Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [m2e-users] Dependencies resolution through https reverse proxy

Hi Igor,

I tried first with AetherClientResourceFetcher because it was more simle to initialize.
Thanks for the tips, I will check AetherRepositoryConnector.

Yes the problem is always the same : from my home the https connection requires an authentication for pass the reverse-proxy security appliance (no proxy host configured) and access to intranet maven repository.

But from my job, when I configure the maven repository in https as from internet (for test Friday), I need a proxy configuration to go on internet before "re" come in company intranet => double authentication used ... the 'proxy' authentication first and the 'server' authentication secondly.

In this case, I have the 407 => proxy host used correctly (because OkHttpAetherClient throws exception when 407 and no proxy host configured), but user/password seems not to be used or bad.

I concede that it could be a complex network schema ... but the security is important ^^.

Best regards.

2015-02-15 23:32 GMT+01:00 Igor Fedorenko <igor@xxxxxxxxxxxxxx>:
The code snippet you provided authenticates with repository, which
corresponds to <server> settings.xml configuration. Are you sure your
problem is with proxy authentication, as you originally described?

AetherClientResourceFetcher is a helper class for downloading Nexus
indexes. Dependency resolver uses AetherRepositoryConnector, which
delegates lower-level http/https handling to OkHttpAetherClient.

--
Regards,
Igor

On 2015-02-15 17:04, Alix Lourme wrote:
Hi,

After checking /aether-connector-okhttp/, https authentication should
work : many ssl unit test with JettyServer and
/OkHttpAetherClient.execute/ [1] manages retry with authentication when
first response is 401/407.

This snippet code (used for getting index repository) works perfectly
(with a MavenPluginActivator.getUserAgent hack ... eclipse Platform not
initialized in a Main).
------
AuthenticationInfo authInfos = new AuthenticationInfo();
authInfos.setUserName("foo");
authInfos.setPassword("bar");
AetherClientResourceFetcher fetcher = new
AetherClientResourceFetcher(authInfos, null, null);
fetcher.connect(null, "https://repository.company.com/repository");
fetcher.retrieve("virtual/junit/junit/4.12/junit-4.12.jar", new
File("test.jar"));
------

=> The /AetherClientResourceFetcher/ is used similary in
/DefaultMetadataResolver/ ?

[1]
https://github.com/takari/aether-connector-okhttp/blob/0fdc67248972a15dbddc5367c1829664f2cbe28f/src/main/java/io/takari/aether/okhttp/OkHttpAetherClient.java

Best regards.

2015-02-13 18:03 GMT+01:00 Igor Fedorenko <igor@xxxxxxxxxxxxxx
<mailto:igor@xxxxxxxxxxxxxx>>:

    Looks like m2e does not properly handle 407 Proxy Authentication
    Required responses.

    m2e is not expected to show authentication popups, either valid
    credentials are provided in settings.xml or connection fails. Same as
    during command line build.

    Before you start debugging entire m2e sources, you may want to look at
    aether-connector-okhttp [1], which is http transport library m2e uses.
    This is where http protocol handling is implemented.

    [1] https://github.com/takari/__aether-connector-okhttp

    <https://github.com/takari/aether-connector-okhttp>

    --
    Regards,
    Igor

    On 2015-02-13 11:32, Alix Lourme wrote:

        Hi Igor,

        Thanks for the reply.

        /> [...] kind of proxy is this? [...] http/https proxies are
        expected to
        work./

        Humm ... I hope network team will not see my post so I quote :
        - Some two headers in 401 response is "WWW-Authenticate: BASIC
        realm="Unspecified"" and "Server: BigIP"
        - Detail : the main product of this company, same name as the key of
        keyboard used in a browser for reload the page ^^
        => Standard

        /> Can you confirm you get auth popup with recent m2e 1.6 build?/

        *No* :-(. No authentication popup with v1.6.0.20150203-1921.

        In my "home" use case : internet -> reverse-proxy -> maven
        repository
        (settings.xml contains only "server" configuration)
        In my today "job" use case for test : intranet -> proxy (iron
        port) ->
        [internet] -> reverse-proxy -> maven repository (settings.xml
        contains
        only "server" & "proxy" configuration)

        In this case I have the error message : "Failed to authenticate
        with proxy"
        The wireshark analysis shows :
        1) Https URL connect through proxy :
        ---
        CONNECT repository.company.com:443
        <http://repository.company.com:443>
        <http://repository.company.__com:443
        <http://repository.company.com:443>>
        HTTP/1.1
        Host: repository.company.com <http://repository.company.com>
        <http://repository.company.com__>
        Proxy-Connection: Keep-Alive
        User-Agent: m2e/3.10.1.v20140909-1633/1.6.__0.20150203-1921/1.7.0_71

        ---
        2) Proxy answer :
        ---
        HTTP/1.1 407 Proxy Authentication Required
        Proxy-Authenticate: Basic realm="[The name of] Security Appliance"
        ...
        ---
        ... and nothing else.

        => *m2e is supposed to open an authentication popup even if
        user/password is defined in settings.xml ?*

        If yes ... perhaps this is the root cause : There is no (logically)
        preemptive authentication (=> basic auth not in first call) ... but
        401/407 doesn't provide popup.

        /> [...] Can you confirm your configuration uses protocol https?/

        Yes, I check the bug link : active=true / protocol=https

        /> [...] need to run m2e through debugger [...]

        /
        Humm ... ok. I will try to load m2e source and write unit test in my
        real case./
        /
        /
        /
        Thanks./
        /
        Best regards./
        /

        2015-02-13 1:28 GMT+01:00 Igor Fedorenko <igor@xxxxxxxxxxxxxx
        <mailto:igor@xxxxxxxxxxxxxx>
        <mailto:igor@xxxxxxxxxxxxxx <mailto:igor@xxxxxxxxxxxxxx>>>:

             What kind of proxy is this? m2e does not support ntlm, but
        standard
             http/https proxies are expected to work.

             Can you confirm you get auth popup with recent m2e 1.6 build?

             m2e and command line maven appear to disagree how to handle
        https proxy
             configuration. More specifically, m2e expects proxy
        configuration
             protocol https, while command line maven accepts http. This
        is tracked
             as bug 459638 [1]. Can you confirm your configuration uses
        protocol
             https?

             Beyond that, you'll need to run m2e through debugger and
        see what
             happens. I usually just change m2e http transport library
        (okhttp) to
             print dump all traffic to console.

             [1]
        https://bugs.eclipse.org/bugs/____show_bug.cgi?id=459638
        <https://bugs.eclipse.org/bugs/__show_bug.cgi?id=459638>
             <https://bugs.eclipse.org/__bugs/show_bug.cgi?id=459638
        <https://bugs.eclipse.org/bugs/show_bug.cgi?id=459638>>

             --
             Regards,
             Igor

             On 2015-02-12 17:19, Alix Lourme wrote:

                 Hi,

                 I'm faced to a infrastructure/network problem ... and I
        can't
                 determine
                 if it's a feature not supported, a bug, or other
        (configuration ?).

                 _Environment_ :
                 - Eclipse Kepler SR2 & m2e 1.4.0 or Luna SR1 & m2e 1.6.0
                 - External Maven v3.2.3 configured as "Installation"
                 - A settings.xml configured as global/user "User
        Settings" (and used
                 with previous Maven)
                 - settings.xml defines a master https company repository
                 (repository &
                 pluginRepository)
                 - settings.xml defines "server" credendials with
        password encryption
                 (settings-security.xml usage)
                 - id of server/repository/____pluginRepository is the
        same in
                 settings.xml

                 _Use case_ :
                 - My company provides a Maven repository for internal
        developments
                 - This repository can be accessed from internet (https)
        for external
                 developments (at home ^^, no VPN configured, ...) via an
                 infrastructure
                 reverse proxy

                 _Problem_ :
                 - The dependencies resolution works in Maven command
        line, but not
                 through m2e plugin (only when dependency doesn't exist
        in local
                 repository, classpath configuration works perfectly
        when dependency
                 exists in local repository)
                 - Error is : Access denied to
        https://repository.my-company.____com/repository/virtual/com/__my-__company/my-artifact/1.0.__0-__SNAPSHOT/maven-metadata.__xml

        <https://repository.my-__company.com/repository/__virtual/com/my-company/my-__artifact/1.0.0-SNAPSHOT/maven-__metadata.xml

        <https://repository.my-company.com/repository/virtual/com/my-company/my-artifact/1.0.0-SNAPSHOT/maven-metadata.xml>>.
                 Error code 401, Unauthorized

                 It is minor, but with m2e, I have lost the practice to
        use maven
                 command
                 line ^^.

                 The error seems to be the same as the direct url access
        via a
                 browser.
                 This direct http call contains the (logically) response
        header
                 'WWW-Authenticate: "BASIC realm="Unspecified""', and
        authentication
                 popup appears.
                 (I can't simply catch m2e http call, wireshark analysis
        on https
                 is not
                 trivial).

                 => _Hypothesis_ :

                 - m2e doesn't use server credentials defined in
        settings.xml
                 - m2e doesn't know re-send the http call with
        credentials when
                 reverse
                 proxy answers 401

                 I note that in the m2e plugin configuration, the maven
        embedded
                 is used
                 for dependencies resolution ... but if settings.xml
        used, it
                 "should"
                 work ...

                 Plugin seems to configure server credentials

        (org.eclipse.m2e.core.____internal.repository.____RepositoryRegistry),
                 so some
                 java properties about native proxy configuration in
        addition to
                 settings.xml are not 'required' (i'm not facing to an
        outgoing
                 proxy).
                 So ... I'm a little lost :-)

                 This feature is supposed to be supported ? Or I'm wrong in
                 somewhere ?
                 Any idea are welcome.

                 Thank you in advance (and globally for your work, m2e
        is simply
                 magic
                 and wonderful).

                 Complete stack for information (with m2e 1.6.0) :
                 org.eclipse.aether.transfer.____MetadataTransferException:
                 [previous error]
                       at

        org.eclipse.aether.internal.____impl.____DefaultUpdateCheckManager.____newException(____DefaultUpdateCheckManager.____java:363)
                       at

        org.eclipse.aether.internal.____impl.____DefaultUpdateCheckManager.____checkMetadata(____DefaultUpdateCheckManager.____java:320)
                       at

        org.eclipse.aether.internal.____impl.DefaultMetadataResolver.____resolve(____DefaultMetadataResolver.java:____332)
                       at

        org.eclipse.aether.internal.____impl.DefaultMetadataResolver.____resolveMetadata(____DefaultMetadataResolver.java:____205)
                       at

        org.apache.maven.repository.____internal.____DefaultVersionResolver.____resolveVersion(____DefaultVersionResolver.java:____250)
                       at

        org.apache.maven.repository.____internal.____DefaultArtifactDescriptorReade____r.loadPom(____DefaultArtifactDescriptorReade____r.java:258)
                       at

        org.apache.maven.repository.____internal.____DefaultArtifactDescriptorReade____r.readArtifactDescriptor(____DefaultArtifactDescriptorReade____r.java:217)
                       at

        org.eclipse.aether.internal.____impl.____DefaultDependencyCollector.____resolveCachedArtifactDescripto____r(__DefaultDependencyCollector.____java:525)
                       at

        org.eclipse.aether.internal.____impl.____DefaultDependencyCollector.____getArtifactDescriptorResult(____DefaultDependencyCollector.____java:509)
                       at

        org.eclipse.aether.internal.____impl.____DefaultDependencyCollector.____processDependency(____DefaultDependencyCollector.____java:409)
                       at

        org.eclipse.aether.internal.____impl.____DefaultDependencyCollector.____processDependency(____DefaultDependencyCollector.____java:363)
                       at

        org.eclipse.aether.internal.____impl.____DefaultDependencyCollector.____process(____DefaultDependencyCollector.____java:351)
                       at

        org.eclipse.aether.internal.____impl.____DefaultDependencyCollector.____doRecurse(____DefaultDependencyCollector.____java:494)
                       at

        org.eclipse.aether.internal.____impl.____DefaultDependencyCollector.____processDependency(____DefaultDependencyCollector.____java:458)
                       at

        org.eclipse.aether.internal.____impl.____DefaultDependencyCollector.____processDependency(____DefaultDependencyCollector.____java:363)
                       at

        org.eclipse.aether.internal.____impl.____DefaultDependencyCollector.____process(____DefaultDependencyCollector.____java:351)
                       at

        org.eclipse.aether.internal.____impl.____DefaultDependencyCollector.____collectDependencies(____DefaultDependencyCollector.____java:254)
                       at

        org.eclipse.aether.internal.____impl.DefaultRepositorySystem.____collectDependencies(____DefaultRepositorySystem.java:____316)
                       at

        org.apache.maven.project.____DefaultProjectDependenciesReso____lver.resolve(____DefaultProjectDependenciesReso____lver.java:172)
                       at

        org.apache.maven.project.____DefaultProjectBuilder.____resolveDependencies(____DefaultProjectBuilder.java:____213)
                       at

        org.apache.maven.project.____DefaultProjectBuilder.build(____DefaultProjectBuilder.java:____186)
                       at

        org.apache.maven.project.____DefaultProjectBuilder.build(____DefaultProjectBuilder.java:____118)
                       at

        org.eclipse.m2e.core.internal.____embedder.MavenImpl.____readMavenProject(MavenImpl.____java:634)
                       at

        org.eclipse.m2e.core.internal.____project.registry.____DefaultMavenDependencyResolver____.resolveProjectDependencies(______DefaultMavenDependencyResolver____.java:63)
                       at

        org.eclipse.m2e.core.internal.____project.registry.____ProjectRegistryManager.____refreshPhase2(____ProjectRegistryManager.java:____529)
                       at

        org.eclipse.m2e.core.internal.____project.registry.____ProjectRegistryManager$3.call(____ProjectRegistryManager.java:____491)
                       at

        org.eclipse.m2e.core.internal.____project.registry.____ProjectRegistryManager$3.call(____ProjectRegistryManager.java:__1)
                       at

        org.eclipse.m2e.core.internal.____embedder.____MavenExecutionContext.____executeBare(____MavenExecutionContext.java:____176)
                       at

        org.eclipse.m2e.core.internal.____embedder.____MavenExecutionContext.execute(____MavenExecutionContext.java:____151)
                       at

        org.eclipse.m2e.core.internal.____project.registry.____ProjectRegistryManager.____refresh(____ProjectRegistryManager.java:____495)
                       at

        org.eclipse.m2e.core.internal.____project.registry.____ProjectRegistryManager.____refresh(____ProjectRegistryManager.java:____350)
                       at

        org.eclipse.m2e.core.internal.____project.registry.____ProjectRegistryManager.____refresh(____ProjectRegistryManager.java:____297)
                       at

        org.eclipse.m2e.core.internal.____project.____ProjectConfigurationManager.____configureNewMavenProjects(____ProjectConfigurationManager.____java:253)
                       at

        org.eclipse.m2e.core.internal.____project.____ProjectConfigurationManager$1.____call(____ProjectConfigurationManager.____java:169)
                       at

        org.eclipse.m2e.core.internal.____project.____ProjectConfigurationManager$1.____call(____ProjectConfigurationManager.____java:1)
                       at

        org.eclipse.m2e.core.internal.____embedder.____MavenExecutionContext.____executeBare(____MavenExecutionContext.java:____176)
                       at

        org.eclipse.m2e.core.internal.____embedder.____MavenExecutionContext.execute(____MavenExecutionContext.java:____151)
                       at

        org.eclipse.m2e.core.internal.____embedder.____MavenExecutionContext.execute(____MavenExecutionContext.java:__99)
                       at

        org.eclipse.m2e.core.internal.____embedder.MavenImpl.execute(____MavenImpl.java:1353)
                       at

        org.eclipse.m2e.core.internal.____project.____ProjectConfigurationManager.____importProjects(____ProjectConfigurationManager.____java:137)
                       at

        org.eclipse.m2e.core.ui.____internal.wizards.____ImportMavenProjectsJob$1.____doCreateMavenProjects(____ImportMavenProjectsJob.java:____73)
                       at

        org.eclipse.m2e.core.ui.____internal.wizards.____AbstractCreateMavenProjectsOpe____ration.run(____AbstractCreateMavenProjectsOpe____ration.java:62)
                       at

        org.eclipse.m2e.core.ui.____internal.wizards.____ImportMavenProjectsJob.____runInWorkspace(____ImportMavenProjectsJob.java:____82)
                       at

        org.eclipse.core.internal.____resources.____InternalWorkspaceJob.run(____InternalWorkspaceJob.java:38)
                       at

        org.eclipse.core.internal.____jobs.Worker.run(Worker.java:____54)

                 --
                 Alix Lourme


                 ___________________________________________________
                 m2e-users mailing list
        m2e-users@xxxxxxxxxxx <mailto:m2e-users@xxxxxxxxxxx>
        <mailto:m2e-users@xxxxxxxxxxx <mailto:m2e-users@xxxxxxxxxxx>>
                 To change your delivery options, retrieve your password, or
                 unsubscribe from this list, visit
        https://dev.eclipse.org/____mailman/listinfo/m2e-users
        <https://dev.eclipse.org/__mailman/listinfo/m2e-users>
                 <https://dev.eclipse.org/__mailman/listinfo/m2e-users
        <https://dev.eclipse.org/mailman/listinfo/m2e-users>>

             ___________________________________________________
             m2e-users mailing list
        m2e-users@xxxxxxxxxxx <mailto:m2e-users@xxxxxxxxxxx>
        <mailto:m2e-users@xxxxxxxxxxx <mailto:m2e-users@xxxxxxxxxxx>>
             To change your delivery options, retrieve your password, or
             unsubscribe from this list, visit
        https://dev.eclipse.org/____mailman/listinfo/m2e-users
        <https://dev.eclipse.org/__mailman/listinfo/m2e-users>

             <https://dev.eclipse.org/__mailman/listinfo/m2e-users
        <https://dev.eclipse.org/mailman/listinfo/m2e-users>>




        --
        Alix Lourme


        _________________________________________________
        m2e-users mailing list
        m2e-users@xxxxxxxxxxx <mailto:m2e-users@xxxxxxxxxxx>
        To change your delivery options, retrieve your password, or
        unsubscribe from this list, visit
        https://dev.eclipse.org/__mailman/listinfo/m2e-users
        <https://dev.eclipse.org/mailman/listinfo/m2e-users>

    _________________________________________________
    m2e-users mailing list
    m2e-users@xxxxxxxxxxx <mailto:m2e-users@xxxxxxxxxxx>
    To change your delivery options, retrieve your password, or
    unsubscribe from this list, visit
    https://dev.eclipse.org/__mailman/listinfo/m2e-users
    <https://dev.eclipse.org/mailman/listinfo/m2e-users>




--
Alix Lourme


_______________________________________________
m2e-users mailing list
m2e-users@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/m2e-users

_______________________________________________
m2e-users mailing list
m2e-users@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/m2e-users



--
Alix Lourme

Back to the top