[smithy-cli] MavenDependencyResolver fails basic HTTP authentication #1837

denisrosca · 2023-06-28T13:29:20Z

Description

The current implementation of the MavenDependencyResolver doesn't configure the repository authentication correctly as expected by Aether.

In aether the org.eclipse.aether.transport.http.DeferredCredentialsProvider.BasicFactory credentials factory expects the auth context to have a key value structure containing two key-value pairs:

username -> myUserName
password -> myPassword

while MavenDependencyResolver.addUserInfo builds the auth context like so:

myUsername -> myPassword

This causes a NPE which then aborts the basic auth flow.

Steps to reproduce

Given the following build smithy-build.json definition:

{
    "version": "1.0",
    "maven": {
        "repositories": [
            {
                "url": "http://localhost:1234/maven/not/there",
                "httpCredentials": "xxx:yyy"
            }
        ],
        "dependencies": [
            // Normally, this could refer to SMITHY_VERSION, but that doesn't work for pre-release builds.
            "software.amazon.smithy:smithy-aws-iam-traits:1.26.0"
        ]
    }
}

and a repository provider running on local host requiring basic auth run the following command smithy validate --debug and check the logs:

16:10:19.151 [main] FINE software.amazon.smithy.cli.shaded.eclipse.aether.internal.impl.DefaultRepositoryConnectorProvider - Using connector BasicRepositoryConnector with priority 0.0 for http://localhost:1234/maven/not/there with xxx=****
16:10:19.187 [main] FINE software.amazon.smithy.cli.shaded.apache.http.client.protocol.RequestAddCookies - CookieSpec selected: default
16:10:19.195 [main] FINE software.amazon.smithy.cli.shaded.apache.http.impl.conn.PoolingHttpClientConnectionManager - Connection request: [route: {}->http://localhost:1234][total available: 0; route allocated: 0 of 50; total allocated: 0 of 100]
16:10:19.208 [main] FINE software.amazon.smithy.cli.shaded.apache.http.impl.conn.PoolingHttpClientConnectionManager - Connection leased: [id: 0][route: {}->http://localhost:1234][total available: 0; route allocated: 1 of 50; total allocated: 1 of 100]
16:10:19.209 [main] FINE software.amazon.smithy.cli.shaded.apache.http.impl.execchain.MainClientExec - Opening connection {}->http://localhost:1234
16:10:19.231 [main] FINE software.amazon.smithy.cli.shaded.apache.http.impl.conn.DefaultHttpClientConnectionOperator - Connecting to localhost/127.0.0.1:1234
16:10:19.244 [main] FINE software.amazon.smithy.cli.shaded.apache.http.impl.conn.DefaultHttpClientConnectionOperator - Connection established 127.0.0.1:59880<->127.0.0.1:1234
16:10:19.244 [main] FINE software.amazon.smithy.cli.shaded.apache.http.impl.conn.DefaultManagedHttpClientConnection - http-outgoing-0: set socket timeout to 1800000
16:10:19.244 [main] FINE software.amazon.smithy.cli.shaded.apache.http.impl.execchain.MainClientExec - Executing request GET /maven/not/there/software/amazon/smithy/smithy-aws-iam-traits/1.26.0/smithy-aws-iam-traits-1.26.0.pom HTTP/1.1
16:10:19.245 [main] FINE software.amazon.smithy.cli.shaded.apache.http.impl.execchain.MainClientExec - Target auth state: UNCHALLENGED
16:10:19.245 [main] FINE software.amazon.smithy.cli.shaded.apache.http.impl.execchain.MainClientExec - Proxy auth state: UNCHALLENGED
16:10:19.247 [main] FINE software.amazon.smithy.cli.shaded.apache.http.headers - http-outgoing-0 >> GET /maven/not/there/software/amazon/smithy/smithy-aws-iam-traits/1.26.0/smithy-aws-iam-traits-1.26.0.pom HTTP/1.1
16:10:19.248 [main] FINE software.amazon.smithy.cli.shaded.apache.http.headers - http-outgoing-0 >> Cache-Control: no-cache, no-store
16:10:19.248 [main] FINE software.amazon.smithy.cli.shaded.apache.http.headers - http-outgoing-0 >> Pragma: no-cache
16:10:19.248 [main] FINE software.amazon.smithy.cli.shaded.apache.http.headers - http-outgoing-0 >> Host: localhost:1234
16:10:19.249 [main] FINE software.amazon.smithy.cli.shaded.apache.http.headers - http-outgoing-0 >> Connection: Keep-Alive
16:10:19.249 [main] FINE software.amazon.smithy.cli.shaded.apache.http.headers - http-outgoing-0 >> User-Agent: Aether
16:10:19.250 [main] FINE software.amazon.smithy.cli.shaded.apache.http.headers - http-outgoing-0 >> Accept-Encoding: gzip,deflate
16:10:19.250 [main] FINE software.amazon.smithy.cli.shaded.apache.http.wire - http-outgoing-0 >> "GET /maven/not/there/software/amazon/smithy/smithy-aws-iam-traits/1.26.0/smithy-aws-iam-traits-1.26.0.pom HTTP/1.1[\r][\n]"
16:10:19.250 [main] FINE software.amazon.smithy.cli.shaded.apache.http.wire - http-outgoing-0 >> "Cache-Control: no-cache, no-store[\r][\n]"
16:10:19.251 [main] FINE software.amazon.smithy.cli.shaded.apache.http.wire - http-outgoing-0 >> "Pragma: no-cache[\r][\n]"
16:10:19.251 [main] FINE software.amazon.smithy.cli.shaded.apache.http.wire - http-outgoing-0 >> "Host: localhost:1234[\r][\n]"
16:10:19.251 [main] FINE software.amazon.smithy.cli.shaded.apache.http.wire - http-outgoing-0 >> "Connection: Keep-Alive[\r][\n]"
16:10:19.251 [main] FINE software.amazon.smithy.cli.shaded.apache.http.wire - http-outgoing-0 >> "User-Agent: Aether[\r][\n]"
16:10:19.251 [main] FINE software.amazon.smithy.cli.shaded.apache.http.wire - http-outgoing-0 >> "Accept-Encoding: gzip,deflate[\r][\n]"
16:10:19.251 [main] FINE software.amazon.smithy.cli.shaded.apache.http.wire - http-outgoing-0 >> "[\r][\n]"
16:10:19.294 [main] FINE software.amazon.smithy.cli.shaded.apache.http.wire - http-outgoing-0 << "HTTP/1.1 401 Unauthorized[\r][\n]"
16:10:19.294 [main] FINE software.amazon.smithy.cli.shaded.apache.http.wire - http-outgoing-0 << "WWW-Authenticate: Basic realm="Artifactory Realm"[\r][\n]"
16:10:19.295 [main] FINE software.amazon.smithy.cli.shaded.apache.http.wire - http-outgoing-0 << "connection: keep-alive[\r][\n]"
16:10:19.295 [main] FINE software.amazon.smithy.cli.shaded.apache.http.wire - http-outgoing-0 << "content-length: 0[\r][\n]"
16:10:19.295 [main] FINE software.amazon.smithy.cli.shaded.apache.http.wire - http-outgoing-0 << "[\r][\n]"
16:10:19.297 [main] FINE software.amazon.smithy.cli.shaded.apache.http.headers - http-outgoing-0 << HTTP/1.1 401 Unauthorized
16:10:19.297 [main] FINE software.amazon.smithy.cli.shaded.apache.http.headers - http-outgoing-0 << WWW-Authenticate: Basic realm="Artifactory Realm"
16:10:19.298 [main] FINE software.amazon.smithy.cli.shaded.apache.http.headers - http-outgoing-0 << connection: keep-alive
16:10:19.298 [main] FINE software.amazon.smithy.cli.shaded.apache.http.headers - http-outgoing-0 << content-length: 0
16:10:19.308 [main] FINE software.amazon.smithy.cli.shaded.apache.http.impl.execchain.MainClientExec - Connection can be kept alive indefinitely
16:10:19.308 [main] FINE software.amazon.smithy.cli.shaded.apache.http.impl.auth.HttpAuthenticator - Authentication required
16:10:19.308 [main] FINE software.amazon.smithy.cli.shaded.apache.http.impl.auth.HttpAuthenticator - localhost:1234 requested authentication
16:10:19.309 [main] FINE software.amazon.smithy.cli.shaded.apache.http.impl.client.TargetAuthenticationStrategy - Authentication schemes in the order of preference: [Negotiate, Kerberos, NTLM, CredSSP, Digest, Basic]
16:10:19.309 [main] FINE software.amazon.smithy.cli.shaded.apache.http.impl.client.TargetAuthenticationStrategy - Challenge for Negotiate authentication scheme not available
16:10:19.309 [main] FINE software.amazon.smithy.cli.shaded.apache.http.impl.client.TargetAuthenticationStrategy - Challenge for Kerberos authentication scheme not available
16:10:19.309 [main] FINE software.amazon.smithy.cli.shaded.apache.http.impl.client.TargetAuthenticationStrategy - Challenge for NTLM authentication scheme not available
16:10:19.309 [main] FINE software.amazon.smithy.cli.shaded.apache.http.impl.client.TargetAuthenticationStrategy - Challenge for CredSSP authentication scheme not available
16:10:19.310 [main] FINE software.amazon.smithy.cli.shaded.apache.http.impl.client.TargetAuthenticationStrategy - Challenge for Digest authentication scheme not available
16:10:19.316 [main] FINE software.amazon.smithy.cli.shaded.apache.http.impl.conn.DefaultManagedHttpClientConnection - http-outgoing-0: Shutdown connection
16:10:19.319 [main] FINE software.amazon.smithy.cli.shaded.apache.http.impl.execchain.MainClientExec - Connection discarded

Notice that Basic authentication is last in the auth schemes in order of preference: Authentication schemes in the order of preference: [Negotiate, Kerberos, NTLM, CredSSP, Digest, Basic]

During auth scheme selection all schemes except Basic are discarded because our server doesn't support them (as it requested basic authentication via WWW-Authenticate: Basic realm="Artifactory Realm").

At the next step instead of continuing with basic authentication, the connection is closed and discarded.

The text was updated successfully, but these errors were encountered:

…g#1838) Fixes smithy-lang#1837 Replace `MavenAuth` with existing aether builder to configure the repository auth context. Modify the auth test to use a mock server to actually run the authentication flow.

denisrosca mentioned this issue Jun 28, 2023

Fix basic HTTP authentication when resolving dependencies #1838

Merged

milesziemer closed this as completed in 6e20df6 Jun 29, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[smithy-cli] MavenDependencyResolver fails basic HTTP authentication #1837

[smithy-cli] MavenDependencyResolver fails basic HTTP authentication #1837

denisrosca commented Jun 28, 2023 •

edited

Loading

[smithy-cli] MavenDependencyResolver fails basic HTTP authentication #1837

[smithy-cli] MavenDependencyResolver fails basic HTTP authentication #1837

Comments

denisrosca commented Jun 28, 2023 • edited Loading

Description

Steps to reproduce

denisrosca commented Jun 28, 2023 •

edited

Loading