[
https://issues.apache.org/jira/browse/MRESOLVER-274?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17614432#comment-17614432
]
ASF GitHub Bot commented on MRESOLVER-274:
------------------------------------------
michael-o commented on code in PR #197:
URL: https://github.com/apache/maven-resolver/pull/197#discussion_r990611901
##########
maven-resolver-impl/src/main/java/org/eclipse/aether/internal/impl/DefaultArtifactResolver.java:
##########
@@ -282,10 +297,31 @@ private List<ArtifactResult> resolve(
RepositorySystemSession session,
continue;
}
+ List<RemoteRepository> remoteRepositories =
request.getRepositories();
+ List<RemoteRepository> filteredRemoteRepositories = new
ArrayList<>( remoteRepositories.size() );
+ for ( RemoteRepository repository : remoteRepositories )
+ {
+ RemoteRepositoryFilter.Result filterResult =
filter.acceptArtifact( repository, artifact );
+ if ( !filterResult.isAccepted() )
+ {
+ result.addException( new ArtifactNotFoundException(
artifact, repository,
+ filterResult.reasoning() ) );
+ }
+ else
+ {
+ filteredRemoteRepositories.add( repository );
+ }
+ }
+
+ final boolean remoteConsidered = !remoteRepositories.isEmpty();
+ final boolean filteringApplied = remoteConsidered
+ && !remoteRepositories.equals( filteredRemoteRepositories
);
Review Comment:
Do we really have `#equals()` implemented on repo level?
> Introduce Remote Repository Filter feature
> ------------------------------------------
>
> Key: MRESOLVER-274
> URL: https://issues.apache.org/jira/browse/MRESOLVER-274
> Project: Maven Resolver
> Issue Type: Improvement
> Components: Resolver
> Reporter: Tamas Cservenak
> Assignee: Tamas Cservenak
> Priority: Major
> Fix For: resolver-next
>
>
> The feature, as it's name says should be able to "filter" RemoteRepositories
> by some criteria ("known bad GAVs", "allowed groupId", etc).
> In short, this feature allows following filtering: "should be Artifact
> available from RemoteRepository?" and is able to employ several combination
> (via consensus, or later possibly other strategies) of several "filter
> sources" that are extensible (via adding new components).
> Filter is used in two places:
> * in connector, preventing remote artifact to be fetched from remote
> repository (100% reliable)
> * in resolution, preventing locally *cached* artifact to be resolved
> (reliable as much as your local repository is "clean", ie. if you used Simple
> LRM on it, it does not track remote origins will fail to filter, while
> EnhancedLRM does track it and will work as expected).
> By default this feature is "dormant" (resolver behaves exactly same as before
> without it). This is intended as "low level" feature that later can be built
> upon, and implement some more user friendly solutions like MNG-6763. Hence,
> this issue and resolver code changes are NOT meant to completely implement
> MNG-6763, but more like to provide needed (lower level) functionalities to
> make it possible.
> Filters implemented in this round:
> * groupId - provide a list of groupIds per remote repository
> * prefix - use prefixes file for allowed prefixes (example central
> [https://repo.maven.apache.org/maven2/.meta/prefixes.txt] or ASF releases
> [https://repository.apache.org/content/repositories/releases/.meta/prefixes.txt)]
> * maybe package up an artifact holding list of "known" bad artifacts and
> consume that (and enforce it)
> * etc...
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
