| P2 authentication upon target platform import [message #1144040] |
Fri, 18 October 2013 11:51  |
Eclipse User |
|
|
|
Hi everyone,
we recently started building p2 repositories for our own internal components, so our developers have target platforms definitions pointing to URLs in our intranet.
We are testing artifactory to publish these p2 sites. Artifactory offers user authentication to access this repositories. This works pretty well from the Eclipse IDE, as the target platform resolution interface pops up a dialog asking for authentication when trying to resolve these remote p2 sites. So far, so good.
We use these same target definitions in our Hudson/Jenkins builds. We command buckminster to import a target platform definition before building. This has worked flawlessly so far (despite some p2 site caching issues...). But as soon as we introduced authentication, bucky fails to resolve the target platform definition due to these authetication-required p2 sites.
So the question is... is there any way to specify credentials to bucky on an attempt to resolve these p2 sites? Any best practice for such thing?
Thanks in advance!
Víctor Roldán [Open Canarias]
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| Re: P2 authentication upon target platform import [message #1235120 is a reply to message #1235026] |
Thu, 23 January 2014 11:11  |
| Eclipse User |
|
|
|
Adrian,
we workaround the P2 site with authentication issue my modifying ECF so it passes credentials from the URL. So, you'll have Target Platform definitions with credentials hardcoded within the URL. Not the best solution, but that was the quickest solution. I'll ask the engineer that implemented it and share here the patch. It affects some ECF bundles. I'm still waiting confirmation for making a contribution...
Also, there is the P2 credential injection via extension point, which I haven't analysed, but in the end, it would imply deploying a new bundle in our bucky installation in our server. Another issue would be: best way to pass credentials to such plugin? As you see, it is not trivial either...
Then, regarding the SVN authentication: thats a whole different story, not related with this. I believe its related with SSH keys in the machine executing bucky, you must guarantee you can actually establish an ssh connection with the SVN repository from that machine. I'd suggest you install the svn command (assuming your have a linux machine) and try to connect command line to the repository. Once you manage to do that, the next SVN command bucky executes will find the ssh key. Yet another dirty hack we used in the past was hardcoding the credentials in the rmap... not very fancy.
HTH,
Víctor Roldán [Open Canarias]
|
|
|
|
| Re: P2 authentication upon target platform import [message #1236951 is a reply to message #1235124] |
Tue, 28 January 2014 08:21 |
| Eclipse User |
|
|
|
Hi,
I will detail the workaround indicated by Víctor Roldán.
Problems:
1) The org.eclipse.ecf.provider.filetransfer.httpclient component in eclipse 3.8 (org.eclipse.ecf.provider.filetransfer.httpclient_4.0.200.v20120610-1946) returns an error when the url has the formar (user:pass @ host: port / ...) Failed to get port.
java.lang.NumberFormatException: For input string: "<my_pass>@<our_host>"
at java.lang.NumberFormatException.forInputString(Unknown Source)
at java.lang.Integer.parseInt(Unknown Source)
2) This bug is solved in eclipse 4.2 (org.eclipse.ecf.provider.filetransfer.httpclient_4.0.300.v20130604-1622 and org.eclipse.ecf.provider.filetransfer.httpclient4_1.0.300.v20130604-1622) But there is another error with the same URL format, the method getHostFromURL returns an incorrect value, the return value is the user in the url.
Changes to fix:
1) Get de hostname.
- Affected components:
* org.eclipse.ecf.provider.filetransfer.httpclient_4.0.300.v20130604-1622
* org.eclipse.ecf.provider.filetransfer.httpclient4_1.0.300.v20130604-1622
- Changes in HttpClientRetrieveFileTransfer.java
protected static String getHostFromURL(String url) {
String result = url;
final int colonSlashSlash = url.indexOf("://"); //$NON-NLS-1$
if (colonSlashSlash < 0)
return ""; //$NON-NLS-1$
if (colonSlashSlash >= 0) {
result = url.substring(colonSlashSlash + 3);
}
/////////////// Start change ///////////////
int requestPath = result.indexOf('/');
final int user = result.indexOf('@');
if ( (requestPath > 0 && user > 0 && user < requestPath ) || (requestPath < 0 && user > 0)){
result = result.substring(user + 1);
requestPath = result.indexOf('/');
}
/////////////// End change ///////////////
final int colonPort = result.indexOf(':');
int substringEnd;
if (colonPort > 0 && requestPath > 0)
substringEnd = Math.min(colonPort, requestPath);
else if (colonPort > 0)
substringEnd = colonPort;
else if (requestPath > 0)
substringEnd = requestPath;
else
substringEnd = result.length();
return result.substring(0, substringEnd);
}
2) Get credentials from url (when not only exists in the context)
- Affected components:
* org.eclipse.ecf.provider.filetransfer.httpclient_4.0.300.v20130604-1622
* org.eclipse.ecf.provider.filetransfer.httpclient4_1.0.300.v20130604-1622
- Changes in HttpClientRetrieveFileTransfer.java and HttpClientFileSystemBrowser.java (duplicate methods in both classes)
/* New method */
protected Credentials getFileRequestCredentials(String urlString) throws UnsupportedCallbackException, IOException {
Credentials credentials = getFileRequestCredentials();
if ( credentials != null )
return credentials;
if ( urlString.matches(".+://.+:.+@.+") ) {
String result = urlString.substring(urlString.indexOf("://") + 3); //$NON-NLS-1$
final int index1 = result.indexOf(":") ; //$NON-NLS-1$
username = result.substring(0,index1);
result = result.substring(index1 + 1);
password = result.substring(0, result.indexOf("@"));
return new UsernamePasswordCredentials(username, password);
}
return null;
}
...
protected void setupAuthentication(String urlString) throws UnsupportedCallbackException, IOException {
// code removed
// Credentials credentials = null;
// if (username == null) {
// credentials = getFileRequestCredentials();
// }
// Call the new method
Credentials credentials = getFileRequestCredentials(urlString);
...
}
Modified source code available in:
- For org.eclipse.ecf.provider.filetransfer.httpclient_4.0.300.v20130604-1622
* HttpClientFileSystemBrowser.java: pastebin.com/iE3fbecp
* HttpClientRetrieveFileTransfer.java: pastebin.com/KLSGX3rm
- For org.eclipse.ecf.provider.filetransfer.httpclient4_1.0.300.v20130604-1622
* HttpClientFileSystemBrowser.java: pastebin.com/cxSyfudi
* HttpClientRetrieveFileTransfer.java: pastebin.com/Ye6J3NG7
|
|
|
|
| Re: P2 authentication upon target platform import [message #1239055 is a reply to message #1236972] |
Mon, 03 February 2014 03:25 |
| Eclipse User |
|
|
|
hi,
thanks for the detailed bug fix instructions.
unfortunately this won't cover our requirement because our apache, hosting the p2-repository, is getting his authorization credentials from a ldap-server.
so every user would have to specify his own credentials and this wouldn't work for rmaps resolved from the repository.
so we are going for another approach. we modified the class ComponentQuery in the org.eclipse.buckminster.core bundle.
in a special early-startup bundle, we are asking the user to enter username & password and keep them in memory during the eclipse session, alternatively the credential can be loaded from the eclipse.ini file (this also covers the eclipse-headless use case).
in the start method of the class CorePlugin from the org.eclipse.buckminster.core bundle, we initialize the two fields username and password from our user-input bundle and in the class ComponentQuery we populate the present, but unused field connectContext with a UsernamePasswordContext.
I am aware, that this only works if all involved p2-repositories requires the same credentials, but in our case that's exactly what we have in place.
regards, adrian
|
|
|
|
| Re: P2 authentication upon target platform import [message #1776497 is a reply to message #1239486] |
Thu, 16 November 2017 23:16 |
| Eclipse User |
|
|
|
OK in case anyone trying to do this in 2017 :-)
on product startup
get to
BundleContext bundleContext = Activator.getDefault().getBundle().getBundleContext();
ServiceReference<IProvisioningAgent> serviceReference = bundleContext
.getServiceReference(IProvisioningAgent.class);
IProvisioningAgent baseagent= bundleContext.getService(serviceReference);
if (baseagent== null) {
System.out.println(">> no agent loaded!");
return;
}
then
final UIServices adminUIService = (UIServices) baseagent.getService(UIServices.SERVICE_NAME);
baseagent.registerService(UIServices.SERVICE_NAME, new UIServices() {
@Override
public AuthenticationInfo getUsernamePassword(String location,
AuthenticationInfo previousInfo) {
return new AuthenticationInfo("USER base on LOCATION", "PASS", false);// change if need
}
@Override
public AuthenticationInfo getUsernamePassword(String location) {
return new AuthenticationInfo("USER base on LOCATION", "PASS", false);// change if need
}
@Override
public TrustInfo getTrustInfo(Certificate[][] untrustedChain, String[] unsignedDetail) {
return adminUIService.getTrustInfo(untrustedChain, unsignedDetail);
}
});
Note: this not working when you run from eclipse but when you build the product and running it works perfectly!
|
|
|
Powered by
FUDForum. Page generated in 0.09052 seconds
Home