Apply custom HTTP headers in remote server calls#1549
Open
timw wants to merge 1 commit into
Open
Conversation
Apply custom HTTP headers to remote server requests (e.g. containing access tokens for private repositories), using the standard Maven HTTP transport configuration as per: https://maven.apache.org/guides/mini/guide-resolver-transport.html
timw
force-pushed
the
feature/remote-auth-headers
branch
from
387ff99 to
b4253e1
Compare
Member
There was a problem hiding this comment.
Thanks for the idea! I hope you have tried this with private GitLab repositories and it works. There does not seem to be an easy way to add tests for it.
Also, does Maven Central verify where the request is coming from? If it is from a private GitLab CI, does it reject the request? I don't clearly understand why would the registry deny the request.
| var serverConfig = server.getConfiguration(); | ||
| if (serverConfig instanceof Xpp3Dom) { | ||
| var config = (Xpp3Dom) serverConfig; | ||
| var headers = config.getChild("httpHeaders"); |
Member
There was a problem hiding this comment.
Suggested change
| var headers = config.getChild("httpHeaders"); | |
| var headers = config.getChild("httpConfiguration"); |
httpConfiguration seems correct based on the documentation here. This documentation also seems pretty up-to-date.
| } | ||
| } | ||
| } | ||
| var requestTimeout = config.getChild("requestTimeout"); |
Member
There was a problem hiding this comment.
I also don't see requestTimeout in the same documentation. It is either connectionTimout, readTimeout, or timeout.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Some private repositories (e.g. Gitlab) require custom HTTP headers containing access tokens for requests to the Maven package registry to succeed - e.g. requests for
.sha1files and direct artifact downloads.This PR adds headers configured for the server/repository in the Maven HTTP transport configuration (e.g. in the
server.xmlused for the session) to the remote server requests.This avoids checksum calculation failures for private repositories, which, aside from excluding them from validation with the remote calculator, also creates issues if the lockfile is subsequently validated with the local checksum calculator.
This doesn't currently support the authentication mechanisms (e.g. password auth) supported by the Mavent HTTP transport, as that would require a bit more refactoring, and headers are sufficient for our requirements.