Description
Hi,
Regarding a requirement to publish an artifact (Hudson -> ivy (v.2.1.0)) only after a successful authentication against Archiva and LDAP I tried to realize it with the tag "credential" which is part of the ivysettings.xml. Unfortunately, it was quite hard to get this finally done. Different forum discussions did not provide enough help to solve my problems. After investigation and debugging of the ivy code I found the following issues/problems:
1. IvyAuthenticator was sometimes not the default:
We have a very complex build process which includes some sub-ant calls. This leads to the problem that the default Authenticator will be changed to the java default or at least not the IvyAuthenticator. To ensure that the right one will be used I changed the BasicURLHandler and set the default before establishing the connection and publishing or retrieving an artifact.
...
public void upload(...)
...
2. Unexpected realm information
By using the HttpClient the realm won't be considered. We have different repositories in our Archiva (and only one host). The implementation adds the credential twice (key=realm@host and key=host). The last one will win because the HttpClient does not get the realm information. I think a better approach in this situation is to authenticate without the realm (HttpClientHandler.java). The current implementation works only if you have one repository or the last defined credential is always the right one.
...
new AuthScope(c.getHost(), AuthScope.ANY_PORT, AuthScope.ANY_REALM) ...
...
3. The mystery of the realm
The documentation is not very clear about the realm. It is hard to find out what the right realm is. To get a better overview I extend the class CredentialsStore with additional logging information to get more light into the dark.
...
public Credentials getCredentials(...)
...
I build a new ivy.jar including all of my changes and now, it works. To avoid further costs in the future (by upgrading ivy) and supporting ivy I want to incorporate my changes into one of the next ivy releases. Is this possible or in general what do you think about the changes?
Best regards,
Sven Walter