Re: Question concerning settings-security.xml location
I think this is best discussed with the corresponding Archiva issue rather than on the Maven end. On 09/04/2009, at 12:33 AM, solo1970 wrote: I nede to investigate the run-around you proposed, but by doing that won't I disable "Delete Artifact" for ALL the users I would need to disable it only for one user, because we need the "Delete Artifact" functionality for a group of us who are SCMs. Sonia brettporter wrote: On 08/04/2009, at 4:57 AM, solo1970 wrote: Here is the use case: With Archiva 2.1, they've added a "Delete Artifact" possibility in the UI, as long as you are a "Repository Manager", you have access to it. In the past, we used the "guest" logon for everyone which was "Repository manager" for our snapshots and development repositories, hence no username/ password in the settings.xml file. Ande everyone can deploy. I'll answer that on the archiva list with the Q you asked there, and it is easily fixed. Now we don't want everyone to go to the UI and have the possibility to delete artifacts from those repositories, so we can't give "guest" the "Repository manager" role for those repositories. We've then created a "deployment" user which has those roles, but we need to encrypt the password so that not everyone can login to the UI, but can deploy from the command-line to those repositories. If you give everyone the master password, you're effectively giving away the passwords. It's a little hidden, but trivial for anyone to figure out that wants to. Cheers, Brett - To unsubscribe, e-mail: users-unsubscr...@maven.apache.org For additional commands, e-mail: users-h...@maven.apache.org -- View this message in context: http://www.nabble.com/Question-concerning-settings-security.xml-location-tp22932257p22951793.html Sent from the Maven - Users mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@maven.apache.org For additional commands, e-mail: users-h...@maven.apache.org - To unsubscribe, e-mail: users-unsubscr...@maven.apache.org For additional commands, e-mail: users-h...@maven.apache.org
Re: Question concerning settings-security.xml location
I need to investigate the work-around you proposed, but by doing that won't I disable "Delete Artifact" for ALL the users I would need to disable it only for one user, because we need the "Delete Artifact" functionality for a group of us who are SCMs. Sonia brettporter wrote: > > > On 08/04/2009, at 4:57 AM, solo1970 wrote: > >> >> Here is the use case: >> >> With Archiva 2.1, they've added a "Delete Artifact" possibility in >> the UI, >> as long as you are a "Repository Manager", you have access to it. >> In the >> past, we used the "guest" logon for everyone which was "Repository >> manager" >> for our snapshots and development repositories, hence no username/ >> password >> in the settings.xml file. Ande everyone can deploy. > > I'll answer that on the archiva list with the Q you asked there, and > it is easily fixed. > >> >> Now we don't want everyone to go to the UI and have the possibility to >> delete artifacts from those repositories, so we can't give "guest" the >> "Repository manager" role for those repositories. >> We've then created a "deployment" user which has those roles, but we >> need to >> encrypt the password so that not everyone can login to the UI, but can >> deploy from the command-line to those repositories. > > If you give everyone the master password, you're effectively giving > away the passwords. It's a little hidden, but trivial for anyone to > figure out that wants to. > > Cheers, > Brett > > > ----- > To unsubscribe, e-mail: users-unsubscr...@maven.apache.org > For additional commands, e-mail: users-h...@maven.apache.org > > > -- View this message in context: http://www.nabble.com/Question-concerning-settings-security.xml-location-tp22932257p22951793.html Sent from the Maven - Users mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@maven.apache.org For additional commands, e-mail: users-h...@maven.apache.org
Re: Question concerning settings-security.xml location
On 08/04/2009, at 4:57 AM, solo1970 wrote: Here is the use case: With Archiva 2.1, they've added a "Delete Artifact" possibility in the UI, as long as you are a "Repository Manager", you have access to it. In the past, we used the "guest" logon for everyone which was "Repository manager" for our snapshots and development repositories, hence no username/ password in the settings.xml file. Ande everyone can deploy. I'll answer that on the archiva list with the Q you asked there, and it is easily fixed. Now we don't want everyone to go to the UI and have the possibility to delete artifacts from those repositories, so we can't give "guest" the "Repository manager" role for those repositories. We've then created a "deployment" user which has those roles, but we need to encrypt the password so that not everyone can login to the UI, but can deploy from the command-line to those repositories. If you give everyone the master password, you're effectively giving away the passwords. It's a little hidden, but trivial for anyone to figure out that wants to. Cheers, Brett - To unsubscribe, e-mail: users-unsubscr...@maven.apache.org For additional commands, e-mail: users-h...@maven.apache.org
Re: Question concerning settings-security.xml location
Here is the use case: With Archiva 2.1, they've added a "Delete Artifact" possibility in the UI, as long as you are a "Repository Manager", you have access to it. In the past, we used the "guest" logon for everyone which was "Repository manager" for our snapshots and development repositories, hence no username/password in the settings.xml file. Ande everyone can deploy. Now we don't want everyone to go to the UI and have the possibility to delete artifacts from those repositories, so we can't give "guest" the "Repository manager" role for those repositories. We've then created a "deployment" user which has those roles, but we need to encrypt the password so that not everyone can login to the UI, but can deploy from the command-line to those repositories. Does it make sense? Sonia Wayne Fay wrote: > >> is there something similar for the settings-security.xml file? It's >> impossible to manage everyone having a settings-security.xml file in >> their >> home directory. > > If everyone is sharing all the settings etc, then why are you > concerned about encrypting passwords?? What's the use case? > > Wayne > > - > To unsubscribe, e-mail: users-unsubscr...@maven.apache.org > For additional commands, e-mail: users-h...@maven.apache.org > > > -- View this message in context: http://www.nabble.com/Question-concerning-settings-security.xml-location-tp22932257p22935376.html Sent from the Maven - Users mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@maven.apache.org For additional commands, e-mail: users-h...@maven.apache.org
RE: Question concerning settings-security.xml location
please elaborate how your Spring configuration causes OOM? veuillez élaborer comment votre configuration de ressort cause OOM ? arbeitn Sie bitte aus, wie Ihre Frühlingskonfiguration OOM verursacht ? Martin __ Verzicht und Vertraulichkeitanmerkung / Note de déni et de confidentialité Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen. Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le destinataire prévu, nous te demandons avec bonté que pour satisfaire informez l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est interdite. Ce message sert à l'information seulement et n'aura pas n'importe quel effet légalement obligatoire. Étant donné que les email peuvent facilement être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité pour le contenu fourni. > Subject: RE: Question concerning settings-security.xml location > Date: Tue, 7 Apr 2009 19:20:16 +0200 > From: florian.cavagn...@ingdirect.fr > To: users@maven.apache.org > > Ok thanks for your help, but I found the problem and it has nothing to do > with my configuration. It's a "bug" in the spring bean definition xml file > that causes an OutOfMemory error in initialization > > > Florian Cavagnini > IT / Gestion de Configuration > Immeuble Lumière > 40 avenue des Terroirs de France > 75012 Paris > T +33 1 57 22 55 83 > E florian.cavagn...@ingdirect.fr > > -Message d'origine- > De : Wayne Fay [mailto:wayne...@gmail.com] > Envoyé : mardi 7 avril 2009 18:36 > À : Maven Users List > Objet : Re: Question concerning settings-security.xml location > > > is there something similar for the settings-security.xml file? It's > > impossible to manage everyone having a settings-security.xml file in their > > home directory. > > If everyone is sharing all the settings etc, then why are you > concerned about encrypting passwords?? What's the use case? > > Wayne > > - > To unsubscribe, e-mail: users-unsubscr...@maven.apache.org > For additional commands, e-mail: users-h...@maven.apache.org > > - > ATTENTION: > The information in this electronic mail message is private and > confidential, and only intended for the addressee. Should you > receive this message by mistake, you are hereby notified that > any disclosure, reproduction, distribution or use of this > message is strictly prohibited. Please inform the sender by > reply transmission and delete the message without copying or > opening it. > > Messages and attachments are scanned for all viruses known. > If this message contains password-protected attachments, the > files have NOT been scanned for viruses by the ING mail domain. > Always scan attachments before opening them. > - > > > > - > To unsubscribe, e-mail: users-unsubscr...@maven.apache.org > For additional commands, e-mail: users-h...@maven.apache.org > _ Windows Live™: Keep your life in sync. http://windowslive.com/explore?ocid=TXT_TAGLM_WL_allup_1a_explore_042009
RE: Question concerning settings-security.xml location
Ok thanks for your help, but I found the problem and it has nothing to do with my configuration. It's a "bug" in the spring bean definition xml file that causes an OutOfMemory error in initialization Florian Cavagnini IT / Gestion de Configuration Immeuble Lumière 40 avenue des Terroirs de France 75012 Paris T +33 1 57 22 55 83 E florian.cavagn...@ingdirect.fr -Message d'origine- De : Wayne Fay [mailto:wayne...@gmail.com] Envoyé : mardi 7 avril 2009 18:36 À : Maven Users List Objet : Re: Question concerning settings-security.xml location > is there something similar for the settings-security.xml file? It's > impossible to manage everyone having a settings-security.xml file in their > home directory. If everyone is sharing all the settings etc, then why are you concerned about encrypting passwords?? What's the use case? Wayne - To unsubscribe, e-mail: users-unsubscr...@maven.apache.org For additional commands, e-mail: users-h...@maven.apache.org - ATTENTION: The information in this electronic mail message is private and confidential, and only intended for the addressee. Should you receive this message by mistake, you are hereby notified that any disclosure, reproduction, distribution or use of this message is strictly prohibited. Please inform the sender by reply transmission and delete the message without copying or opening it. Messages and attachments are scanned for all viruses known. If this message contains password-protected attachments, the files have NOT been scanned for viruses by the ING mail domain. Always scan attachments before opening them. - - To unsubscribe, e-mail: users-unsubscr...@maven.apache.org For additional commands, e-mail: users-h...@maven.apache.org
Re: Question concerning settings-security.xml location
> is there something similar for the settings-security.xml file? It's > impossible to manage everyone having a settings-security.xml file in their > home directory. If everyone is sharing all the settings etc, then why are you concerned about encrypting passwords?? What's the use case? Wayne - To unsubscribe, e-mail: users-unsubscr...@maven.apache.org For additional commands, e-mail: users-h...@maven.apache.org
Question concerning settings-security.xml location
Hello All, In Maven 2.1, there is a new feature to encrypt passwords found in the settings.xml file. They say that the master-password should be kept in settings-security.xml file which resides under ~/.m2/, we currently share the settings.xml file and so we set the -Dorg.apache.maven.global-settings, is there something similar for the settings-security.xml file? It's impossible to manage everyone having a settings-security.xml file in their home directory. I've searched but couldn't find anything Sonia -- View this message in context: http://www.nabble.com/Question-concerning-settings-security.xml-location-tp22932257p22932257.html Sent from the Maven - Users mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@maven.apache.org For additional commands, e-mail: users-h...@maven.apache.org