review. > >> >> > > > > > > > > >> >> > > > > > > > Let's continue review comments and collaboration on > those > >> >> > JIRAs. > >> >> > > > > > > > I will add you to the contributors list so that we can > >> assign > >> >> > > them > >> >> > > > to > >> >> > > > > > > you. > >> >> > > > > > > > > >> >> > > > > > > > Thank you for your contributions and your patience, > >> Jérôme! > >> >> > > > > > > > > >> >> > > > > > > > --larry > >> >> > > > > > > > > >> >> > > > > > > > On Fri, Dec 11, 2015 at 3:00 AM, Jérôme LELEU < > >> >> > [email protected]> > >> >> > > > > > wrote: > >> >> > > > > > > > > >> >> > > > > > > > > Hi, > >> >> > > > > > > > > > >> >> > > > > > > > > I didn't get any new feedback on the pull request so > I > >> >> assume > >> >> > > > > > > everything > >> >> > > > > > > > is > >> >> > > > > > > > > ok from your point of view. > >> >> > > > > > > > > > >> >> > > > > > > > > I released pac4j v1.8.1 and j2e-pac4j v1.2.1 so I > >> updated > >> >> the > >> >> > > > pull > >> >> > > > > > > > request > >> >> > > > > > > > > to use them and successfully re-tested everything. > >> >> > > > > > > > > > >> >> > > > > > > > > I opened KNOX-641 and submitted the corresponding > patch. > >> >> > > > > > > > > > >> >> > > > > > > > > I also wrote the documentation, opened KNOX-642 and > >> >> submitted > >> >> > > the > >> >> > > > > > > > > corresponding patch (just to let you know that it > >> doesn't > >> >> > work > >> >> > > > out > >> >> > > > > of > >> >> > > > > > > the > >> >> > > > > > > > > box in Windows, I had to replace mvn.bat by mvn.cmd > to > >> make > >> >> > ant > >> >> > > > > > work). > >> >> > > > > > > > > > >> >> > > > > > > > > Even if the branch 0.7.0 has already been created, I > >> >> assumed > >> >> > > this > >> >> > > > > new > >> >> > > > > > > > pac4j > >> >> > > > > > > > > provider will go into this version 0.7.0 (dependency > on > >> the > >> >> > > > > > > > 0.7.0-SNAPSHOT > >> >> > > > > > > > > parent version). > >> >> > > > > > > > > > >> >> > > > > > > > > Just let me know if everything is ok and when it's > >> goind to > >> >> > be > >> >> > > > > > merged. > >> >> > > > > > > > > > >> >> > > > > > > > > Thanks. > >> >> > > > > > > > > Best regards, > >> >> > > > > > > > > Jérôme > >> >> > > > > > > > > > >> >> > > > > > > > > > >> >> > > > > > > > > > >> >> > > > > > > > > > >> >> > > > > > > > > 2015-12-04 14:20 GMT+01:00 larry mccay < > >> >> > [email protected] > >> >> > > >: > >> >> > > > > > > > > > >> >> > > > > > > > > > That ability to configure multiple mechanisms > based on > >> >> > > > clientName > >> >> > > > > > is > >> >> > > > > > > > > really > >> >> > > > > > > > > > interesting for Knox. > >> >> > > > > > > > > > Currently, we require separate topologies per > >> >> > authentication > >> >> > > > > > > mechanism. > >> >> > > > > > > > > > The ability to configure them all in one is really > >> great. > >> >> > > > > > > > > > > >> >> > > > > > > > > > We would need to think through the best way to > provide > >> >> the > >> >> > > > > > clientName > >> >> > > > > > > > > > parameter. > >> >> > > > > > > > > > Since this is targeting KnoxSSO it can actually be > >> added > >> >> to > >> >> > > the > >> >> > > > > > > > > providerURL > >> >> > > > > > > > > > used to redirect from the participating > application. > >> >> > > > > > > > > > Regardless of the authentication mechanism used > each > >> >> > > > application > >> >> > > > > > will > >> >> > > > > > > > > still > >> >> > > > > > > > > > get the same JWT based cookie. > >> >> > > > > > > > > > > >> >> > > > > > > > > > I think that should work really nicely. > >> >> > > > > > > > > > > >> >> > > > > > > > > > > >> >> > > > > > > > > > On Fri, Dec 4, 2015 at 7:17 AM, larry mccay < > >> >> > > > > [email protected] > >> >> > > > > > > > >> >> > > > > > > > > wrote: > >> >> > > > > > > > > > > >> >> > > > > > > > > > > Excellent, Jérôme. > >> >> > > > > > > > > > > Thanks! > >> >> > > > > > > > > > > > >> >> > > > > > > > > > > On Fri, Dec 4, 2015 at 2:40 AM, Jérôme LELEU < > >> >> > > > [email protected] > >> >> > > > > > > >> >> > > > > > > > wrote: > >> >> > > > > > > > > > > > >> >> > > > > > > > > > >> Hi, > >> >> > > > > > > > > > >> > >> >> > > > > > > > > > >> I will write how to configure the pac4j > provider in > >> >> the > >> >> > > > > > > > documentation, > >> >> > > > > > > > > > but > >> >> > > > > > > > > > >> I can already give you some insights. > >> >> > > > > > > > > > >> > >> >> > > > > > > > > > >> My main goal is always to respect the key design > >> >> > > principles > >> >> > > > of > >> >> > > > > > > pac4j > >> >> > > > > > > > > > >> whatever the environment / framework in which > it is > >> >> > > > > implemented. > >> >> > > > > > > For > >> >> > > > > > > > > > Knox, > >> >> > > > > > > > > > >> I'm pretty happy with the use of the j2e-pac4j > >> >> library, > >> >> > > > which > >> >> > > > > > > means > >> >> > > > > > > > > that > >> >> > > > > > > > > > >> almost all the pac4j features are available, > >> >> especially > >> >> > > both > >> >> > > > > > > direct > >> >> > > > > > > > > and > >> >> > > > > > > > > > >> indirect clients. So it can do what Shiro > already > >> does > >> >> > but > >> >> > > > > also, > >> >> > > > > > > as > >> >> > > > > > > > we > >> >> > > > > > > > > > >> agreed together, supports remote > authentications. > >> >> > > > > > > > > > >> > >> >> > > > > > > > > > >> It is only limited by what you can currently > >> >> configure. > >> >> > > And > >> >> > > > > even > >> >> > > > > > > > > > >> configuration is a pac4j feature as the CAS > server > >> has > >> >> > the > >> >> > > > > same > >> >> > > > > > > > need. > >> >> > > > > > > > > > >> Everything happens in this class: > >> >> > > > > > > > > > >> > >> >> > > > > > > > > > >> > >> >> > > > > > > > > > > >> >> > > > > > > > > > >> >> > > > > > > > > >> >> > > > > > > > >> >> > > > > > > >> >> > > > > > >> >> > > > > >> >> > > > >> >> > > >> >> > >> > https://github.com/pac4j/pac4j/blob/master/pac4j-config/src/main/java/org/pac4j/config/client/ConfigPropertiesFactory.java > >> >> > > > > > > > > > >> , > >> >> > > > > > > > > > >> which allows you to configure Facebook, > Twitter, a > >> CAS > >> >> > > > > server, a > >> >> > > > > > > > SAML > >> >> > > > > > > > > > IdP > >> >> > > > > > > > > > >> or an OpenID Connect provider. All the provided > >> >> > parameters > >> >> > > > to > >> >> > > > > > the > >> >> > > > > > > > > pac4j > >> >> > > > > > > > > > >> provider are put into a Map and the > >> >> > > ConfigPropertiesFactory > >> >> > > > is > >> >> > > > > > > built > >> >> > > > > > > > > > with > >> >> > > > > > > > > > >> this Map to return the built client (= > >> authentication > >> >> > > > > > mechanism). > >> >> > > > > > > > > > >> > >> >> > > > > > > > > > >> You have one more specific option for Knox as a > >> basic > >> >> > > > > > > authentication > >> >> > > > > > > > > > popup > >> >> > > > > > > > > > >> where the username must match the password, you > can > >> >> > define > >> >> > > > > that > >> >> > > > > > > by: > >> >> > > > > > > > > > >> > >> >> > > > > > > > > > >> <param> > >> >> > > > > > > > > > >> <name>clientName</name> > >> >> > > > > > > > > > >> <value>testBasicAuth</value> > >> >> > > > > > > > > > >> </param> > >> >> > > > > > > > > > >> > >> >> > > > > > > > > > >> > >> >> > > > > > > > > > >> It's for testing only. > >> >> > > > > > > > > > >> > >> >> > > > > > > > > > >> For a CAS server: > >> >> > > > > > > > > > >> > >> >> > > > > > > > > > >> <param> > >> >> > > > > > > > > > >> <name>cas.loginUrl</name> > >> >> > > > > > > > > > >> <value> > >> https://casserverpac4j.herokuapp.com/login > >> >> > > </value> > >> >> > > > > > > > > > >> </param> > >> >> > > > > > > > > > >> > >> >> > > > > > > > > > >> > >> >> > > > > > > > > > >> Here are all the properties available for > building > >> >> > clients > >> >> > > > > > (their > >> >> > > > > > > > > > meaning > >> >> > > > > > > > > > >> is obvious): > >> >> > > > > > > > > > >> > >> >> > > > > > > > > > >> facebook.id > >> >> > > > > > > > > > >> facebook.secret > >> >> > > > > > > > > > >> facebook.scope > >> >> > > > > > > > > > >> facebook.fields > >> >> > > > > > > > > > >> twitter.id > >> >> > > > > > > > > > >> twitter.secret > >> >> > > > > > > > > > >> saml.keystorePassword > >> >> > > > > > > > > > >> saml.privateKeyPassword > >> >> > > > > > > > > > >> saml.keystorePath > >> >> > > > > > > > > > >> saml.identityProviderMetadataPath > >> >> > > > > > > > > > >> saml.maximumAuthenticationLifetime > >> >> > > > > > > > > > >> saml.serviceProviderEntityId > >> >> > > > > > > > > > >> saml.serviceProviderMetadataPath > >> >> > > > > > > > > > >> cas.loginUrl > >> >> > > > > > > > > > >> cas.protocol > >> >> > > > > > > > > > >> oidc.id > >> >> > > > > > > > > > >> oidc.secret > >> >> > > > > > > > > > >> oidc.discoveryUri > >> >> > > > > > > > > > >> oidc.customParamKey1 > >> >> > > > > > > > > > >> oidc.customParamValue1 > >> >> > > > > > > > > > >> > >> >> > > > > > > > > > >> > >> >> > > > > > > > > > >> If you define multiple clients, the first one > will > >> be > >> >> > used > >> >> > > > for > >> >> > > > > > > > > > >> authentication, but you can explicitly choose > the > >> >> client > >> >> > > you > >> >> > > > > > want > >> >> > > > > > > to > >> >> > > > > > > > > use > >> >> > > > > > > > > > >> via the clientName parameter, assuming you want > to > >> >> > switch > >> >> > > > from > >> >> > > > > > > > client > >> >> > > > > > > > > > >> depending on environment for example. > >> >> > > > > > > > > > >> > >> >> > > > > > > > > > >> So if you want to add some new authentication > >> >> mechanism, > >> >> > > you > >> >> > > > > > must > >> >> > > > > > > > > first > >> >> > > > > > > > > > >> check that it is available in pac4j (if it's > not, > >> it's > >> >> > > > another > >> >> > > > > > > > > > discussion, > >> >> > > > > > > > > > >> but generally, it is). Then, you'll need to > upgrade > >> >> the > >> >> > > > > > > > > > >> ConfigPropertiesFactory by submitting a new pull > >> >> request > >> >> > > to > >> >> > > > > the > >> >> > > > > > > > pac4j > >> >> > > > > > > > > > >> project (I can do it myself, but I'm sure you > >> could do > >> >> > > that > >> >> > > > > > > easily), > >> >> > > > > > > > > > >> finally wait for the new pac4j release and > switch > >> >> pac4j > >> >> > > > > versions > >> >> > > > > > > in > >> >> > > > > > > > > Knox > >> >> > > > > > > > > > >> to > >> >> > > > > > > > > > >> benefit from the new feature. > >> >> > > > > > > > > > >> The good thing is that if someone related to the > >> CAS > >> >> > > server > >> >> > > > > does > >> >> > > > > > > the > >> >> > > > > > > > > > same > >> >> > > > > > > > > > >> thing for CAS (in pac4j), you will automatically > >> get > >> >> it > >> >> > > when > >> >> > > > > > > you'll > >> >> > > > > > > > > > >> upgrade > >> >> > > > > > > > > > >> pac4j. > >> >> > > > > > > > > > >> > >> >> > > > > > > > > > >> To go even further, replacing LDAP Shiro > >> >> authentication > >> >> > is > >> >> > > > > just > >> >> > > > > > a > >> >> > > > > > > > > matter > >> >> > > > > > > > > > >> of > >> >> > > > > > > > > > >> making pac4j LDAP authentication available via > >> >> > > configuration > >> >> > > > > > > > > parameters. > >> >> > > > > > > > > > >> > >> >> > > > > > > > > > >> I hope it was clear enough. > >> >> > > > > > > > > > >> > >> >> > > > > > > > > > >> Thanks. > >> >> > > > > > > > > > >> Best regards, > >> >> > > > > > > > > > >> Jérôme > >> >> > > > > > > > > > >> > >> >> > > > > > > > > > >> > >> >> > > > > > > > > > >> > >> >> > > > > > > > > > >> > >> >> > > > > > > > > > >> 2015-12-03 20:45 GMT+01:00 larry mccay < > >> >> > > > [email protected] > >> >> > > > > >: > >> >> > > > > > > > > > >> > >> >> > > > > > > > > > >> > Excellent! > >> >> > > > > > > > > > >> > > >> >> > > > > > > > > > >> > I will carve out some time to do code review. > >> >> > > > > > > > > > >> > We will need to get some insights into how to > go > >> >> about > >> >> > > > > > testing: > >> >> > > > > > > > > > >> > > >> >> > > > > > > > > > >> > * is the CAS server going to be available for > >> >> testing? > >> >> > > > > > > > > > >> > * what are the specific and generic/standard > (if > >> >> any) > >> >> > > > > > > > authentication > >> >> > > > > > > > > > >> > mechanisms available - for instance: > >> >> > > > > > > > > > >> > - Facebook, Google, LinkedIn and CAS are > >> >> specifics > >> >> > > > > > > > > > >> > - OAuth 2, OpenID Connect, SAML are > >> >> > > generic/standards > >> >> > > > - > >> >> > > > > > that > >> >> > > > > > > > may > >> >> > > > > > > > > > be > >> >> > > > > > > > > > >> > used for the above specifics... > >> >> > > > > > > > > > >> > * how do we test things other than CAS - in > >> terms of > >> >> > > > getting > >> >> > > > > > > > > > >> credentials, > >> >> > > > > > > > > > >> > configuration, etc > >> >> > > > > > > > > > >> > > >> >> > > > > > > > > > >> > We could certainly do this is phases as well. > >> >> > > > > > > > > > >> > > >> >> > > > > > > > > > >> > If you can enumerate the things that should > work > >> and > >> >> > > > provide > >> >> > > > > > > some > >> >> > > > > > > > > > >> testing > >> >> > > > > > > > > > >> > details for CAS or as many as possible and > OpenID > >> >> > > Connect > >> >> > > > > then > >> >> > > > > > > we > >> >> > > > > > > > > can > >> >> > > > > > > > > > >> test > >> >> > > > > > > > > > >> > the specific implementations that you provide > and > >> >> > enable > >> >> > > > the > >> >> > > > > > > > testing > >> >> > > > > > > > > > of > >> >> > > > > > > > > > >> > another OpenID Connect effort that is in the > >> works > >> >> in > >> >> > > the > >> >> > > > > > > > community. > >> >> > > > > > > > > > >> > > >> >> > > > > > > > > > >> > I'm not sure whether we want to commit > >> contributions > >> >> > > that > >> >> > > > > are > >> >> > > > > > > > > > dependent > >> >> > > > > > > > > > >> on > >> >> > > > > > > > > > >> > snapshots - we certainly can't release with > any > >> such > >> >> > > > > > > dependencies. > >> >> > > > > > > > > > >> > I would hate to add a cleanup task to a > release > >> to > >> >> > make > >> >> > > > sure > >> >> > > > > > > there > >> >> > > > > > > > > are > >> >> > > > > > > > > > >> no > >> >> > > > > > > > > > >> > snapshots in there. > >> >> > > > > > > > > > >> > We will probably wait until after the pac4j > >> releases > >> >> > to > >> >> > > > > > commit. > >> >> > > > > > > > > > >> > > >> >> > > > > > > > > > >> > I am really happy that this integration is > >> happening > >> >> > and > >> >> > > > > that > >> >> > > > > > it > >> >> > > > > > > > > went > >> >> > > > > > > > > > >> > rather smoothly. > >> >> > > > > > > > > > >> > These sorts of authentication protocols are > >> complex > >> >> > and > >> >> > > I > >> >> > > > > > think > >> >> > > > > > > we > >> >> > > > > > > > > > >> lined up > >> >> > > > > > > > > > >> > pretty well overall. > >> >> > > > > > > > > > >> > > >> >> > > > > > > > > > >> > Thanks for your work! > >> >> > > > > > > > > > >> > > >> >> > > > > > > > > > >> > On Thu, Dec 3, 2015 at 2:28 PM, Jérôme LELEU < > >> >> > > > > > [email protected]> > >> >> > > > > > > > > > wrote: > >> >> > > > > > > > > > >> > > >> >> > > > > > > > > > >> > > Hi, > >> >> > > > > > > > > > >> > > > >> >> > > > > > > > > > >> > > I just sync'ed with master, cleaned > >> dependencies > >> >> and > >> >> > > > added > >> >> > > > > > > > missing > >> >> > > > > > > > > > >> > > Javadocs. Everything works correctly now. > Many > >> >> > thanks. > >> >> > > > > > > > > > >> > > > >> >> > > > > > > > > > >> > > The pull request is ready for a full code > >> review: > >> >> > > > > > > > > > >> > > https://github.com/apache/knox/pull/2 > >> >> > > > > > > > > > >> > > > >> >> > > > > > > > > > >> > > I'll write the documentation after the pac4j > >> >> > releases > >> >> > > (I > >> >> > > > > > hope > >> >> > > > > > > > next > >> >> > > > > > > > > > >> week). > >> >> > > > > > > > > > >> > > > >> >> > > > > > > > > > >> > > Thanks. > >> >> > > > > > > > > > >> > > Best regards, > >> >> > > > > > > > > > >> > > Jérôme > >> >> > > > > > > > > > >> > > > >> >> > > > > > > > > > >> > > > >> >> > > > > > > > > > >> > > 2015-12-02 19:18 GMT+01:00 larry mccay < > >> >> > > > > > [email protected] > >> >> > > > > > > >: > >> >> > > > > > > > > > >> > > > >> >> > > > > > > > > > >> > > > Fixed in > >> >> > > > https://issues.apache.org/jira/browse/KNOX-636 > >> >> > > > > . > >> >> > > > > > > > > > >> > > > > >> >> > > > > > > > > > >> > > > On Wed, Dec 2, 2015 at 12:42 PM, larry > mccay > >> < > >> >> > > > > > > > > > [email protected] > >> >> > > > > > > > > > >> > > >> >> > > > > > > > > > >> > > > wrote: > >> >> > > > > > > > > > >> > > > > >> >> > > > > > > > > > >> > > > > Sure - I can file a JIRA and commit a > fix. > >> >> > > > > > > > > > >> > > > > > >> >> > > > > > > > > > >> > > > > The secret generation should be done in > one > >> >> > > instance > >> >> > > > > and > >> >> > > > > > > > > > >> replicated > >> >> > > > > > > > > > >> > > > across > >> >> > > > > > > > > > >> > > > > others. > >> >> > > > > > > > > > >> > > > > This replication/management of the > >> credential > >> >> > > stores > >> >> > > > > is > >> >> > > > > > > > > outside > >> >> > > > > > > > > > of > >> >> > > > > > > > > > >> > the > >> >> > > > > > > > > > >> > > > > scope of Knox itself as of now. > >> >> > > > > > > > > > >> > > > > > >> >> > > > > > > > > > >> > > > > Documentation is done in markdown and is > >> >> > > > contributing > >> >> > > > > > > > details > >> >> > > > > > > > > > are > >> >> > > > > > > > > > >> > > > > available at: > >> >> > > > > > > > > > >> > > > > > >> >> > > > > > > > > > >> > > > > >> >> > > > > > > > > > >> > > > >> >> > > > > > > > > > >> > > >> >> > > > > > > > > > >> > >> >> > > > > > > > > > > >> >> > > > > > > > > > >> >> > > > > > > > > >> >> > > > > > > > >> >> > > > > > > >> >> > > > > > >> >> > > > > >> >> > > > >> >> > > >> >> > >> > https://cwiki.apache.org/confluence/display/KNOX/Contribution+Process#ContributionProcess-DocumentationContributorWorkflow > >> >> > > > > > > > > > >> > > > > > >> >> > > > > > > > > > >> > > > > Which should give you a general idea. > >> >> > > > > > > > > > >> > > > > > >> >> > > > > > > > > > >> > > > > Find an example like: > ./trunk/books/0.7.0/ > >> >> > > > > > > > > > >> > > config_preauth_sso_provider.md > >> >> > > > > > > > > > >> > > > > > >> >> > > > > > > > > > >> > > > > For an example of typical content and > >> format. > >> >> > > > > > > > > > >> > > > > > >> >> > > > > > > > > > >> > > > > Here is how that example renders: > >> >> > > > > > > > > > >> > > > > > >> >> > > > > > > > > > >> > > > > >> >> > > > > > > > > > >> > > > >> >> > > > > > > > > > >> > > >> >> > > > > > > > > > >> > >> >> > > > > > > > > > > >> >> > > > > > > > > > >> >> > > > > > > > > >> >> > > > > > > > >> >> > > > > > > >> >> > > > > > >> >> > > > > >> >> > > > >> >> > > >> >> > >> > http://knox.apache.org/books/knox-0-7-0/user-guide.html#Preauthenticated+SSO+Provider > >> >> > > > > > > > > > >> > > > > > >> >> > > > > > > > > > >> > > > > You'll need to tie it into the rest of > the > >> >> book > >> >> > - > >> >> > > > just > >> >> > > > > > > grep > >> >> > > > > > > > > for > >> >> > > > > > > > > > >> where > >> >> > > > > > > > > > >> > > > that > >> >> > > > > > > > > > >> > > > > filename is referenced. > >> >> > > > > > > > > > >> > > > > To test how it renders build the site > with: > >> >> > "ant" > >> >> > > > and > >> >> > > > > > note > >> >> > > > > > > > the > >> >> > > > > > > > > > >> url to > >> >> > > > > > > > > > >> > > the > >> >> > > > > > > > > > >> > > > > 0.7.0 book. > >> >> > > > > > > > > > >> > > > > > >> >> > > > > > > > > > >> > > > > > >> >> > > > > > > > > > >> > > > > On Wed, Dec 2, 2015 at 12:12 PM, Jérôme > >> LELEU > >> >> < > >> >> > > > > > > > > [email protected] > >> >> > > > > > > > > > > > >> >> > > > > > > > > > >> > > wrote: > >> >> > > > > > > > > > >> > > > > > >> >> > > > > > > > > > >> > > > >> Hi, > >> >> > > > > > > > > > >> > > > >> > >> >> > > > > > > > > > >> > > > >> Why it doesn't work for pac4j while it > >> works > >> >> > for > >> >> > > > > others > >> >> > > > > > > is > >> >> > > > > > > > a > >> >> > > > > > > > > > bit > >> >> > > > > > > > > > >> > > strange > >> >> > > > > > > > > > >> > > > >> to > >> >> > > > > > > > > > >> > > > >> me, but if you have the patch in front > of > >> >> your > >> >> > > > eyes, > >> >> > > > > > I'd > >> >> > > > > > > > > rather > >> >> > > > > > > > > > >> > prefer > >> >> > > > > > > > > > >> > > > you > >> >> > > > > > > > > > >> > > > >> to commit it. In all cases, I'll sync > with > >> >> the > >> >> > > > > master. > >> >> > > > > > > > > > >> > > > >> > >> >> > > > > > > > > > >> > > > >> There was one question you didn't > answer > >> >> > > > previously: > >> >> > > > > is > >> >> > > > > > > the > >> >> > > > > > > > > > >> password > >> >> > > > > > > > > > >> > > > >> generated for the pac4j provider the > same > >> >> > across > >> >> > > > all > >> >> > > > > > > > gateway > >> >> > > > > > > > > > >> > > instances? > >> >> > > > > > > > > > >> > > > >> Because I expect to have the same value > >> as I > >> >> > use > >> >> > > it > >> >> > > > > to > >> >> > > > > > > > > encrypt > >> >> > > > > > > > > > / > >> >> > > > > > > > > > >> > > decrypt > >> >> > > > > > > > > > >> > > > >> data. > >> >> > > > > > > > > > >> > > > >> > >> >> > > > > > > > > > >> > > > >> I will add the Javadoc. After that, you > >> can > >> >> > > review > >> >> > > > > the > >> >> > > > > > > pull > >> >> > > > > > > > > > >> request > >> >> > > > > > > > > > >> > > more > >> >> > > > > > > > > > >> > > > >> completely. > >> >> > > > > > > > > > >> > > > >> > >> >> > > > > > > > > > >> > > > >> What do you expect for the > documentation? > >> >> > > > > > > > > > >> > > > >> > >> >> > > > > > > > > > >> > > > >> Notice that pac4j dependencies are > still > >> >> > > snapshots, > >> >> > > > > but > >> >> > > > > > > > they > >> >> > > > > > > > > > >> will be > >> >> > > > > > > > > > >> > > > >> released in a week or two. > >> >> > > > > > > > > > >> > > > >> > >> >> > > > > > > > > > >> > > > >> Thanks. > >> >> > > > > > > > > > >> > > > >> Best regards, > >> >> > > > > > > > > > >> > > > >> Jérôme > >> >> > > > > > > > > > >> > > > >> > >> >> > > > > > > > > > >> > > > >> > >> >> > > > > > > > > > >> > > > >> 2015-12-02 17:51 GMT+01:00 larry mccay > < > >> >> > > > > > > > > [email protected] > >> >> > > > > > > > > > >: > >> >> > > > > > > > > > >> > > > >> > >> >> > > > > > > > > > >> > > > >> > Jérôme - > >> >> > > > > > > > > > >> > > > >> > > >> >> > > > > > > > > > >> > > > >> > If you would like to add that change > as > >> >> part > >> >> > of > >> >> > > > > your > >> >> > > > > > > > patch > >> >> > > > > > > > > or > >> >> > > > > > > > > > >> as a > >> >> > > > > > > > > > >> > > > >> > separately filed JIRA to fix a bug > that > >> >> would > >> >> > > > > > certainly > >> >> > > > > > > > be > >> >> > > > > > > > > > >> > welcomed. > >> >> > > > > > > > > > >> > > > >> > Otherwise, I can do it. > >> >> > > > > > > > > > >> > > > >> > > >> >> > > > > > > > > > >> > > > >> > Let me know. > >> >> > > > > > > > > > >> > > > >> > > >> >> > > > > > > > > > >> > > > >> > thanks, > >> >> > > > > > > > > > >> > > > >> > > >> >> > > > > > > > > > >> > > > >> > --larry > >> >> > > > > > > > > > >> > > > >> > > >> >> > > > > > > > > > >> > > > >> > On Wed, Dec 2, 2015 at 11:44 AM, > larry > >> >> mccay > >> >> > < > >> >> > > > > > > > > > >> > [email protected] > >> >> > > > > > > > > > >> > > > > >> >> > > > > > > > > > >> > > > >> > wrote: > >> >> > > > > > > > > > >> > > > >> > > >> >> > > > > > > > > > >> > > > >> > > Okay - I had to add an override of > >> >> > > > > > getUserPrincipal() > >> >> > > > > > > > to > >> >> > > > > > > > > > the > >> >> > > > > > > > > > >> > > > >> > > > >> IdentityAsserterHttpServletRequestWrapper > >> >> > and > >> >> > > > > > return > >> >> > > > > > > > the > >> >> > > > > > > > > > >> member > >> >> > > > > > > > > > >> > > > >> variable > >> >> > > > > > > > > > >> > > > >> > > username and it works like a charm. > >> >> > > > > > > > > > >> > > > >> > > > >> >> > > > > > > > > > >> > > > >> > > Why I haven't seen this same > behavior > >> >> with > >> >> > > > other > >> >> > > > > > > > > providers > >> >> > > > > > > > > > >> is a > >> >> > > > > > > > > > >> > > bit > >> >> > > > > > > > > > >> > > > >> of a > >> >> > > > > > > > > > >> > > > >> > > mystery but they must be adding > other > >> >> > > wrappers > >> >> > > > > that > >> >> > > > > > > > > handle > >> >> > > > > > > > > > >> it. > >> >> > > > > > > > > > >> > > > >> > > This is quite cool, Jérôme! > >> >> > > > > > > > > > >> > > > >> > > > >> >> > > > > > > > > > >> > > > >> > > On Wed, Dec 2, 2015 at 10:41 AM, > larry > >> >> > mccay > >> >> > > < > >> >> > > > > > > > > > >> > > [email protected] > >> >> > > > > > > > > > >> > > > > > >> >> > > > > > > > > > >> > > > >> > > wrote: > >> >> > > > > > > > > > >> > > > >> > > > >> >> > > > > > > > > > >> > > > >> > >> That was it - thanks! > >> >> > > > > > > > > > >> > > > >> > >> > >> >> > > > > > > > > > >> > > > >> > >> On Wed, Dec 2, 2015 at 10:20 AM, > >> Jérôme > >> >> > > LELEU > >> >> > > > < > >> >> > > > > > > > > > >> > [email protected]> > >> >> > > > > > > > > > >> > > > >> wrote: > >> >> > > > > > > > > > >> > > > >> > >> > >> >> > > > > > > > > > >> > > > >> > >>> This is my exact command line: > mvn > >> >> > > -Prelease > >> >> > > > > > clean > >> >> > > > > > > > > > install > >> >> > > > > > > > > > >> > > > >> -DskipTests > >> >> > > > > > > > > > >> > > > >> > >>> > >> >> > > > > > > > > > >> > > > >> > >>> You use an internal Maven > >> repository to > >> >> > > fetch > >> >> > > > > > > > > > dependencies > >> >> > > > > > > > > > >> > from > >> >> > > > > > > > > > >> > > > >> > internet: > >> >> > > > > > > > > > >> > > > >> > >>> > >> >> > > > > > > > > > >> > > > >> >> > > > > > > > > >> >> > > > http://nexus-private.hortonworks.com/nexus/content/groups/public/ > >> >> > > > > > > > > > >> > > > >> > >>> > >> >> > > > > > > > > > >> > > > >> > >>> Does this repository have access > to > >> the > >> >> > > > remote > >> >> > > > > > > > > Snapshots > >> >> > > > > > > > > > >> > > Sonatype > >> >> > > > > > > > > > >> > > > >> repo? > >> >> > > > > > > > > > >> > > > >> > >>> > >> >> > > > > > > > > > >> > > > >> > >>> > >> >> > > > > > > > > > >> > > > >> > >>> > >> >> > > > > > > > > > >> > > > >> > >>> 2015-12-02 16:16 GMT+01:00 larry > >> mccay > >> >> < > >> >> > > > > > > > > > >> [email protected] > >> >> > > > > > > > > > >> > >: > >> >> > > > > > > > > > >> > > > >> > >>> > >> >> > > > > > > > > > >> > > > >> > >>> > hmmm - I used: > >> >> > > > > > > > > > >> > > > >> > >>> > > >> >> > > > > > > > > > >> > > > >> > >>> > mvn clean install > -DskipTests=true > >> >> > > > -Prelease > >> >> > > > > > > > > > >> > > > >> > >>> > > >> >> > > > > > > > > > >> > > > >> > >>> > The repository entry is in > there > >> >> > already. > >> >> > > > > > > > > > >> > > > >> > >>> > No worky. > >> >> > > > > > > > > > >> > > > >> > >>> > > >> >> > > > > > > > > > >> > > > >> > >>> > On Wed, Dec 2, 2015 at 10:12 > AM, > >> >> Jérôme > >> >> > > > > LELEU < > >> >> > > > > > > > > > >> > > [email protected] > >> >> > > > > > > > > > >> > > > > > >> >> > > > > > > > > > >> > > > >> > >>> wrote: > >> >> > > > > > > > > > >> > > > >> > >>> > > >> >> > > > > > > > > > >> > > > >> > >>> > > Hi, > >> >> > > > > > > > > > >> > > > >> > >>> > > > >> >> > > > > > > > > > >> > > > >> > >>> > > You need the j2e-pac4j > >> dependencies > >> >> > as > >> >> > > > well > >> >> > > > > > as > >> >> > > > > > > > the > >> >> > > > > > > > > > >> pac4j-* > >> >> > > > > > > > > > >> > > > >> > >>> dependencies, > >> >> > > > > > > > > > >> > > > >> > >>> > > but you don't need to build > them > >> >> > > locally > >> >> > > > > > > > > (hopefully). > >> >> > > > > > > > > > >> > > > >> > >>> > > > >> >> > > > > > > > > > >> > > > >> > >>> > > But you need a dependency on > the > >> >> > > Sonatype > >> >> > > > > > > > snapshots > >> >> > > > > > > > > > >> > > repository > >> >> > > > > > > > > > >> > > > >> > >>> (where the > >> >> > > > > > > > > > >> > > > >> > >>> > > snapshot versions are > hosted), > >> >> which > >> >> > is > >> >> > > > > added > >> >> > > > > > > for > >> >> > > > > > > > > > >> Maven in > >> >> > > > > > > > > > >> > > the > >> >> > > > > > > > > > >> > > > >> root > >> >> > > > > > > > > > >> > > > >> > >>> > > pom.xml: > >> >> > > > > > > > > > >> > > > >> > >>> > > > >> >> > > > > > > > > > >> > > > >> > >>> > > > >> >> > > > > > > > > > >> > > > >> > >>> > > >> >> > > > > > > > > > >> > > > >> > >>> > >> >> > > > > > > > > > >> > > > >> > > >> >> > > > > > > > > > >> > > > >> > >> >> > > > > > > > > > >> > > > > >> >> > > > > > > > > > >> > > > >> >> > > > > > > > > > >> > > >> >> > > > > > > > > > >> > >> >> > > > > > > > > > > >> >> > > > > > > > > > >> >> > > > > > > > > >> >> > > > > > > > >> >> > > > > > > >> >> > > > > > >> >> > > > > >> >> > > > >> >> > > >> >> > >> > https://github.com/apache/knox/pull/2/files#diff-600376dffeb79835ede4a0b285078036R123 > >> >> > > > > > > > > > >> > > > >> > >>> > > > >> >> > > > > > > > > > >> > > > >> > >>> > > If you use Ant for the build, > >> there > >> >> > is > >> >> > > > > maybe > >> >> > > > > > a > >> >> > > > > > > > > glitch > >> >> > > > > > > > > > >> to > >> >> > > > > > > > > > >> > > find > >> >> > > > > > > > > > >> > > > >> the > >> >> > > > > > > > > > >> > > > >> > >>> > Sonatype > >> >> > > > > > > > > > >> > > > >> > >>> > > Maven repo. > >> >> > > > > > > > > > >> > > > >> > >>> > > > >> >> > > > > > > > > > >> > > > >> > >>> > > Thanks. > >> >> > > > > > > > > > >> > > > >> > >>> > > Best regards, > >> >> > > > > > > > > > >> > > > >> > >>> > > Jérôme > >> >> > > > > > > > > > >> > > > >> > >>> > > > >> >> > > > > > > > > > >> > > > >> > >>> > > > >> >> > > > > > > > > > >> > > > >> > >>> > > 2015-12-02 16:06 GMT+01:00 > larry > >> >> > mccay > >> >> > > < > >> >> > > > > > > > > > >> > > [email protected] > >> >> > > > > > > > > > >> > > > >: > >> >> > > > > > > > > > >> > > > >> > >>> > > > >> >> > > > > > > > > > >> > > > >> > >>> > > > Oh - do I need to build > >> j2e-pac4 > >> >> > > > locally > >> >> > > > > in > >> >> > > > > > > > order > >> >> > > > > > > > > > to > >> >> > > > > > > > > > >> > > resolve > >> >> > > > > > > > > > >> > > > >> the > >> >> > > > > > > > > > >> > > > >> > >>> > > > dependencies? > >> >> > > > > > > > > > >> > > > >> > >>> > > > > >> >> > > > > > > > > > >> > > > >> > >>> > > > [ERROR] Failed to execute > >> goal on > >> >> > > > project > >> >> > > > > > > > > > >> > > > >> > >>> > > > gateway-provider-security-pac4j: > >> >> > > > > > > > > > >> > > > >> > >>> > > > Could not resolve > dependencies > >> >> for > >> >> > > > > project > >> >> > > > > > > > > > >> > > > >> > >>> > > > > >> >> > > > > > > > > > >> > > > >> > >>> > >> >> > > > > > > > > > >> > > > > >> >> > > > > > > > > > > >> >> > > > > > >> org.apache.knox:gateway-provider-security-pac4j:jar:0.7.0-SNAPSHOT: > >> >> > > > > > > > > > >> > > > >> The > >> >> > > > > > > > > > >> > > > >> > >>> > > > following artifacts could > not > >> be > >> >> > > > > resolved: > >> >> > > > > > > > > > >> > > > >> > >>> > > > > >> >> > > org.pac4j:j2e-pac4j:jar:1.2.1-SNAPSHOT, > >> >> > > > > > > > > > >> > > > >> > >>> > > > > >> >> > > > org.pac4j:pac4j-http:jar:1.8.1-SNAPSHOT, > >> >> > > > > > > > > > >> > > > >> > >>> > > > > >> >> > > > > org.pac4j:pac4j-config:jar:1.8.1-SNAPSHOT: > >> >> > > > > > > > Could > >> >> > > > > > > > > > not > >> >> > > > > > > > > > >> > find > >> >> > > > > > > > > > >> > > > >> > artifact > >> >> > > > > > > > > > >> > > > >> > >>> > > > > >> >> > > org.pac4j:j2e-pac4j:jar:1.2.1-SNAPSHOT > >> >> > > > in > >> >> > > > > > > > public > >> >> > > > > > > > > ( > >> >> > > > > > > > > > >> > > > >> > >>> > > > > >> >> > > > > > > > > > >> > > > >> > > >> >> > > > > > > > > > >> > >> >> > > > > > > >> >> http://nexus-private.hortonworks.com/nexus/content/groups/public/ > >> >> > > > > > > > > > >> > ) > >> >> > > > > > > > > > >> > > > >> > >>> -> > >> >> > > > > > > > > > >> > > > >> > >>> > > > [Help > >> >> > > > > > > > > > >> > > > >> > >>> > > > 1] > >> >> > > > > > > > > > >> > > > >> > >>> > > > > >> >> > > > > > > > > > >> > > > >> > >>> > > > On Wed, Dec 2, 2015 at > 10:05 > >> AM, > >> >> > > larry > >> >> > > > > > mccay > >> >> > > > > > > < > >> >> > > > > > > > > > >> > > > >> > >>> [email protected]> > >> >> > > > > > > > > > >> > > > >> > >>> > > > wrote: > >> >> > > > > > > > > > >> > > > >> > >>> > > > > >> >> > > > > > > > > > >> > > > >> > >>> > > > > > >> gateway-provider-security-pac4j > >> >> > > > doesn't > >> >> > > > > > > > build - > >> >> > > > > > > > > > do > >> >> > > > > > > > > > >> you > >> >> > > > > > > > > > >> > > > have > >> >> > > > > > > > > > >> > > > >> a > >> >> > > > > > > > > > >> > > > >> > >>> pending > >> >> > > > > > > > > > >> > > > >> > >>> > > > > change for your pom.xml > or > >> >> > > something? > >> >> > > > > > > > > > >> > > > >> > >>> > > > > > >> >> > > > > > > > > > >> > > > >> > >>> > > >> >> > > > > > > > > > >> > > > >> > >>> > >> >> > > > > > > > > > >> > > > >> > >> > >> >> > > > > > > > > > >> > > > >> > >> > >> >> > > > > > > > > > >> > > > >> > > > >> >> > > > > > > > > > >> > > > >> > > >> >> > > > > > > > > > >> > > > >> > >> >> > > > > > > > > > >> > > > > > >> >> > > > > > > > > > >> > > > > > >> >> > > > > > > > > > >> > > > > >> >> > > > > > > > > > >> > > > >> >> > > > > > > > > > >> > > >> >> > > > > > > > > > >> > >> >> > > > > > > > > > > > >> >> > > > > > > > > > > > >> >> > > > > > > > > > > >> >> > > > > > > > > > >> >> > > > > > > > > >> >> > > > > > > > >> >> > > > > > > >> >> > > > > > >> >> > > > > >> >> > > > >> >> > > >> >> > >> >
