|Re: [p2-dev] Repository download addressing questions|
> (1) Is it reasonable to enforce that everything to download from
> repositories is adressed by URI ?
yes. While manipulating URIs, make sure to use URIUtils
> (2) What is the correct scope for remembering username/passwords?
There was discussion to add something along those lines in ECF. You may want to verify what is going on and if we would not be better of joining effort there. Otherwise what you propose makes sense and would solve 256281. Could there be case where two folders in the domain be constrained by a different pwd for each user in which case persisting the info at domain level would cause problems?
> The current implementation performs the following:
> IPath hostLocation = new Path(xmlLocation).removeLastSegments(1);
> It then uses the "hostLocation" as the key for storing username/
> password for later use.
> What is the intention here? This implementation would have different
> username/password settings per directory on the remote side.
> Potentially driving a user nuts if the repository is organized in
> multiple directories. When looking up a stored password is seems
> more reasonable to search towards the root - eventually getting the
> information for the true host. When password fails however, some
> support is needed from the UI to allow the user to enter username/
> password for a root address. Say that a download is performed from
> http://somwhere.com/a/b/c/d.jar and there is no username/password
> found in the secure store. When the user is prompted, the user could
> simply be given opportunity to shorten the address to http://somewhere.com
> to make it valid for all paths at that location.
> This is also affected by use of non URI. The construction of the
> hostLocation using Path will simply not produce good hostLocation
> keys for all URIs.
> Henrik Lindberg
> p2-dev mailing list