Maven Archetype
  1. Maven Archetype
  2. ARCHETYPE-220

Unable to access remote catalogs on HTTPS protocol, even with redirection

    Details

    • Type: Bug Bug
    • Status: Closed Closed
    • Priority: Minor Minor
    • Resolution: Fixed
    • Affects Version/s: 2.0-alpha-4
    • Fix Version/s: 2.1
    • Component/s: Generator
    • Labels:
      None
    • Environment:
      Any (Windows, Linux)
    • Patch Submitted:
      Yes
    • Number of attachments :
      2

      Description

      I use that test:

      1 - Create an "archetype-catalog.xml" and set it on your apache "htdocs" directory
      Executing "mvn archetype:generate -DarchetypeCatalog=http://localhost" works fine.

      2 - Configure your apache to use certificates and allow SSL (port 443) to access to same archetype catalog file
      Executing "mvn archetype:generate -DarchetypeCatalog=https://localhost" does not work. (it shows default catalog)
      It seems that stating with "https://" does not match with allowed parameter values (local, internal, file:, http

      3 - Anyway, try to redirect your working HTTP access to HTTPS (configure rewrite engine on Apache) as workaround to access you SSL catalog.
      Executing "mvn archetype:generate -DarchetypeCatalog=http://localhost" (same as step 1) IS NOT WORKING!!! (it shows empty catalog)

      There's no way to access an archetype-catalog.xml located on a SSL url ?

        Issue Links

          Activity

          Hide
          Stevo Slavic added a comment - - edited

          One can already with 2.0-alpha-4 use archetypes from secured (https) repositories, not by specifying archetypeCatalog URL parameter, but by specifying archetypeRepository URL parameter. It is undocumented at the moment, but after 2.0-alpha-4 code analysis, I found that archetype plugin, if archetypeRepository parameter is provided, internally creates ArchetypeRepository instance with URL equal to archetypeRepository parameter value, and with id equal to "%artifactId%-repo" where %artifactId% is the value of archetypeArtifactId parameter. To provide credentials one has to adjust either global or user settings.xml file, by adding server definition with id equal to this calculated artifact repository id, and with appropriate credentials.

          Problem is that if one was to use N different artifacts (with different artifactId) from same repository, one would have to define N server definitions in settings.xml which is not nice at all.

          To fix this problem, I've extended archetype plugin with additional archetypeRepositoryId parameter which can be passed together with archetypeRepository (URL) parameter. If archetypeRepositoryId is configured together with archetypeRepository then plugin will construct and use ArchetypeRepository with id equal to archetypeRepositoryId parameter value. If only archetypeRepository is configured, plugin will work as before (so change is backwards compatible), setting ArchetypeRepository id to "%artifactId%-repo".

          Attached is proposed patch ( org.apache.maven.archetype.maven-archetype-ARCHETYPE-220.patch ) with fix described above. No new unit nor integration tests are included - existing ones all pass.

          Documentation should be updated too with appropriate example.

          Show
          Stevo Slavic added a comment - - edited One can already with 2.0-alpha-4 use archetypes from secured (https) repositories, not by specifying archetypeCatalog URL parameter, but by specifying archetypeRepository URL parameter. It is undocumented at the moment, but after 2.0-alpha-4 code analysis, I found that archetype plugin, if archetypeRepository parameter is provided, internally creates ArchetypeRepository instance with URL equal to archetypeRepository parameter value, and with id equal to "%artifactId%-repo" where %artifactId% is the value of archetypeArtifactId parameter. To provide credentials one has to adjust either global or user settings.xml file, by adding server definition with id equal to this calculated artifact repository id, and with appropriate credentials. Problem is that if one was to use N different artifacts (with different artifactId) from same repository, one would have to define N server definitions in settings.xml which is not nice at all. To fix this problem, I've extended archetype plugin with additional archetypeRepositoryId parameter which can be passed together with archetypeRepository (URL) parameter. If archetypeRepositoryId is configured together with archetypeRepository then plugin will construct and use ArchetypeRepository with id equal to archetypeRepositoryId parameter value. If only archetypeRepository is configured, plugin will work as before (so change is backwards compatible), setting ArchetypeRepository id to "%artifactId%-repo". Attached is proposed patch ( org.apache.maven.archetype.maven-archetype- ARCHETYPE-220 .patch ) with fix described above. No new unit nor integration tests are included - existing ones all pass. Documentation should be updated too with appropriate example.
          Hide
          Christian Rigdon added a comment -

          Why not just allow https as an acceptable url for archetypeCatalog?

          Show
          Christian Rigdon added a comment - Why not just allow https as an acceptable url for archetypeCatalog?
          Hide
          Stevo Slavic added a comment - - edited

          Because one typically needs to provide credentials for such URL, and AFAIK standard way in Maven2 for providing (plugin) repository credentials is via server definition in settings.xml which would have id matching to (plugin) repository id.

          Show
          Stevo Slavic added a comment - - edited Because one typically needs to provide credentials for such URL, and AFAIK standard way in Maven2 for providing (plugin) repository credentials is via server definition in settings.xml which would have id matching to (plugin) repository id.
          Hide
          Torben Knerr added a comment -

          with the https.patch applied you can use the following workaround:

          ... -DarchetypeCatalog=https://user:pass@acme.com/repo/archetype-catalog.xml ...

          Show
          Torben Knerr added a comment - with the https.patch applied you can use the following workaround: ... -DarchetypeCatalog= https://user:pass@acme.com/repo/archetype-catalog.xml ...
          Hide
          Richard Seddon added a comment -

          Agreed that the need to properly handle authentication is necessary for https sometimes, but there are a lot of times when it isn't needed.

          Many public repositories nowadays which serve unauthenticated content over https, some examples:

          https://repository.jboss.org/nexus/content/groups/developer/archetype-catalog.xml
          https://maven.atlassian.com/content/groups/public/archetype-catalog.xml
          https://repository.sonatype.org/content/groups/forge/archetype-catalog.xml

          This is also an extremely common setup for repository managers in corporate environments.

          Show
          Richard Seddon added a comment - Agreed that the need to properly handle authentication is necessary for https sometimes, but there are a lot of times when it isn't needed. Many public repositories nowadays which serve unauthenticated content over https, some examples: https://repository.jboss.org/nexus/content/groups/developer/archetype-catalog.xml https://maven.atlassian.com/content/groups/public/archetype-catalog.xml https://repository.sonatype.org/content/groups/forge/archetype-catalog.xml This is also an extremely common setup for repository managers in corporate environments.
          Hide
          Olivier Lamy added a comment -

          fixed rev 1160999.
          Thanks !

          Show
          Olivier Lamy added a comment - fixed rev 1160999. Thanks !
          Hide
          Stevo Slavic added a comment -

          I don't see in changes that specifying repositoryId is supported. Should separate ticket be created for support for providing credentials and/or repositoryId?

          Show
          Stevo Slavic added a comment - I don't see in changes that specifying repositoryId is supported. Should separate ticket be created for support for providing credentials and/or repositoryId?
          Hide
          Stevo Slavic added a comment -

          Oh, there is one already, ARCHETYPE-204

          Show
          Stevo Slavic added a comment - Oh, there is one already, ARCHETYPE-204

            People

            • Assignee:
              Olivier Lamy
              Reporter:
              Josep F. Barranco
            • Votes:
              6 Vote for this issue
              Watchers:
              9 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: