appengine-maven-repository
appengine-maven-repository copied to clipboard
renaudcerrato
Doesn't seem to work with sbt
I couldn't get this project to work properly with sbt. I'm fairly certain that it has something to do with the Basic Auth, because you are forced to define a realm for the credentials in sbt, but this project doesn't return any.
curl https://maven.company.com -vv returns WWW-Authenticate: Basic instead of WWW-Authenticate: Basic realm="some-realm-name"
I have already commented an open issue on sbt describing the problem (link)
However, i do believe that it would be fairly simple to just return a realm in this application. Unfortunately, i wasn't able to do it myself, because i lack knowledge about JAX-RS.
Thanks for reporting. Indeed, adding a realm isn't that hard. I'll look into this asap!
We'd just need to add a login-config to the web.xml IMO :
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>the_realm</realm-name>
</login-config>
Thanks for the fast response!
I've actually already tried that, but it doesn't seem to work.
It's still returning WWW-Authenticate: Basic
It has to be in the <web-app> object, right? Here's my full web.xml:
<?xml version="1.0" encoding="utf-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee" version="2.5">
<servlet>
<servlet-name>jerseyServlet</servlet-name>
<servlet-class>
org.glassfish.jersey.servlet.ServletContainer
</servlet-class>
<init-param>
<param-name>javax.ws.rs.Application</param-name>
<param-value>repo.Application</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>jerseyServlet</servlet-name>
<url-pattern>/*</url-pattern>
</servlet-mapping>
<security-constraint>
<web-resource-collection>
<web-resource-name>everything</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>/_ah/start</web-resource-name>
<url-pattern>/_ah/start</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>my-realm-name</realm-name>
</login-config>
</web-app>
btw. I've added the
/_ah/startroute to allow basic scaling in the Google App Engine. This route has to return200 OK, it won't work otherwise.
Well, I've got it working with a very dirty workaround.
I created the class repo/provider/ResponseServerFilter.java
package repo.provider;
import java.io.IOException;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerResponseContext;
import javax.ws.rs.container.ContainerResponseFilter;
public class ResponseServerFilter implements ContainerResponseFilter {
@Override
public void filter(ContainerRequestContext requestContext, ContainerResponseContext responseContext) throws IOException {
responseContext.getHeaders().remove("WWW-Authenticate");
responseContext.getHeaders().add("WWW-Authenticate", "Basic realm=\"my-realm-name\"");
}
}
and registered it in repo/Application.java
public Application() throws IOException {
...
register(ResponseServerFilter.class);
...
}
So the server just automatically replaces the WWW-Authenticate header for every request.
That's a very dirty solution, and it would probably be a lot better to implement the Basic-Auth correctly.
I think some parts of the Basic-Auth implementation are a bit odd, because the login-config should theoretically work, from what i've found. Also, it looks a bit different from examples i've found online (?) (eg. https://docs.oracle.com/cd/E24329_01/web.1211/e24983/secure.htm#RESTF113)