[smithy-cli] MavenDependencyResolver fails basic HTTP authentication
denisrosca opened this issue · 0 comments
Description
The current implementation of the MavenDependencyResolver doesn't configure the repository authentication correctly as expected by Aether.
In aether the org.eclipse.aether.transport.http.DeferredCredentialsProvider.BasicFactory
credentials factory expects the auth context to have a key value structure containing two key-value pairs:
username -> myUserName
password -> myPassword
while MavenDependencyResolver.addUserInfo
builds the auth context like so:
myUsername -> myPassword
This causes a NPE which then aborts the basic auth flow.
Steps to reproduce
Given the following build smithy-build.json
definition:
{
"version": "1.0",
"maven": {
"repositories": [
{
"url": "http://localhost:1234/maven/not/there",
"httpCredentials": "xxx:yyy"
}
],
"dependencies": [
// Normally, this could refer to SMITHY_VERSION, but that doesn't work for pre-release builds.
"software.amazon.smithy:smithy-aws-iam-traits:1.26.0"
]
}
}
and a repository provider running on local host requiring basic auth run the following command smithy validate --debug
and check the logs:
16:10:19.151 [main] FINE software.amazon.smithy.cli.shaded.eclipse.aether.internal.impl.DefaultRepositoryConnectorProvider - Using connector BasicRepositoryConnector with priority 0.0 for http://localhost:1234/maven/not/there with xxx=****
16:10:19.187 [main] FINE software.amazon.smithy.cli.shaded.apache.http.client.protocol.RequestAddCookies - CookieSpec selected: default
16:10:19.195 [main] FINE software.amazon.smithy.cli.shaded.apache.http.impl.conn.PoolingHttpClientConnectionManager - Connection request: [route: {}->http://localhost:1234][total available: 0; route allocated: 0 of 50; total allocated: 0 of 100]
16:10:19.208 [main] FINE software.amazon.smithy.cli.shaded.apache.http.impl.conn.PoolingHttpClientConnectionManager - Connection leased: [id: 0][route: {}->http://localhost:1234][total available: 0; route allocated: 1 of 50; total allocated: 1 of 100]
16:10:19.209 [main] FINE software.amazon.smithy.cli.shaded.apache.http.impl.execchain.MainClientExec - Opening connection {}->http://localhost:1234
16:10:19.231 [main] FINE software.amazon.smithy.cli.shaded.apache.http.impl.conn.DefaultHttpClientConnectionOperator - Connecting to localhost/127.0.0.1:1234
16:10:19.244 [main] FINE software.amazon.smithy.cli.shaded.apache.http.impl.conn.DefaultHttpClientConnectionOperator - Connection established 127.0.0.1:59880<->127.0.0.1:1234
16:10:19.244 [main] FINE software.amazon.smithy.cli.shaded.apache.http.impl.conn.DefaultManagedHttpClientConnection - http-outgoing-0: set socket timeout to 1800000
16:10:19.244 [main] FINE software.amazon.smithy.cli.shaded.apache.http.impl.execchain.MainClientExec - Executing request GET /maven/not/there/software/amazon/smithy/smithy-aws-iam-traits/1.26.0/smithy-aws-iam-traits-1.26.0.pom HTTP/1.1
16:10:19.245 [main] FINE software.amazon.smithy.cli.shaded.apache.http.impl.execchain.MainClientExec - Target auth state: UNCHALLENGED
16:10:19.245 [main] FINE software.amazon.smithy.cli.shaded.apache.http.impl.execchain.MainClientExec - Proxy auth state: UNCHALLENGED
16:10:19.247 [main] FINE software.amazon.smithy.cli.shaded.apache.http.headers - http-outgoing-0 >> GET /maven/not/there/software/amazon/smithy/smithy-aws-iam-traits/1.26.0/smithy-aws-iam-traits-1.26.0.pom HTTP/1.1
16:10:19.248 [main] FINE software.amazon.smithy.cli.shaded.apache.http.headers - http-outgoing-0 >> Cache-Control: no-cache, no-store
16:10:19.248 [main] FINE software.amazon.smithy.cli.shaded.apache.http.headers - http-outgoing-0 >> Pragma: no-cache
16:10:19.248 [main] FINE software.amazon.smithy.cli.shaded.apache.http.headers - http-outgoing-0 >> Host: localhost:1234
16:10:19.249 [main] FINE software.amazon.smithy.cli.shaded.apache.http.headers - http-outgoing-0 >> Connection: Keep-Alive
16:10:19.249 [main] FINE software.amazon.smithy.cli.shaded.apache.http.headers - http-outgoing-0 >> User-Agent: Aether
16:10:19.250 [main] FINE software.amazon.smithy.cli.shaded.apache.http.headers - http-outgoing-0 >> Accept-Encoding: gzip,deflate
16:10:19.250 [main] FINE software.amazon.smithy.cli.shaded.apache.http.wire - http-outgoing-0 >> "GET /maven/not/there/software/amazon/smithy/smithy-aws-iam-traits/1.26.0/smithy-aws-iam-traits-1.26.0.pom HTTP/1.1[\r][\n]"
16:10:19.250 [main] FINE software.amazon.smithy.cli.shaded.apache.http.wire - http-outgoing-0 >> "Cache-Control: no-cache, no-store[\r][\n]"
16:10:19.251 [main] FINE software.amazon.smithy.cli.shaded.apache.http.wire - http-outgoing-0 >> "Pragma: no-cache[\r][\n]"
16:10:19.251 [main] FINE software.amazon.smithy.cli.shaded.apache.http.wire - http-outgoing-0 >> "Host: localhost:1234[\r][\n]"
16:10:19.251 [main] FINE software.amazon.smithy.cli.shaded.apache.http.wire - http-outgoing-0 >> "Connection: Keep-Alive[\r][\n]"
16:10:19.251 [main] FINE software.amazon.smithy.cli.shaded.apache.http.wire - http-outgoing-0 >> "User-Agent: Aether[\r][\n]"
16:10:19.251 [main] FINE software.amazon.smithy.cli.shaded.apache.http.wire - http-outgoing-0 >> "Accept-Encoding: gzip,deflate[\r][\n]"
16:10:19.251 [main] FINE software.amazon.smithy.cli.shaded.apache.http.wire - http-outgoing-0 >> "[\r][\n]"
16:10:19.294 [main] FINE software.amazon.smithy.cli.shaded.apache.http.wire - http-outgoing-0 << "HTTP/1.1 401 Unauthorized[\r][\n]"
16:10:19.294 [main] FINE software.amazon.smithy.cli.shaded.apache.http.wire - http-outgoing-0 << "WWW-Authenticate: Basic realm="Artifactory Realm"[\r][\n]"
16:10:19.295 [main] FINE software.amazon.smithy.cli.shaded.apache.http.wire - http-outgoing-0 << "connection: keep-alive[\r][\n]"
16:10:19.295 [main] FINE software.amazon.smithy.cli.shaded.apache.http.wire - http-outgoing-0 << "content-length: 0[\r][\n]"
16:10:19.295 [main] FINE software.amazon.smithy.cli.shaded.apache.http.wire - http-outgoing-0 << "[\r][\n]"
16:10:19.297 [main] FINE software.amazon.smithy.cli.shaded.apache.http.headers - http-outgoing-0 << HTTP/1.1 401 Unauthorized
16:10:19.297 [main] FINE software.amazon.smithy.cli.shaded.apache.http.headers - http-outgoing-0 << WWW-Authenticate: Basic realm="Artifactory Realm"
16:10:19.298 [main] FINE software.amazon.smithy.cli.shaded.apache.http.headers - http-outgoing-0 << connection: keep-alive
16:10:19.298 [main] FINE software.amazon.smithy.cli.shaded.apache.http.headers - http-outgoing-0 << content-length: 0
16:10:19.308 [main] FINE software.amazon.smithy.cli.shaded.apache.http.impl.execchain.MainClientExec - Connection can be kept alive indefinitely
16:10:19.308 [main] FINE software.amazon.smithy.cli.shaded.apache.http.impl.auth.HttpAuthenticator - Authentication required
16:10:19.308 [main] FINE software.amazon.smithy.cli.shaded.apache.http.impl.auth.HttpAuthenticator - localhost:1234 requested authentication
16:10:19.309 [main] FINE software.amazon.smithy.cli.shaded.apache.http.impl.client.TargetAuthenticationStrategy - Authentication schemes in the order of preference: [Negotiate, Kerberos, NTLM, CredSSP, Digest, Basic]
16:10:19.309 [main] FINE software.amazon.smithy.cli.shaded.apache.http.impl.client.TargetAuthenticationStrategy - Challenge for Negotiate authentication scheme not available
16:10:19.309 [main] FINE software.amazon.smithy.cli.shaded.apache.http.impl.client.TargetAuthenticationStrategy - Challenge for Kerberos authentication scheme not available
16:10:19.309 [main] FINE software.amazon.smithy.cli.shaded.apache.http.impl.client.TargetAuthenticationStrategy - Challenge for NTLM authentication scheme not available
16:10:19.309 [main] FINE software.amazon.smithy.cli.shaded.apache.http.impl.client.TargetAuthenticationStrategy - Challenge for CredSSP authentication scheme not available
16:10:19.310 [main] FINE software.amazon.smithy.cli.shaded.apache.http.impl.client.TargetAuthenticationStrategy - Challenge for Digest authentication scheme not available
16:10:19.316 [main] FINE software.amazon.smithy.cli.shaded.apache.http.impl.conn.DefaultManagedHttpClientConnection - http-outgoing-0: Shutdown connection
16:10:19.319 [main] FINE software.amazon.smithy.cli.shaded.apache.http.impl.execchain.MainClientExec - Connection discarded
Notice that Basic authentication is last in the auth schemes in order of preference: Authentication schemes in the order of preference: [Negotiate, Kerberos, NTLM, CredSSP, Digest, Basic]
During auth scheme selection all schemes except Basic
are discarded because our server doesn't support them (as it requested basic authentication via WWW-Authenticate: Basic realm="Artifactory Realm"
).
At the next step instead of continuing with basic authentication, the connection is closed and discarded.