Uploaded image for project: 'Ivy'
  1. Ivy
  2. IVY-1168

Authentication won't work in some situations

Attach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Minor
    • Resolution: Fixed
    • 2.1.0
    • 2.2.0-RC1
    • Core
    • None

    Description

      Hi,
      Regarding a requirement to publish an artifact (Hudson -> ivy (v.2.1.0)) only after a successful authentication against Archiva and LDAP I tried to realize it with the tag "credential" which is part of the ivysettings.xml. Unfortunately, it was quite hard to get this finally done. Different forum discussions did not provide enough help to solve my problems. After investigation and debugging of the ivy code I found the following issues/problems:

      1. IvyAuthenticator was sometimes not the default:
      We have a very complex build process which includes some sub-ant calls. This leads to the problem that the default Authenticator will be changed to the java default or at least not the IvyAuthenticator. To ensure that the right one will be used I changed the BasicURLHandler and set the default before establishing the connection and publishing or retrieving an artifact.

      ...
      public void upload(...)

      { ... Authenticator.setDefault(IvyAuthenticator.INSTANCE); ... }

      ...

      2. Unexpected realm information
      By using the HttpClient the realm won't be considered. We have different repositories in our Archiva (and only one host). The implementation adds the credential twice (key=realm@host and key=host). The last one will win because the HttpClient does not get the realm information. I think a better approach in this situation is to authenticate without the realm (HttpClientHandler.java). The current implementation works only if you have one repository or the last defined credential is always the right one.

      ...
      new AuthScope(c.getHost(), AuthScope.ANY_PORT, AuthScope.ANY_REALM) ...
      ...

      3. The mystery of the realm
      The documentation is not very clear about the realm. It is hard to find out what the right realm is. To get a better overview I extend the class CredentialsStore with additional logging information to get more light into the dark.

      ...
      public Credentials getCredentials(...)

      { Message.debug("try to get credentials for: " + realm + "@" + host); ... }

      ...

      I build a new ivy.jar including all of my changes and now, it works. To avoid further costs in the future (by upgrading ivy) and supporting ivy I want to incorporate my changes into one of the next ivy releases. Is this possible or in general what do you think about the changes?

      Best regards,
      Sven Walter

      Attachments

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            maartenc Maarten Coene
            was1imb Sven Walter
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment