Maven Archetype

Unable to access remote catalogs on HTTPS protocol, even with redirection

Details

  • Type: Bug Bug
  • Status: Closed Closed
  • Priority: Minor Minor
  • Resolution: Fixed
  • Affects Version/s: 2.0-alpha-4
  • Fix Version/s: 2.1
  • Component/s: Generator
  • Labels:
    None
  • Environment:
    Any (Windows, Linux)
  • Patch Submitted:
    Yes
  • Number of attachments :
    2

Description

I use that test:

1 - Create an "archetype-catalog.xml" and set it on your apache "htdocs" directory
Executing "mvn archetype:generate -DarchetypeCatalog=http://localhost" works fine.

2 - Configure your apache to use certificates and allow SSL (port 443) to access to same archetype catalog file
Executing "mvn archetype:generate -DarchetypeCatalog=https://localhost" does not work. (it shows default catalog)
It seems that stating with "https://" does not match with allowed parameter values (local, internal, file:, http

3 - Anyway, try to redirect your working HTTP access to HTTPS (configure rewrite engine on Apache) as workaround to access you SSL catalog.
Executing "mvn archetype:generate -DarchetypeCatalog=http://localhost" (same as step 1) IS NOT WORKING!!! (it shows empty catalog)

There's no way to access an archetype-catalog.xml located on a SSL url ?

Issue Links

is related to

Improvement - An improvement or enhancement to an existing feature or task. ARCHETYPE-204 Add option to use remote repositories that are password protected

  • Minor - Minor loss of function, or other problem where easy workaround is present.
  • Open - The issue is open and ready for the assignee to start work on it.
relates to

Improvement - An improvement or enhancement to an existing feature or task. ARCHETYPE-206 Document how to generate a project from archetype with authenticated repository

  • Major - Major loss of function.
  • Closed - The issue is considered finished, the resolution is correct. Issues which are not closed can be reopened.

Activity

Ascending order - Click to sort in descending order
Hide
Permalink
Stevo Slavic added a comment - - edited

One can already with 2.0-alpha-4 use archetypes from secured (https) repositories, not by specifying archetypeCatalog URL parameter, but by specifying archetypeRepository URL parameter. It is undocumented at the moment, but after 2.0-alpha-4 code analysis, I found that archetype plugin, if archetypeRepository parameter is provided, internally creates ArchetypeRepository instance with URL equal to archetypeRepository parameter value, and with id equal to "%artifactId%-repo" where %artifactId% is the value of archetypeArtifactId parameter. To provide credentials one has to adjust either global or user settings.xml file, by adding server definition with id equal to this calculated artifact repository id, and with appropriate credentials.

Problem is that if one was to use N different artifacts (with different artifactId) from same repository, one would have to define N server definitions in settings.xml which is not nice at all.

To fix this problem, I've extended archetype plugin with additional archetypeRepositoryId parameter which can be passed together with archetypeRepository (URL) parameter. If archetypeRepositoryId is configured together with archetypeRepository then plugin will construct and use ArchetypeRepository with id equal to archetypeRepositoryId parameter value. If only archetypeRepository is configured, plugin will work as before (so change is backwards compatible), setting ArchetypeRepository id to "%artifactId%-repo".

Attached is proposed patch ( org.apache.maven.archetype.maven-archetype-ARCHETYPE-220.patch ) with fix described above. No new unit nor integration tests are included - existing ones all pass.

Documentation should be updated too with appropriate example.

Show
Stevo Slavic added a comment - - edited One can already with 2.0-alpha-4 use archetypes from secured (https) repositories, not by specifying archetypeCatalog URL parameter, but by specifying archetypeRepository URL parameter. It is undocumented at the moment, but after 2.0-alpha-4 code analysis, I found that archetype plugin, if archetypeRepository parameter is provided, internally creates ArchetypeRepository instance with URL equal to archetypeRepository parameter value, and with id equal to "%artifactId%-repo" where %artifactId% is the value of archetypeArtifactId parameter. To provide credentials one has to adjust either global or user settings.xml file, by adding server definition with id equal to this calculated artifact repository id, and with appropriate credentials. Problem is that if one was to use N different artifacts (with different artifactId) from same repository, one would have to define N server definitions in settings.xml which is not nice at all. To fix this problem, I've extended archetype plugin with additional archetypeRepositoryId parameter which can be passed together with archetypeRepository (URL) parameter. If archetypeRepositoryId is configured together with archetypeRepository then plugin will construct and use ArchetypeRepository with id equal to archetypeRepositoryId parameter value. If only archetypeRepository is configured, plugin will work as before (so change is backwards compatible), setting ArchetypeRepository id to "%artifactId%-repo". Attached is proposed patch ( org.apache.maven.archetype.maven-archetype- ARCHETYPE-220 .patch ) with fix described above. No new unit nor integration tests are included - existing ones all pass. Documentation should be updated too with appropriate example.
Hide
Permalink
Christian Rigdon added a comment -

Why not just allow https as an acceptable url for archetypeCatalog?

Show
Christian Rigdon added a comment - Why not just allow https as an acceptable url for archetypeCatalog?
Hide
Permalink
Stevo Slavic added a comment - - edited

Because one typically needs to provide credentials for such URL, and AFAIK standard way in Maven2 for providing (plugin) repository credentials is via server definition in settings.xml which would have id matching to (plugin) repository id.

Show
Stevo Slavic added a comment - - edited Because one typically needs to provide credentials for such URL, and AFAIK standard way in Maven2 for providing (plugin) repository credentials is via server definition in settings.xml which would have id matching to (plugin) repository id.
Hide
Permalink
Torben Knerr added a comment -

with the https.patch applied you can use the following workaround:

... -DarchetypeCatalog=https://user:pass@acme.com/repo/archetype-catalog.xml ...

Show
Torben Knerr added a comment - with the https.patch applied you can use the following workaround: ... -DarchetypeCatalog= https://user:pass@acme.com/repo/archetype-catalog.xml ...
Hide
Permalink
Rich Seddon added a comment -

Agreed that the need to properly handle authentication is necessary for https sometimes, but there are a lot of times when it isn't needed.

Many public repositories nowadays which serve unauthenticated content over https, some examples:

https://repository.jboss.org/nexus/content/groups/developer/archetype-catalog.xml
https://maven.atlassian.com/content/groups/public/archetype-catalog.xml
https://repository.sonatype.org/content/groups/forge/archetype-catalog.xml

This is also an extremely common setup for repository managers in corporate environments.

Show
Rich Seddon added a comment - Agreed that the need to properly handle authentication is necessary for https sometimes, but there are a lot of times when it isn't needed. Many public repositories nowadays which serve unauthenticated content over https, some examples: https://repository.jboss.org/nexus/content/groups/developer/archetype-catalog.xml https://maven.atlassian.com/content/groups/public/archetype-catalog.xml https://repository.sonatype.org/content/groups/forge/archetype-catalog.xml This is also an extremely common setup for repository managers in corporate environments.
Hide
Permalink
Olivier Lamy added a comment -

fixed rev 1160999.
Thanks !

Show
Olivier Lamy added a comment - fixed rev 1160999. Thanks !
Hide
Permalink
Stevo Slavic added a comment -

I don't see in changes that specifying repositoryId is supported. Should separate ticket be created for support for providing credentials and/or repositoryId?

Show
Stevo Slavic added a comment - I don't see in changes that specifying repositoryId is supported. Should separate ticket be created for support for providing credentials and/or repositoryId?
Hide
Permalink
Stevo Slavic added a comment -

Oh, there is one already, ARCHETYPE-204

Show
Stevo Slavic added a comment - Oh, there is one already, ARCHETYPE-204

People

  • Assignee:
    Olivier Lamy
    Reporter:
    Josep F. Barranco
Vote (6)
Watch (9)

Dates

  • Created:
    Updated:
    Resolved: