[jira] Commented: (MNG-4228) [regression] Authorization failed: Not authorized by proxy.
[ http://jira.codehaus.org/browse/MNG-4228?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=191663#action_191663 ] Paul Benedict commented on MNG-4228: FYI, Eclipse 3.6M2 now includes NTLMv2 proxy support: http://download.eclipse.org/eclipse/downloads/drops/S-3.6M2-200909170100/eclipse-news-M2.html Peek at their code and determine if it can be re-used for Maven. > [regression] Authorization failed: Not authorized by proxy. > --- > > Key: MNG-4228 > URL: http://jira.codehaus.org/browse/MNG-4228 > Project: Maven 2 > Issue Type: Bug > Components: Artifacts and Repositories, Settings >Affects Versions: 2.2.0 > Environment: Windows XP, java version "1.6.0_04" >Reporter: Marco Noto >Assignee: John Casey >Priority: Blocker > Fix For: 2.2.1 > > Attachments: NTLMV21.RAR, TestNTLMAuth.java > > > I can not access any external repository using the version 2.2.0. If I go > back to 2.1.0 everything works properly. > For example: > mvn -U eclipse:eclipse > [INFO] Scanning for projects... > [INFO] Searching repository for plugin with prefix: 'eclipse'. > [INFO] org.apache.maven.plugins: checking for updates from central > [WARNING] repository metadata for: 'org.apache.maven.plugins' could not be > retrieved from repository: central due > to an error: Authorization failed: Not authorized by proxy. > [INFO] Repository 'central' will be blacklisted -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (MNG-4228) [regression] Authorization failed: Not authorized by proxy.
[
http://jira.codehaus.org/browse/MNG-4228?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=184349#action_184349
]
John Casey commented on MNG-4228:
-
Actually, reading the source again, it looks like NTCredentials IS used:
{code}
ProxyInfo proxyInfo = getProxyInfo( getRepository().getProtocol(),
getRepository().getHost() );
if ( proxyInfo != null )
{
String proxyUsername = proxyInfo.getUserName();
String proxyPassword = proxyInfo.getPassword();
String proxyHost = proxyInfo.getHost();
int proxyPort = proxyInfo.getPort();
String proxyNtlmHost = proxyInfo.getNtlmHost();
String proxyNtlmDomain = proxyInfo.getNtlmDomain();
if ( proxyHost != null )
{
hc.setProxy( proxyHost, proxyPort );
if ( proxyUsername != null && proxyPassword != null )
{
Credentials creds;
if ( proxyNtlmHost != null || proxyNtlmDomain != null )
{
creds = new NTCredentials( proxyUsername,
proxyPassword, proxyNtlmHost, proxyNtlmDomain );
}
else
{
creds = new UsernamePasswordCredentials( proxyUsername,
proxyPassword );
}
int port = proxyInfo.getPort() > -1 ? proxyInfo.getPort() :
AuthScope.ANY_PORT;
AuthScope scope = new AuthScope( proxyHost, port );
client.getState().setProxyCredentials( scope, creds );
}
}
}
{code}
So, if you use ntlmHost and ntlmDomain in your proxy configuration, it should
work for NTLMv1 (but not v2).
> [regression] Authorization failed: Not authorized by proxy.
> ---
>
> Key: MNG-4228
> URL: http://jira.codehaus.org/browse/MNG-4228
> Project: Maven 2
> Issue Type: Bug
> Components: Artifacts and Repositories, Settings
>Affects Versions: 2.2.0
> Environment: Windows XP, java version "1.6.0_04"
>Reporter: Marco Noto
>Assignee: John Casey
>Priority: Blocker
> Fix For: 2.2.1
>
> Attachments: NTLMV21.RAR, TestNTLMAuth.java
>
>
> I can not access any external repository using the version 2.2.0. If I go
> back to 2.1.0 everything works properly.
> For example:
> mvn -U eclipse:eclipse
> [INFO] Scanning for projects...
> [INFO] Searching repository for plugin with prefix: 'eclipse'.
> [INFO] org.apache.maven.plugins: checking for updates from central
> [WARNING] repository metadata for: 'org.apache.maven.plugins' could not be
> retrieved from repository: central due
> to an error: Authorization failed: Not authorized by proxy.
> [INFO] Repository 'central' will be blacklisted
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (MNG-4228) [regression] Authorization failed: Not authorized by proxy.
[ http://jira.codehaus.org/browse/MNG-4228?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=184348#action_184348 ] John Casey commented on MNG-4228: - Maven is using httpclient 3.x, NOT 4.x. The trick seems to be that we're not using NTCredentials, since (from what I can tell) there is no way to determine whether we're talking to an NTLM proxy or not. It may be worthwhile pursuing in future releases of Wagon, to allow the use of NTCredentials if a certain configuration flag is set, or a system property is set. As for dropping in NTLMv2 support via jcifs or similar, I'm not sure how well that would work, since I'm guessing we'd have to have code that used it directly, which would mean that code was GPL'ed... OTOH, the modifications I've made for Maven 2.2.1 should allow you to specify your own implementation of the HTTP wagon, and use that one instead of the built-in versions. > [regression] Authorization failed: Not authorized by proxy. > --- > > Key: MNG-4228 > URL: http://jira.codehaus.org/browse/MNG-4228 > Project: Maven 2 > Issue Type: Bug > Components: Artifacts and Repositories, Settings >Affects Versions: 2.2.0 > Environment: Windows XP, java version "1.6.0_04" >Reporter: Marco Noto >Assignee: John Casey >Priority: Blocker > Fix For: 2.2.1 > > Attachments: NTLMV21.RAR, TestNTLMAuth.java > > > I can not access any external repository using the version 2.2.0. If I go > back to 2.1.0 everything works properly. > For example: > mvn -U eclipse:eclipse > [INFO] Scanning for projects... > [INFO] Searching repository for plugin with prefix: 'eclipse'. > [INFO] org.apache.maven.plugins: checking for updates from central > [WARNING] repository metadata for: 'org.apache.maven.plugins' could not be > retrieved from repository: central due > to an error: Authorization failed: Not authorized by proxy. > [INFO] Repository 'central' will be blacklisted -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (MNG-4228) [regression] Authorization failed: Not authorized by proxy.
[ http://jira.codehaus.org/browse/MNG-4228?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=183620#action_183620 ] Jean-Marc Borer commented on MNG-4228: -- Guys, I am perfectly understanding all your points, especially the licensing issues withJCIFS, but it seems that my explanations are not enough clear. So let's make it as clear as possible. - We are sitting behind a proxy server which requires NTLM authentication. I don't know if it is v1 or v2, but I have some insights (see below). All server and clients are hosted on Windows machines. - Maven 2.1.0 works where Maven 2.2.0 fails. According to your feedback, 2.2.0 has moved from Sun's http layer to Apache's httpclient 4. - Meanwhile we have another product, Artifactory from http://www.jfrog.org/, which uses httpclient that manages to authenticate with our proxy server. I asked the developpers which version of httpclient they use in their product and they said it is an unpatched/unmodified apache's httpclient 3.x. - I made wrote a small example (see attached [2]) which uses httpclient 3.x that authenticates successfuly with our proxy server. This makes me suppose that our proxy server uses NTLMv1, because it supported (even tough partially) by httpclient 3.x - I retried with a modified version of httpclient that I found among the httplcient issues (http://issues.apache.org/jira/browse/HTTPCLIENT-579) which is supposed to improve NTLM support. I works fine too. However there are again licensing issues. Conclusion: Why is then maven 2.2.0 no longer working? Problably because it uses httpclient 4.x and not httpclient 3.x. This would explain why artifactory has no problems and maven 2.2.0 has. Something changed in version 4.x. Did they completely drop the NTLM support? If yes, this are bad news. JCIFS is no longer going to support the HTTP implementation (http://jcifs.samba.org/src/docs/ntlmhttpauth.html). Instead they recommend to use a commercial library (http://www.ioplex.com/jespa.html). We could afford to buy the lib instead of dropping maven, but it still is unclear to me how to tell httpclient 4.x to use jespa. Letting the user to decide which implementation of HTTP layer to use is the best option for me. Downgrade from httpclient 4.x to httpclient 3.x is not really I good idea, even if it breaks NTLM authentication. One may argue here. > [regression] Authorization failed: Not authorized by proxy. > --- > > Key: MNG-4228 > URL: http://jira.codehaus.org/browse/MNG-4228 > Project: Maven 2 > Issue Type: Bug > Components: Artifacts and Repositories, Settings >Affects Versions: 2.2.0 > Environment: Windows XP, java version "1.6.0_04" >Reporter: Marco Noto >Assignee: John Casey >Priority: Blocker > Fix For: 2.2.1 > > Attachments: NTLMV21.RAR, TestNTLMAuth.java > > > I can not access any external repository using the version 2.2.0. If I go > back to 2.1.0 everything works properly. > For example: > mvn -U eclipse:eclipse > [INFO] Scanning for projects... > [INFO] Searching repository for plugin with prefix: 'eclipse'. > [INFO] org.apache.maven.plugins: checking for updates from central > [WARNING] repository metadata for: 'org.apache.maven.plugins' could not be > retrieved from repository: central due > to an error: Authorization failed: Not authorized by proxy. > [INFO] Repository 'central' will be blacklisted -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (MNG-4228) [regression] Authorization failed: Not authorized by proxy.
[ http://jira.codehaus.org/browse/MNG-4228?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=183614#action_183614 ] Marco Noto commented on MNG-4228: - Guys, thanks for your work ... I don't consider it a big problem using version 2.1.0 for some time ;) > [regression] Authorization failed: Not authorized by proxy. > --- > > Key: MNG-4228 > URL: http://jira.codehaus.org/browse/MNG-4228 > Project: Maven 2 > Issue Type: Bug > Components: Artifacts and Repositories, Settings >Affects Versions: 2.2.0 > Environment: Windows XP, java version "1.6.0_04" >Reporter: Marco Noto >Assignee: John Casey >Priority: Blocker > Fix For: 2.2.1 > > Attachments: NTLMV21.RAR, TestNTLMAuth.java > > > I can not access any external repository using the version 2.2.0. If I go > back to 2.1.0 everything works properly. > For example: > mvn -U eclipse:eclipse > [INFO] Scanning for projects... > [INFO] Searching repository for plugin with prefix: 'eclipse'. > [INFO] org.apache.maven.plugins: checking for updates from central > [WARNING] repository metadata for: 'org.apache.maven.plugins' could not be > retrieved from repository: central due > to an error: Authorization failed: Not authorized by proxy. > [INFO] Repository 'central' will be blacklisted -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (MNG-4228) [regression] Authorization failed: Not authorized by proxy.
[ http://jira.codehaus.org/browse/MNG-4228?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=183565#action_183565 ] Oleg Kalnichevski commented on MNG-4228: > Follow up with the discussion in this issue related to NTLMv2 code in > httpclient... No, it is NOT. This has _nothing_ to do with HttpClient. SUN _licensed_ the NTLM protocol from Microsoft, the luxury we obviously do not have. Besides, they make use of native code accessing native Windows APIs somewhere in their NTLM implementation, which makes NTLM auth in JRE HTTP Windows only. HttpClient 4.0 supports NTLMv2 through JCIFS on all platforms. Unfortunately due to licensing issues we cannot ship or even import JCIFS code. This is a purely licensing issue and it has nothing to do with HttpClient. This is the reason why the use of NTLM is strongly discouraged. Oleg > [regression] Authorization failed: Not authorized by proxy. > --- > > Key: MNG-4228 > URL: http://jira.codehaus.org/browse/MNG-4228 > Project: Maven 2 > Issue Type: Bug > Components: Artifacts and Repositories, Settings >Affects Versions: 2.2.0 > Environment: Windows XP, java version "1.6.0_04" >Reporter: Marco Noto >Assignee: John Casey >Priority: Blocker > Fix For: 2.2.1 > > Attachments: NTLMV21.RAR, TestNTLMAuth.java > > > I can not access any external repository using the version 2.2.0. If I go > back to 2.1.0 everything works properly. > For example: > mvn -U eclipse:eclipse > [INFO] Scanning for projects... > [INFO] Searching repository for plugin with prefix: 'eclipse'. > [INFO] org.apache.maven.plugins: checking for updates from central > [WARNING] repository metadata for: 'org.apache.maven.plugins' could not be > retrieved from repository: central due > to an error: Authorization failed: Not authorized by proxy. > [INFO] Repository 'central' will be blacklisted -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (MNG-4228) [regression] Authorization failed: Not authorized by proxy.
[ http://jira.codehaus.org/browse/MNG-4228?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=183542#action_183542 ] John Casey commented on MNG-4228: - @Jean-Marc Maybe you can provide us with some of this miracle code, then? We're always looking for good patches... Maven 2.1.0 did *not* use the httpclient-driven wagon; it uses the Sun implementation. Also, Artifactory may have different licensing requirements than Maven, which may allow them to use code derived from jCIFS that is known to support NTLMv2 according to some other threads I've read. A big part of the problem here is that I don't have access to an NTLMv2 proxy for testing, nor would I really know whether/how I could set one up on a VirtualBox/VMWare appliance for testing. This is the root problem when dealing with proxy issues, since there are a million flavors and they all seem to have different quirks. Are you sure you're behind an NTLM *v2* proxy, or is it just v1? We're just using httpclient, there are no tricks or hacks. We have a client instance initialized inside the HttpWagon (actually, AbstractHttpWagon, IIRC) and it's used in the same manner as I've ever seen httpclient used anywhere. There's nothing special about it, but we may not have exactly the same configuration code as you do. So, I could use a look at your working example, to compare notes. BTW, I'll start trying to release Maven 2.2.1 as soon as our issue count hits zero for this version. As time goes on, we may shift some issues out to 2.2.2 or 2.3, and we may discover some new regressions that need addressing before the release. But in any case, I'm working as hard as I can to get this release done ASAP. As always, users can help out immensely by providing sample code and failing test cases that can be used to create integration tests. > [regression] Authorization failed: Not authorized by proxy. > --- > > Key: MNG-4228 > URL: http://jira.codehaus.org/browse/MNG-4228 > Project: Maven 2 > Issue Type: Bug > Components: Artifacts and Repositories, Settings >Affects Versions: 2.2.0 > Environment: Windows XP, java version "1.6.0_04" >Reporter: Marco Noto >Assignee: John Casey >Priority: Blocker > Fix For: 2.2.1 > > Attachments: NTLMV21.RAR, TestNTLMAuth.java > > > I can not access any external repository using the version 2.2.0. If I go > back to 2.1.0 everything works properly. > For example: > mvn -U eclipse:eclipse > [INFO] Scanning for projects... > [INFO] Searching repository for plugin with prefix: 'eclipse'. > [INFO] org.apache.maven.plugins: checking for updates from central > [WARNING] repository metadata for: 'org.apache.maven.plugins' could not be > retrieved from repository: central due > to an error: Authorization failed: Not authorized by proxy. > [INFO] Repository 'central' will be blacklisted -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (MNG-4228) [regression] Authorization failed: Not authorized by proxy.
[ http://jira.codehaus.org/browse/MNG-4228?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=183511#action_183511 ] Jean-Marc Borer commented on MNG-4228: -- @Oleg I totally agree with you, but: 1) httpclient 3.x works for me out of the box with my proxy 2) maven 2.2.0 fails where maven 2.1.0 succeeds to access the web So I am wondering what is wrong anyway with the lib that wagon uses in maven 2.2.0 since httpclient 3.x works with my proxy? Something is "wronger" than just using another lib... > [regression] Authorization failed: Not authorized by proxy. > --- > > Key: MNG-4228 > URL: http://jira.codehaus.org/browse/MNG-4228 > Project: Maven 2 > Issue Type: Bug > Components: Artifacts and Repositories, Settings >Affects Versions: 2.2.0 > Environment: Windows XP, java version "1.6.0_04" >Reporter: Marco Noto >Assignee: John Casey >Priority: Blocker > Fix For: 2.2.1 > > Attachments: NTLMV21.RAR, TestNTLMAuth.java > > > I can not access any external repository using the version 2.2.0. If I go > back to 2.1.0 everything works properly. > For example: > mvn -U eclipse:eclipse > [INFO] Scanning for projects... > [INFO] Searching repository for plugin with prefix: 'eclipse'. > [INFO] org.apache.maven.plugins: checking for updates from central > [WARNING] repository metadata for: 'org.apache.maven.plugins' could not be > retrieved from repository: central due > to an error: Authorization failed: Not authorized by proxy. > [INFO] Repository 'central' will be blacklisted -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (MNG-4228) [regression] Authorization failed: Not authorized by proxy.
[ http://jira.codehaus.org/browse/MNG-4228?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=183499#action_183499 ] Oleg Kalnichevski commented on MNG-4228: @Jean-Marc There are several versions of the NTLM authentication scheme [1]. HttpClient 3.x _partially_ supports only what is known as NTLMv1. Depending on the version of the ISA proxy and its configuration this may or may not be sufficient. Oleg [1] http://en.wikipedia.org/wiki/NTLM > [regression] Authorization failed: Not authorized by proxy. > --- > > Key: MNG-4228 > URL: http://jira.codehaus.org/browse/MNG-4228 > Project: Maven 2 > Issue Type: Bug > Components: Artifacts and Repositories, Settings >Affects Versions: 2.2.0 > Environment: Windows XP, java version "1.6.0_04" >Reporter: Marco Noto >Assignee: John Casey >Priority: Blocker > Fix For: 2.2.1 > > Attachments: NTLMV21.RAR, TestNTLMAuth.java > > > I can not access any external repository using the version 2.2.0. If I go > back to 2.1.0 everything works properly. > For example: > mvn -U eclipse:eclipse > [INFO] Scanning for projects... > [INFO] Searching repository for plugin with prefix: 'eclipse'. > [INFO] org.apache.maven.plugins: checking for updates from central > [WARNING] repository metadata for: 'org.apache.maven.plugins' could not be > retrieved from repository: central due > to an error: Authorization failed: Not authorized by proxy. > [INFO] Repository 'central' will be blacklisted -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (MNG-4228) [regression] Authorization failed: Not authorized by proxy.
[ http://jira.codehaus.org/browse/MNG-4228?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=183497#action_183497 ] Jean-Marc Borer commented on MNG-4228: -- So if I understand well: lightweight wagon is based on Sun's Java implementation and http wagon is based on Apache's HttpClient lib, right? Anyway Artifactory (http://www.jfrog.org/products.php) uses plain vanilla httpclient lib version 3 and is able to access the internet through our NTLM corporate proxy. Why is then wagon no able to do that? I was able my self to build a small example with httpclient 3 that works fine... Great that at least the previous behavior of maven is restored. When is 2.2.1 planned to be released? > [regression] Authorization failed: Not authorized by proxy. > --- > > Key: MNG-4228 > URL: http://jira.codehaus.org/browse/MNG-4228 > Project: Maven 2 > Issue Type: Bug > Components: Artifacts and Repositories, Settings >Affects Versions: 2.2.0 > Environment: Windows XP, java version "1.6.0_04" >Reporter: Marco Noto >Assignee: John Casey >Priority: Blocker > Fix For: 2.2.1 > > Attachments: NTLMV21.RAR, TestNTLMAuth.java > > > I can not access any external repository using the version 2.2.0. If I go > back to 2.1.0 everything works properly. > For example: > mvn -U eclipse:eclipse > [INFO] Scanning for projects... > [INFO] Searching repository for plugin with prefix: 'eclipse'. > [INFO] org.apache.maven.plugins: checking for updates from central > [WARNING] repository metadata for: 'org.apache.maven.plugins' could not be > retrieved from repository: central due > to an error: Authorization failed: Not authorized by proxy. > [INFO] Repository 'central' will be blacklisted -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
