Re: Custom auth plugin/extension - how to?

2024-06-05 Thread Tamás Cservenák 
Asf wiki is not the best place for brainstorming, as is usable only for
people w asf accounts (i guess).

What if we create a repo like "maven-rfc", where anyone can raise PRs (new
functionality, change requests or just ideas), these would be like
"proposals", that we discuss and modify specs w PRs, and once proposal
considered "complete", it can be moved to "to be implemented" state (those
could be plain directories), maybe even version those things?

And then implementation can happen based on documented
requirements/functionality?

T

On Wed, Jun 5, 2024, 20:27 Tamás Cservenák  wrote:

> Howdy,
>
> Bernd, I would be very interested to collect some ideas to solve exactly
> this problem...
> When I revamped maven-gpg-plugin re "worst practices", I started tinkering
> about this...
>
> Created page just to gather ideas...
>
> https://cwiki.apache.org/confluence/display/MAVEN/Handling+sensitive+data+in+Maven
>
> Unsure is this editable for you... we may want some other place for
> brainstorming?
>
> Thanks
> T
>
> On Wed, Jun 5, 2024 at 7:24 PM Bernd Eckenfels 
> wrote:
>
>> BTW Speaking of “custom”, I would be very interested in
>> a token based authentication, at least for read access to
>> our repository server and mirror, we currently ship a static
>> read-only login, and also we don’t want to allow putting
>> their write (LDAP Login) credentials into files.
>>
>> If the maven ecosystem would have a OS/Token method
>> like requestin a JWT token from a distribution point which
>> uses native Kerberos SSPI or user certificates that would
>> greatly improve this,
>>
>> What’s your plan for that auth, can you upstream it?
>>
>> Gruß
>> Bernd
>>
>> David Grieve wrote on 4. June 2024 20:33 (GMT +02:00):
>>
>> > Thank you for the hint, Tamás.
>> >
>> > The problem I’m trying to solve is that I want a custom Authentication
>> > for a particular server. I do not want to re-implement HttpTransporter.
>> > Here are the important bits of what I’ve come up with.
>> > --
>> > public class MyTransporterFactory implements TransporterFactory {
>> >
>> > // copied from
>> > org.eclipse.aether.transport.http.HttpTransporterFactory
>> > private static Map
>> > getManuallyCreatedExtractors() {
>> > HashMap map = new HashMap<>();
>> > map.put(Nexus2ChecksumExtractor.NAME, new
>> > Nexus2ChecksumExtractor());
>> > map.put(XChecksumChecksumExtractor.NAME, new
>> > XChecksumChecksumExtractor());
>> > return Collections.unmodifiableMap(map);
>> > }
>> >
>> > // I’m not happy with this...
>> > private final HttpTransporterFactory httpTransporterFactory = new
>> > HttpTransporterFactory(getManuallyCreatedExtractors());
>> >
>> > @Override
>> > public Transporter newInstance(RepositorySystemSession session,
>> > RemoteRepository repository)  throws NoTransporterException {
>> >
>> > if (requiresSpecialAuth(repository)) {
>> > repository = new RemoteRepository.Builder(repository)
>> > .setAuthentication(new MyAuthentication(repository))
>> > .build();
>> > }
>> > return httpTransporterFactory.newInstance(session, repository);
>> > }
>> > --
>> >
>> > Then “MyAuthentication” does the right thing for the fill method.
>> >
>> > This approach is working for me, but I’d be interested to know if there
>> > is a better way. I do not want to re-implement HttpTransport!
>> >
>> >
>> > On 2024/06/03 20:25:48 Tamás Cservenák wrote:
>> >> Howdy,
>> >>
>> >> What are you trying to do? You may go better if you implement custom
>> >> (resolver) transport maybe?
>> —
>> https://bernd.eckenfels.net
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@maven.apache.org
>> For additional commands, e-mail: users-h...@maven.apache.org
>>
>>

Re: Custom auth plugin/extension - how to?

2024-06-05 Thread Tamás Cservenák 
Howdy,

Bernd, I would be very interested to collect some ideas to solve exactly
this problem...
When I revamped maven-gpg-plugin re "worst practices", I started tinkering
about this...

Created page just to gather ideas...
https://cwiki.apache.org/confluence/display/MAVEN/Handling+sensitive+data+in+Maven

Unsure is this editable for you... we may want some other place for
brainstorming?

Thanks
T

On Wed, Jun 5, 2024 at 7:24 PM Bernd Eckenfels 
wrote:

> BTW Speaking of “custom”, I would be very interested in
> a token based authentication, at least for read access to
> our repository server and mirror, we currently ship a static
> read-only login, and also we don’t want to allow putting
> their write (LDAP Login) credentials into files.
>
> If the maven ecosystem would have a OS/Token method
> like requestin a JWT token from a distribution point which
> uses native Kerberos SSPI or user certificates that would
> greatly improve this,
>
> What’s your plan for that auth, can you upstream it?
>
> Gruß
> Bernd
>
> David Grieve wrote on 4. June 2024 20:33 (GMT +02:00):
>
> > Thank you for the hint, Tamás.
> >
> > The problem I’m trying to solve is that I want a custom Authentication
> > for a particular server. I do not want to re-implement HttpTransporter.
> > Here are the important bits of what I’ve come up with.
> > --
> > public class MyTransporterFactory implements TransporterFactory {
> >
> > // copied from
> > org.eclipse.aether.transport.http.HttpTransporterFactory
> > private static Map
> > getManuallyCreatedExtractors() {
> > HashMap map = new HashMap<>();
> > map.put(Nexus2ChecksumExtractor.NAME, new
> > Nexus2ChecksumExtractor());
> > map.put(XChecksumChecksumExtractor.NAME, new
> > XChecksumChecksumExtractor());
> > return Collections.unmodifiableMap(map);
> > }
> >
> > // I’m not happy with this...
> > private final HttpTransporterFactory httpTransporterFactory = new
> > HttpTransporterFactory(getManuallyCreatedExtractors());
> >
> > @Override
> > public Transporter newInstance(RepositorySystemSession session,
> > RemoteRepository repository)  throws NoTransporterException {
> >
> > if (requiresSpecialAuth(repository)) {
> > repository = new RemoteRepository.Builder(repository)
> > .setAuthentication(new MyAuthentication(repository))
> > .build();
> > }
> > return httpTransporterFactory.newInstance(session, repository);
> > }
> > --
> >
> > Then “MyAuthentication” does the right thing for the fill method.
> >
> > This approach is working for me, but I’d be interested to know if there
> > is a better way. I do not want to re-implement HttpTransport!
> >
> >
> > On 2024/06/03 20:25:48 Tamás Cservenák wrote:
> >> Howdy,
> >>
> >> What are you trying to do? You may go better if you implement custom
> >> (resolver) transport maybe?
> —
> https://bernd.eckenfels.net
>
> -
> To unsubscribe, e-mail: users-unsubscr...@maven.apache.org
> For additional commands, e-mail: users-h...@maven.apache.org
>
>

Re: Custom auth plugin/extension - how to?

2024-06-05 Thread Bernd Eckenfels 
BTW Speaking of “custom”, I would be very interested in
a token based authentication, at least for read access to
our repository server and mirror, we currently ship a static
read-only login, and also we don’t want to allow putting
their write (LDAP Login) credentials into files.

If the maven ecosystem would have a OS/Token method
like requestin a JWT token from a distribution point which
uses native Kerberos SSPI or user certificates that would
greatly improve this,

What’s your plan for that auth, can you upstream it?

Gruß
Bernd

David Grieve wrote on 4. June 2024 20:33 (GMT +02:00):

> Thank you for the hint, Tamás.
> 
> The problem I’m trying to solve is that I want a custom Authentication
> for a particular server. I do not want to re-implement HttpTransporter.
> Here are the important bits of what I’ve come up with.
> --
> public class MyTransporterFactory implements TransporterFactory {
> 
> // copied from
> org.eclipse.aether.transport.http.HttpTransporterFactory
> private static Map
> getManuallyCreatedExtractors() {
> HashMap map = new HashMap<>();
> map.put(Nexus2ChecksumExtractor.NAME, new
> Nexus2ChecksumExtractor());
> map.put(XChecksumChecksumExtractor.NAME, new
> XChecksumChecksumExtractor());
> return Collections.unmodifiableMap(map);
> }
> 
> // I’m not happy with this...
> private final HttpTransporterFactory httpTransporterFactory = new
> HttpTransporterFactory(getManuallyCreatedExtractors());
> 
> @Override
> public Transporter newInstance(RepositorySystemSession session,
> RemoteRepository repository)  throws NoTransporterException {
> 
> if (requiresSpecialAuth(repository)) {
> repository = new RemoteRepository.Builder(repository)
> .setAuthentication(new MyAuthentication(repository))
> .build();
> }
> return httpTransporterFactory.newInstance(session, repository);
> }
> --
> 
> Then “MyAuthentication” does the right thing for the fill method.
> 
> This approach is working for me, but I’d be interested to know if there
> is a better way. I do not want to re-implement HttpTransport!
> 
> 
> On 2024/06/03 20:25:48 Tamás Cservenák wrote:
>> Howdy,
>>
>> What are you trying to do? You may go better if you implement custom
>> (resolver) transport maybe?
— 
https://bernd.eckenfels.net

-
To unsubscribe, e-mail: users-unsubscr...@maven.apache.org
For additional commands, e-mail: users-h...@maven.apache.org

[ANN] Release Maven Help Plugin 3.4.1 released

2024-06-05 Thread Michael Osipov 
The Apache Maven team is pleased to announce the release of the Maven 
Help Plugin version 3.4.1.


https://maven.apache.org/plugins/maven-help-plugin/

You should specify the version in your project's plugin configuration:


  org.apache.maven.plugins
  maven-help-plugin
  3.4.1



Release Notes - Maven Help Plugin - Version 3.4.1

** Test
* [MPH-207] - Exercise output of an expression returning a null object.

** Dependency upgrade
* [MPH-211] - Upgrade maven-plugin parent to 41
* [MPH-213] - Upgrade org.codehaus.plexus:plexus-interactivity-api 
from 1.3

* [MPH-214] - Upgrade to Parent 42


Enjoy,

-The Apache Maven team

-
To unsubscribe, e-mail: users-unsubscr...@maven.apache.org
For additional commands, e-mail: users-h...@maven.apache.org

[ANN] Maven Checkstyle Plugin 3.4.0 released

2024-06-05 Thread Michael Osipov 
The Apache Maven team is pleased to announce the release of the Maven 
Checkstyle Plugin, version 3.4.0.


https://maven.apache.org/plugins/maven-checkstyle-plugin/

You should specify the version in your project's plugin configuration:


  org.apache.maven.plugins
  >maven-checkstyle-plugin
  3.4.0



Release Notes - Maven Checkstyle Plugin - Version 3.4.0

** Bug
* [MCHECKSTYLE-450] - Checkstyle rule link format results in 404

** New Feature
* [MCHECKSTYLE-449] - Add support for SARIF output format

** Dependency upgrade
* [MCHECKSTYLE-443] - Upgrade to Parent 41
* [MCHECKSTYLE-447] - Upgrade org.codehaus.plexus:plexus-resources 
to 1.3.0

* [MCHECKSTYLE-448] - Upgrade to Parent 42 and Maven 3.6.3


Enjoy,

-The Apache Maven team

-
To unsubscribe, e-mail: users-unsubscr...@maven.apache.org
For additional commands, e-mail: users-h...@maven.apache.org

Re: [EXTERNAL] Re: Re: Custom auth plugin/extension - how to?

2024-06-05 Thread David Grieve 
Thanks again, Tamás. It is comforting to know that my implementation was not 
far off.

From: Tamás Cservenák 
Date: Wednesday, June 5, 2024 at 3:38 AM
To: Maven Users List 
Subject: [EXTERNAL] Re: Re: Custom auth plugin/extension - how to?

[You don't often get email from ta...@cservenak.net. Learn why this is 
important at https://aka.ms/LearnAboutSenderIdentification ]

Howdy,

I'd do it as this:
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgist.github.com%2Fcstamas%2F5c787875fc3196dbd200e3bd24692c98&data=05%7C02%7CDavid.Grieve%40microsoft.com%7Cc5e5dc98de28474fb72808dc85328934%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638531699300812986%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=GYJefX6wgOXA0SDH%2BuNpHqlYYq9hp26r6bfGRttFrf4%3D&reserved=0

Facts:
- make priority higher than than of HTTP - this makes sure your transport
will be always asked before Http one
- just delegate/reuse http transport, no need to reimplement anything (make
it also a JSR330 component!)
- in newInstance there is a check (copied from http transport) to ensure
httpTransport will not throw, then do your thing, and call into
httpTransport

HTH
T

On Tue, Jun 4, 2024 at 8:34 PM David Grieve
 wrote:

> Thank you for the hint, Tamás.
>
> The problem I’m trying to solve is that I want a custom Authentication for
> a particular server. I do not want to re-implement HttpTransporter. Here
> are the important bits of what I’ve come up with.
> --
> public class MyTransporterFactory implements TransporterFactory {
>
> // copied from org.eclipse.aether.transport.http.HttpTransporterFactory
> private static Map
> getManuallyCreatedExtractors() {
> HashMap map = new HashMap<>();
> map.put(Nexus2ChecksumExtractor.NAME, new
> Nexus2ChecksumExtractor());
> map.put(XChecksumChecksumExtractor.NAME, new
> XChecksumChecksumExtractor());
> return Collections.unmodifiableMap(map);
> }
>
> // I’m not happy with this...
> private final HttpTransporterFactory httpTransporterFactory = new
> HttpTransporterFactory(getManuallyCreatedExtractors());
>
> @Override
> public Transporter newInstance(RepositorySystemSession session,
> RemoteRepository repository)  throws NoTransporterException {
>
> if (requiresSpecialAuth(repository)) {
> repository = new RemoteRepository.Builder(repository)
> .setAuthentication(new MyAuthentication(repository))
> .build();
> }
> return httpTransporterFactory.newInstance(session, repository);
> }
> --
>
> Then “MyAuthentication” does the right thing for the fill method.
>
> This approach is working for me, but I’d be interested to know if there is
> a better way. I do not want to re-implement HttpTransport!
>
>
> On 2024/06/03 20:25:48 Tamás Cservenák wrote:
> > Howdy,
> >
> > What are you trying to do? You may go better if you implement custom
> > (resolver) transport maybe?
> >
> > Thanks
> > T
> >
> > On Mon, Jun 3, 2024, 22:22 David Grieve  lid>
> > wrote:
> >
> > > My questions are: Is this doable and, if so, how would one go about it?
> > >
> > > I’m trying to cobble together a plugin/extension that will either get
> an
> > > auth token for resolving an artifact before the artifact is resolved,
> or
> > > will get an auth token if the resolution returns a 401.
> > > The plugin route happens too late in the execution, but I’ve found that
> > > with an AbstractMavenLifecycleParticipant at least afterProjectsRead
> gets
> > > called before artifact resolution. However, I can’t seem to affect the
> > > server password in a way that allows artifact resolution to  succeed.
> > > I’ve also tried overriding some default implementations, but I don’t
> see
> > > the extension getting invoked (I see that Maven is aware of the
> extension,
> > > but it doesn’t get used AFAICT).
> > >
> >
>
>

Re: Transfer failed in an IPv6-only (+NAT64) environment

2024-06-05 Thread Tamás Cservenák 
Howdy,

Thanks for sharing!

PS: We are not authoring the JDK bug, but good to have this in list.

T

On Wed, Jun 5, 2024 at 8:49 AM Willy Manga  wrote:

> .
> On 31/05/2024 17:46, Willy Manga wrote:
> > Hi,
> >
> > On 31/05/2024 17:11, Tamás Cservenák wrote:
> >> And one more hint:
> >>
> >> See https://bugs.openjdk.org/browse/JDK-8311547
> >> and read about java.net.preferIPv6Addresses Java system property...
> >>
> >> Also, try to invoke Maven as:
> >> MAVEN_OPTS="-Djava.net.preferIPv6Addresses=true" mvn package -X
>
> java.net.preferIPv6Addresses=system
>
> is even better. You let the OS handle that part.
>
>
>
> --
> Willy Manga
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@maven.apache.org
> For additional commands, e-mail: users-h...@maven.apache.org
>
>

Re: Re: Custom auth plugin/extension - how to?

2024-06-05 Thread Tamás Cservenák 
Howdy,

I'd do it as this:
https://gist.github.com/cstamas/5c787875fc3196dbd200e3bd24692c98

Facts:
- make priority higher than than of HTTP - this makes sure your transport
will be always asked before Http one
- just delegate/reuse http transport, no need to reimplement anything (make
it also a JSR330 component!)
- in newInstance there is a check (copied from http transport) to ensure
httpTransport will not throw, then do your thing, and call into
httpTransport

HTH
T

On Tue, Jun 4, 2024 at 8:34 PM David Grieve
 wrote:

> Thank you for the hint, Tamás.
>
> The problem I’m trying to solve is that I want a custom Authentication for
> a particular server. I do not want to re-implement HttpTransporter. Here
> are the important bits of what I’ve come up with.
> --
> public class MyTransporterFactory implements TransporterFactory {
>
> // copied from org.eclipse.aether.transport.http.HttpTransporterFactory
> private static Map
> getManuallyCreatedExtractors() {
> HashMap map = new HashMap<>();
> map.put(Nexus2ChecksumExtractor.NAME, new
> Nexus2ChecksumExtractor());
> map.put(XChecksumChecksumExtractor.NAME, new
> XChecksumChecksumExtractor());
> return Collections.unmodifiableMap(map);
> }
>
> // I’m not happy with this...
> private final HttpTransporterFactory httpTransporterFactory = new
> HttpTransporterFactory(getManuallyCreatedExtractors());
>
> @Override
> public Transporter newInstance(RepositorySystemSession session,
> RemoteRepository repository)  throws NoTransporterException {
>
> if (requiresSpecialAuth(repository)) {
> repository = new RemoteRepository.Builder(repository)
> .setAuthentication(new MyAuthentication(repository))
> .build();
> }
> return httpTransporterFactory.newInstance(session, repository);
> }
> --
>
> Then “MyAuthentication” does the right thing for the fill method.
>
> This approach is working for me, but I’d be interested to know if there is
> a better way. I do not want to re-implement HttpTransport!
>
>
> On 2024/06/03 20:25:48 Tamás Cservenák wrote:
> > Howdy,
> >
> > What are you trying to do? You may go better if you implement custom
> > (resolver) transport maybe?
> >
> > Thanks
> > T
> >
> > On Mon, Jun 3, 2024, 22:22 David Grieve  lid>
> > wrote:
> >
> > > My questions are: Is this doable and, if so, how would one go about it?
> > >
> > > I’m trying to cobble together a plugin/extension that will either get
> an
> > > auth token for resolving an artifact before the artifact is resolved,
> or
> > > will get an auth token if the resolution returns a 401.
> > > The plugin route happens too late in the execution, but I’ve found that
> > > with an AbstractMavenLifecycleParticipant at least afterProjectsRead
> gets
> > > called before artifact resolution. However, I can’t seem to affect the
> > > server password in a way that allows artifact resolution to  succeed.
> > > I’ve also tried overriding some default implementations, but I don’t
> see
> > > the extension getting invoked (I see that Maven is aware of the
> extension,
> > > but it doesn’t get used AFAICT).
> > >
> >
>
>