Do you mind explaining what okhttp connector does wrong? I'd like this
usecase to work in m2e as this sounds like something many organization
would want to use.
I am setting up a test for this, but I don't know enough about http to
spot the problem. I am happy to share the test code if anyone is
interested, but here is the sketch of what I see with http (didn't try
https yet)
1. client makes HEAD request to loadbalancer (a), gets 301 redirect back
2. client makes HEAD request to repository server, gets 302 back
3. client makes HEAD request to login server, gets 401 back
4. client makes HEAD+auth request to login server, gets 301 back
5. client makes HEAD+auth request to repository server, gets 200 back
6. client makes GET+auth request to loadbalancer (b), gets 301 back
7. client makes GET+auth request to repository server, gets 200 back
(a) initial HEAD request seems redundant, it should be GET I believe
(b) the client does not remember 301 and makes another request to the
load balancer.
Does the above match your observations or this is not what you see in
your environment?
At what point of the conversation does the client misbehave? In other
words, what request(s) do you expect the client to make and what does it
make instead?
--
Regards,
Igor
On 2014-09-25, 8:50, Robert Patrick wrote:
We have looked at this wagon and it does not seem to address our problem.
What I would like to propose is that we go extend the existing Maven wagon-http
provider to allow configuration of the wagon to be able to support more
flexible scoping of the credentials than what is currently possible. Would
you, the Maven developers, be open to such a change? If so, what process do we
need to go through to make, test, commit the change?
Thanks,
Robert
--
Robert Patrick <[email protected]>
VP, FMW Platform Engineering, Oracle Corporation
7460 Warren Pkwy, Ste. 300 Office: +1.972.963.2872
Frisco, TX 75034, USA Mobile: +1.469.556.9450
Professional Oracle WebLogic Server
by Robert Patrick, Gregory Nyberg, and Philip Aston
with Josh Bregman and Paul Done
Book Home Page: http://www.wrox.com/
Kindle Version: http://www.amazon.com/
-----Original Message-----
From: Mark Nelson
Sent: Thursday, September 25, 2014 12:27 AM
To: [email protected]
Subject: Re: Maven wagon-http Issue
Thanks a lot Igor,
I tried this release, and I am still getting authorization errors (see below).
In order to see what is going on, I have been using a HTTP proxy (fiddler) to
see all the requests, headers, cookies, etc. To do that, I need to tell Maven
to ignore the SSL, which I have been doing using these command line options:
-Dmaven.wagon.http.ssl.insecure=true -Dmaven.wagon.http.ssl.allowall=true
Is there a capability to do something like this with your wagon? That will let
me work out how far it is getting/where it is failing. I will try to use a
-Djavax.net.debug=ALL and see if I can learn anything from that.
... 31 more
Caused by: io.takari.aether.connector.AuthorizationException: Access denied to
https://*****. Error code 401, Authorization Required
at
io.takari.aether.connector.AetherRepositoryConnector.handleResponseCode(AetherRepositoryConnector.java:367)
at
io.takari.aether.connector.AetherRepositoryConnector.access$900(AetherRepositoryConnector.java:95)
at
io.takari.aether.connector.AetherRepositoryConnector$GetTask.resumableGet(AetherRepositoryConnector.java:614)
at
io.takari.aether.connector.AetherRepositoryConnector$GetTask.run(AetherRepositoryConnector.java:456)
at
io.takari.aether.connector.AetherRepositoryConnector.get(AetherRepositoryConnector.java:297)
... 33 more
[ERROR]
[ERROR]
[ERROR] For more information about the errors and possible solutions, please
read the following articles:
[ERROR] [Help 1]
http://cwiki.apache.org/confluence/display/MAVEN/DependencyResolutionException
Thanks again,
Mark Nelson | Architect | 61.2.9491.1177 Platform Engineering Oracle
Development http://redstack.wordpress.com/
"Oracle BPM Suite 11g: Advanced BPMN Topics"
by Mark Nelson and Tanya Williams
http://bit.ly/UbNKLD
On 9/25/2014 12:34 PM, Igor Fedorenko wrote:
No, you are not missing anything. We don't usually use the connector
as build extension and there appear some sisu/guice related bugs that
result in the exception you see.
I just released version 0.12.1 of the connector, which appears to work
with maven 3.2.3 and I assume will work with earlier 3.2.1 versions too.
You can get the new version from our releases repository [1] or wait
another 15-20 minutes before the artifacts are synced to central.
Please note that with pom.xml <extensions> you will still use maven
default http/https wagon to download the connector itself. This is why
we normally use the connector as part of custom maven distribution,
like the one we embed in m2e, for example.
[1]
http://repository.takari.io:8081/nexus/content/repositories/releases/
--
Regards,
Igor
On 2014-09-24, 22:20, Mark Nelson wrote:
Same error with 0.12.0 - maybe I am missing some necessary
configuration?
All I did was add a build/extension with the GAV for this wagon.
Is there anything else I need to do to enable it?
Mark Nelson | Architect | 61.2.9491.1177 Platform Engineering Oracle
Development http://redstack.wordpress.com/
"Oracle BPM Suite 11g: Advanced BPMN Topics"
by Mark Nelson and Tanya Williams
http://bit.ly/UbNKLD
On 9/25/2014 12:11 PM, Mark Nelson wrote:
Thanks for the suggestion, but it still gives the same error.
Mark Nelson | Architect | 61.2.9491.1177 Platform Engineering Oracle
Development http://redstack.wordpress.com/
"Oracle BPM Suite 11g: Advanced BPMN Topics"
by Mark Nelson and Tanya Williams
http://bit.ly/UbNKLD
On 9/25/2014 12:04 PM, Jason van Zyl wrote:
We updated 0.13.1 of the connector to use Aether 1.0, but 3.2.3
still uses 0.9.0.M2 so you'll need to use the 0.13.0 version of the
connector. There were API changes in Aether.
On Sep 24, 2014, at 9:11 PM, Mark Nelson <[email protected]>
wrote:
I tired 3.2.1 and 3.2.3.
Mark Nelson | Architect | 61.2.9491.1177 Platform Engineering
Oracle Development http://redstack.wordpress.com/
"Oracle BPM Suite 11g: Advanced BPMN Topics"
by Mark Nelson and Tanya Williams
http://bit.ly/UbNKLD
On 9/25/2014 11:09 AM, Igor Fedorenko wrote:
What maven version do you use?
On September 24, 2014 9:00:00 PM EDT, Mark Nelson
<[email protected]> wrote:
Hi Igor,
I am trying to use this okhttp-based wagon, but it is giving me
an odd error that I have not seen before.
I tried different versions of Maven and Java (7 and 8), and I
went through the code to see if I could find any configuration
properties that I needed to set in a build/plugin/configuration
entry, but I could
not find anything.
I added the wagon like this:
<extension>
<groupId>io.takari.aether</groupId>
<artifactId>aether-connector-okhttp</artifactId>
<version>0.13.1</version>
</extension>
And the error is below.
Would very much appreciate if you could point out anything I am
missing/doing wrong.
[INFO]
----------------------------------------------------------------
--------
[INFO] BUILD FAILURE
[INFO]
----------------------------------------------------------------
--------
[INFO] Total time: 0.595 s
[INFO] Finished at: 2014-09-25T10:49:50+10:00 [INFO] Final
Memory: 5M/288M [INFO]
----------------------------------------------------------------
--------
[ERROR] Internal error: com.google.inject.ProvisionException:
Guice provision errors:
[ERROR]
[ERROR] 1) null returned by binding at
org.eclipse.sisu.wire.LocatorWiring
[ERROR] but parameter 1 of
io.takari.aether.connector.AetherRepositoryConnectorFactory.<ini
t>()
is
not @Nullable
[ERROR] while locating javax.net.ssl.SSLSocketFactory [ERROR]
for parameter 1 at
io.takari.aether.connector.AetherRepositoryConnectorFactory.<ini
t>(Unknown
Source)
[ERROR] while locating
io.takari.aether.connector.AetherRepositoryConnectorFactory
[ERROR] at
ClassRealm[extension>io.takari.aether:aether-connector-okhttp:0.
13.1,
parent: sun.misc.Launcher$AppClassLoader@5c647e05]
[ERROR] at
ClassRealm[extension>io.takari.aether:aether-connector-okhttp:0.
13.1,
parent: sun.misc.Launcher$AppClassLoader@5c647e05]
[ERROR] while locating
org.eclipse.aether.spi.connector.RepositoryConnectorFactory
annotated
with @com.google.inject.name.Named(value=
okhttp)
[ERROR]
[ERROR] 1 error
[ERROR] -> [Help 1]
org.apache.maven.InternalErrorException: Internal error:
com.google.inject.ProvisionException: Guice provision errors:
1) null returned by binding at org.eclipse.sisu.wire.LocatorWiring
but parameter 1 of
io.takari.aether.connector.AetherRepositoryConnectorFactory.<ini
t>()
is
not @Nullable
while locating javax.net.ssl.SSLSocketFactory
for parameter 1 at
io.takari.aether.connector.AetherRepositoryConnectorFactory.<ini
t>(Unknown
Source)
while locating
io.takari.aether.connector.AetherRepositoryConnectorFactory
at
ClassRealm[extension>io.takari.aether:aether-connector-okhttp:0.
13.1,
parent: sun.misc.Launcher$AppClassLoader@5c647e05]
at
ClassRealm[extension>io.takari.aether:aether-connector-okhttp:0.
13.1,
parent: sun.misc.Launcher$AppClassLoader@5c647e05]
while locating
org.eclipse.aether.spi.connector.RepositoryConnectorFactory
annotated
with @com.google.inject.name.Named(value=okhttp
)
1 error
at
org.apache.maven.lifecycle.internal.builder.BuilderCommon.handle
BuildError(BuilderCommon.java:147)
at
org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.build
Project(LifecycleModuleBuilder.java:129)
at
org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.build
Project(LifecycleModuleBuilder.java:80)
at
org.apache.maven.lifecycle.internal.builder.singlethreaded.Singl
eThreadedBuilder.build(SingleThreadedBuilder.java:51)
at
org.apache.maven.lifecycle.internal.LifecycleStarter.execute(Lif
ecycleStarter.java:120)
at
org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:347)
at
org.apache.maven.DefaultMaven.execute(DefaultMaven.java:154)
at
org.apache.maven.cli.MavenCli.execute(MavenCli.java:582)
at org.apache.maven.cli.MavenCli.doMain(MavenCli.java:214)
at org.apache.maven.cli.MavenCli.main(MavenCli.java:158)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessor
Impl.java:62)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethod
AccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:483)
at
org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced
(Launcher.java:289)
at
org.codehaus.plexus.classworlds.launcher.Launcher.launch(Launche
r.java:229)
at
org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCo
de(Launcher.java:415)
at
org.codehaus.plexus.classworlds.launcher.Launcher.main(Launcher.
java:356)
Mark Nelson | Architect | 61.2.9491.1177 Platform Engineering
Oracle Development http://redstack.wordpress.com/
"Oracle BPM Suite 11g: Advanced BPMN Topics"
by Mark Nelson and Tanya Williams http://bit.ly/UbNKLD
On 9/25/2014 7:54 AM, Igor Fedorenko wrote:
There is yet another http connector implementation [1] (the
more the merrier, right? :-) ). It is based on square okhttp
client and is
pretty
simple. I didn't try redirects, but auth credentials are not
scoped
to a
specific url, so there is a chance this connector may work.
This is the connector used in m2e, so it should be reasonable
well tested at this point.
[1] https://github.com/tesla/aether-connector-okhttp
--
Regards,
Igor
On 2014-09-24, 17:46, Robert Patrick wrote:
Hi,
Sorry if this isn't worthy of the developers list but I
believe that it is appropriate.
We are trying to stand up a highly-available Maven repository
that
is
protected by an SSO solution using Basic Auth over SSL. The
architecture is as follows:
1.) Maven clients connect over the internet to the repository
using maven.example.com
2.) maven.example.com is a hardware load balancer DNS alias
that
uses HTTP 301 to redirect to repo.example.com
3.) repo.example.com uses HTTP 302 to redirect the request to
login.example.com
4.) login.example.com sends back HTTP 401 to require
authentication
5.) The client returns the request with the Authorization
header
and login.example.com uses HTTP 302 to redirect the request
back to repo.example.com with the proper Authorization header
and retrieve the artifact.
We define the repository in settings.xml with a url of
https://maven.example.com. The problem we are running into is
that the Maven HTTP Wagon code is setting the AuthScope based
on the Repository URL's host (and port, if supplied).
Credentials creds = new
UsernamePasswordCredentials(
username, password );
String host = getRepository().getHost();
int port = getRepository().getPort() > -1 ?
getRepository().getPort() : AuthScope.ANY_PORT;
credentialsProvider.setCredentials( new AuthScope( host, port
), creds );
As such, the AuthScope is created with "maven.example.com" and
"-1"
(i.e., AuthScope.ANY_PORT). This causes the Authorization
header to not be returned in response to the HTTP 401
challenge and Maven simply moves on to try to retrieve the
artifact from Maven Central (but the artifact isn't there.).
From reading the code, there doesn't appear to be any way of
telling
Maven to set the AuthScope realm to a value that we specify
(and the AuthScope host to AuthScope.ANY_HOST). Are we
missing something obvious or, as we believe, do we need to
enhance Maven to support this type of configuration?
We really need for this to work so what do you suggest? We
had this mostly working with the
org.sonatype.maven:wagon-ahc:1.2.1 wagon but we were running
into an issue where Maven was dropping the Authorization
header when fetching the artifact's checksum file, which made
that solution unworkable.
Thanks,
Robert
--
Robert Patrick <HYPERLINK
"mailto:[email protected]"[email protected]>
VP, FMW Platform Engineering, Oracle Corporation
7460 Warren Pkwy, Ste. 300 Office: +1.972.963.2872
Frisco, TX 75034, USA Mobile: +1.469.556.9450
HYPERLINK
"http://www.amazon.com/Professional-Oracle-WebLogic-Server-Patri
ck/dp/0470484306/"Professional
Oracle WebLogic Server
by Robert Patrick, Gregory Nyberg, and Philip Aston
with Josh Bregman and Paul Done
Book Home Page: HYPERLINK
"http://www.wrox.com/WileyCDA/WroxTitle/Professional-Oracle-WebL
ogic-Server.productCd-0470484306.html"http://www.wrox.com/
Kindle Version: HYPERLINK
"http://www.amazon.com/Professional-Oracle-WebLogic-Server-ebook
/dp/B004HD69J2/"http://www.amazon.com/
---------------------------------------------------------------
------
To unsubscribe, e-mail: [email protected] For
additional commands, e-mail: [email protected]
----------------------------------------------------------------
-----
To unsubscribe, e-mail: [email protected] For
additional commands, e-mail: [email protected]
------------------------------------------------------------------
--- To unsubscribe, e-mail: [email protected] For
additional commands, e-mail: [email protected]
Thanks,
Jason
----------------------------------------------------------
Jason van Zyl
Founder, Apache Maven
http://twitter.com/jvanzyl
http://twitter.com/takari_io
---------------------------------------------------------
To do two things at once is to do neither.
-- Publilius Syrus, Roman slave, first century B.C.
--------------------------------------------------------------------
- To unsubscribe, e-mail: [email protected] For
additional commands, e-mail: [email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected] For
additional commands, e-mail: [email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected] For
additional commands, e-mail: [email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected] For additional
commands, e-mail: [email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
