Ivy
  1. Ivy
  2. IVY-1168

Authentication won't work in some situations

    Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Minor Minor
    • Resolution: Fixed
    • Affects Version/s: 2.1.0
    • Fix Version/s: 2.2.0-RC1
    • Component/s: Core
    • Labels:
      None

      Description

      Hi,
      Regarding a requirement to publish an artifact (Hudson -> ivy (v.2.1.0)) only after a successful authentication against Archiva and LDAP I tried to realize it with the tag "credential" which is part of the ivysettings.xml. Unfortunately, it was quite hard to get this finally done. Different forum discussions did not provide enough help to solve my problems. After investigation and debugging of the ivy code I found the following issues/problems:

      1. IvyAuthenticator was sometimes not the default:
      We have a very complex build process which includes some sub-ant calls. This leads to the problem that the default Authenticator will be changed to the java default or at least not the IvyAuthenticator. To ensure that the right one will be used I changed the BasicURLHandler and set the default before establishing the connection and publishing or retrieving an artifact.

      ...
      public void upload(...)

      { ... Authenticator.setDefault(IvyAuthenticator.INSTANCE); ... }

      ...

      2. Unexpected realm information
      By using the HttpClient the realm won't be considered. We have different repositories in our Archiva (and only one host). The implementation adds the credential twice (key=realm@host and key=host). The last one will win because the HttpClient does not get the realm information. I think a better approach in this situation is to authenticate without the realm (HttpClientHandler.java). The current implementation works only if you have one repository or the last defined credential is always the right one.

      ...
      new AuthScope(c.getHost(), AuthScope.ANY_PORT, AuthScope.ANY_REALM) ...
      ...

      3. The mystery of the realm
      The documentation is not very clear about the realm. It is hard to find out what the right realm is. To get a better overview I extend the class CredentialsStore with additional logging information to get more light into the dark.

      ...
      public Credentials getCredentials(...)

      { Message.debug("try to get credentials for: " + realm + "@" + host); ... }

      ...

      I build a new ivy.jar including all of my changes and now, it works. To avoid further costs in the future (by upgrading ivy) and supporting ivy I want to incorporate my changes into one of the next ivy releases. Is this possible or in general what do you think about the changes?

      Best regards,
      Sven Walter

      1. patch_from_trunk.patch
        3 kB
        Sven Walter
      2. changes.zip
        8 kB
        Sven Walter

        Activity

        Hide
        Sven Walter added a comment -

        Changed java classes

        Show
        Sven Walter added a comment - Changed java classes
        Hide
        Maarten Coene added a comment -

        Thanks for the report Sven,
        however, could you attach your changes as a patch file? This makes it easier to see what your chances are.

        Show
        Maarten Coene added a comment - Thanks for the report Sven, however, could you attach your changes as a patch file? This makes it easier to see what your chances are.
        Hide
        Sven Walter added a comment -

        Hi Maarten,

        Attached on the task you will find the desired patch file. I created the patch based on the trunk (https://svn.apache.org/repos/asf/ant/ivy/core/trunk)

        Best regards,
        Sven Walter

        Show
        Sven Walter added a comment - Hi Maarten, Attached on the task you will find the desired patch file. I created the patch based on the trunk ( https://svn.apache.org/repos/asf/ant/ivy/core/trunk ) Best regards, Sven Walter
        Hide
        Maarten Coene added a comment -

        I've applied some changes into SVN trunk based on your patch which I hope should fix your problems.
        Could you please give it a try to see if it's working in your situation and post your feedback here?

        thanks!
        Maarten

        Show
        Maarten Coene added a comment - I've applied some changes into SVN trunk based on your patch which I hope should fix your problems. Could you please give it a try to see if it's working in your situation and post your feedback here? thanks! Maarten
        Hide
        Sven Walter added a comment -

        Hi Maarten,

        yes, I can check it. There is one problem at the moment, every time when a try to checkout the trunk I got this error message: Error: negotiation failed: SSL error: unknown protocol (https://svn.apache.org) - Toroise and command line with svn.
        Can you help me?

        thanks!
        Sven Walter

        Show
        Sven Walter added a comment - Hi Maarten, yes, I can check it. There is one problem at the moment, every time when a try to checkout the trunk I got this error message: Error: negotiation failed: SSL error: unknown protocol ( https://svn.apache.org ) - Toroise and command line with svn. Can you help me? thanks! Sven Walter
        Hide
        Maarten Coene added a comment -

        Hmm, maybe there was a maintenance on the SVN servers? I can't check if it works for me from here.
        Maybe you could try again, or you can download a snapshot version created from the trunk code here: http://hudson.zones.apache.org/hudson/view/Ant/job/Ivy/

        Maarten

        Show
        Maarten Coene added a comment - Hmm, maybe there was a maintenance on the SVN servers? I can't check if it works for me from here. Maybe you could try again, or you can download a snapshot version created from the trunk code here: http://hudson.zones.apache.org/hudson/view/Ant/job/Ivy/ Maarten
        Hide
        Sven Walter added a comment -

        Hi Maarten,

        today, I checked the changes in our environment and it works. Thanks!

        Best regards,
        Sven

        Show
        Sven Walter added a comment - Hi Maarten, today, I checked the changes in our environment and it works. Thanks! Best regards, Sven

          People

          • Assignee:
            Maarten Coene
            Reporter:
            Sven Walter
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development