You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@maven.apache.org by Mykel Alvis <my...@weirdness.com> on 2006/12/07 01:37:59 UTC
Firewall/proxy issues
When I first started using maven, I always wondered why people had so much
trouble using it behind a firewall. Now that I'm no longer in a place where
internet access is a simple proxy, but rather where we have National
Socialists for security staff, I most definitely verstehe the pain.
So on to my version of that pain:
I work in a nearly completely Windows corporate environment. Non-windows
boxen (linux, in this case, like all of my build boxen) are frowned on and
beneath the efforts of the support staff (not to mention being way out of
their range of knowledge).
We have a proxying firewall that, among other things, virus checks every
file as it is transferred. I assume that is not true if it matches a few
rules, like "Is this file a .JPG?" This firewall is the current bane of my
existence.
Basic authentication to your windows account is all that's required inside a
web-browser that's been configured to use the properly formed
"Auto-configuration URL". This works flawlessly with Firefox under Linux in
KDE and Gnome.
>From the command line in linux, doing an
export http_proxy=http://USER:PASSWORD@HOST:PORT
allows me to successfully do something like
wget
http://mirrors.ibiblio.org/pub/mirrors/maven2/org/apache/maven/plugins/maven-clean-plugin/2.1.1/maven-clean-plugin-2.1.1.pom
With the <proxy> settings in settings.xml, my Windows laptop will connect
and download artifacts from ibiblio all day long.
The Linux build boxes, with the exact same file for settings, will not.
I get a "The plugin blah blah blah does not exist or no valid version could
be found message from doing a mvn clean. Basically, a timeout that says
that "central" got blacklisted. A debugging trace indicates that the
failure occurred at
org.apache.maven.wagon.providers.http.LightweightHttpWagon.fillInputData(
Line Number 99).
This was caused by
java.net.ProtocolException: Server redirected too many times (20)
That makes sense, since the stupid proxy seems to do that sort of
redirection when it gets fed up with you trying to give it credentials (like
the ones in my settings.xml). The mirror makes me redirect central calls
from repo1.maven.org to www.ibiblio.org which the proxy apparently needs to
work properly.
<settings>
<proxies>
<proxy>
<id>DumbazzProxy</id>
<active>true</active>
<protocol>http</protocol>
<username>MYUSERNAME</username>
<password>MYPASSWORD</password>
<host>PROXYIP</host>
<port>PROXYPORT</port>
</proxy>
</proxies>
</settings>
Clearly this is a screwed up situation, but there is exactly NO chance of it
changing for the better for me, so I'm trying to work within the limits that
I've pushed for myself.
I don't want to have to do every build on my windows laptop and then copy
those artifacts to some other location. That'd be stupid amounts of work.
I also want to be able to keep my proxying service (currently Proximity) up,
so running Proximity under windows isn't much of an option. I've had my
fill of trying to keep java programs running as services under windows.
Is there any other setting that I can try? Is there a new lightweight http
transport that solves this problem? Is there any way to turn up the logging
so that I can see what's transpiring within the lightweight http call?
--
I'm just an unfrozen caveman software developer. I don't understand your
strange, "modern" ways.
Re: Firewall/proxy issues
Posted by Mykel Alvis <my...@weirdness.com>.
Sorry. I should've indicated that I've already determined that it is
reading the correct file. I forgot to put it in the original message.
I have verified that it's reading the settings that I posted.
Thanks for the suggestion!
On 12/6/06, Barrie Treloar <ba...@gmail.com> wrote:
>
> > With the <proxy> settings in settings.xml, my Windows laptop will
> connect
> > and download artifacts from ibiblio all day long.
> > The Linux build boxes, with the exact same file for settings, will not.
>
> It is odd that Linux fails where Windows works.
>
> Unfortunately Maven (even in -X mode) doesn't inform you where it is
> attempting to read the settings.xml file from.
>
> Can you verify that it is reading the settings.xml file you think it
> should be?
> The only way I know of doing this is to type junk into settings.xml
> which will cause an XML parse failure. If you do not get the XML
> parse failure then you know your settings.xml file is not being
> loaded.
>
> If it is reading the settings.xml file you expect, I don't have any
> other suggestions for you.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
> For additional commands, e-mail: users-help@maven.apache.org
>
>
--
I'm just an unfrozen caveman software developer. I don't understand your
strange, "modern" ways.
Re: Firewall/proxy issues
Posted by Barrie Treloar <ba...@gmail.com>.
> With the <proxy> settings in settings.xml, my Windows laptop will connect
> and download artifacts from ibiblio all day long.
> The Linux build boxes, with the exact same file for settings, will not.
It is odd that Linux fails where Windows works.
Unfortunately Maven (even in -X mode) doesn't inform you where it is
attempting to read the settings.xml file from.
Can you verify that it is reading the settings.xml file you think it should be?
The only way I know of doing this is to type junk into settings.xml
which will cause an XML parse failure. If you do not get the XML
parse failure then you know your settings.xml file is not being
loaded.
If it is reading the settings.xml file you expect, I don't have any
other suggestions for you.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
For additional commands, e-mail: users-help@maven.apache.org
Re: Firewall/proxy issues
Posted by Mykel Alvis <my...@weirdness.com>.
I tried ntlmaps, and it won't validate me on the network.
I don't really know how ntlm authentication works, but apparently the
machine you're requesting from must be a member of the domain as well as the
user, so that didn't work for me either.
Since BASIC authentication is available, I still can't quite understand why
I can't get maven to communicate using just a username/password. I've tried
all the permutations of username, with and without domain. I'm curious
about why maven's proxy setting doesn't seem to work essentially the same
way firefox and wget and curl do, since the lightweight http client looks to
me like it should.
On 12/29/06, Barrie Treloar <ba...@gmail.com> wrote:
>
> > Like I said before, my company removed basic, so it is forcing me to do
> NTLM.
> >
> > To work around this I plan to write a proxy-proxy.....
> > I will create a java program that will negotiate NTLM with the companies
> proxy.
>
> Just use NTLMAPS at sourceforge. http://ntlmaps.sourceforge.net/
> Then point Maven at that.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
> For additional commands, e-mail: users-help@maven.apache.org
>
>
--
I'm just an unfrozen caveman software developer. I don't understand your
strange, "modern" ways.
Re: Firewall/proxy issues
Posted by Barrie Treloar <ba...@gmail.com>.
> Like I said before, my company removed basic, so it is forcing me to do NTLM.
>
> To work around this I plan to write a proxy-proxy.....
> I will create a java program that will negotiate NTLM with the companies proxy.
Just use NTLMAPS at sourceforge. http://ntlmaps.sourceforge.net/
Then point Maven at that.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
For additional commands, e-mail: users-help@maven.apache.org
Re: Firewall/proxy issues
Posted by Stephen More <st...@gmail.com>.
On 12/28/06, Mykel Alvis <my...@weirdness.com> wrote:
> [localbuild@BHBHVMVMLXBuild1AH ~]$ java -cp . debugISA
> Server: Proxy-Authenticate: NTLM
> Server: Proxy-Authenticate: BASIC realm="User"
The only difference between yours and mine is 'realm="User"' and my
maven 2.0.4 works on linux against a firewall using basic. Perhaps you
are not providing the realm so maven tries another mechanism in this
case ntlm.
If it is trying ntlm, I think you have to use atleast java 1.5.
> I definitely know I can do BASIC auth out of the proxy, because that's how
> it works with Firefox, etc as well as the way the wget works above.
Firefox also does ntlm.
> The
> real question appears to be why can't I seem to get it to work with maven
> using the same settings that work for BASIC auth in my settings.xml or maybe
> even in java properties?
Here is a great tool to debug firewall issues: http://portswigger.net/proxy/
With this you can SEE what is actually going on.
You can even intercept messages and change them....
> Are there other settings to try, or maybe a variant method for specifying
> BASIC auth explicitly?
Like I said before, my company removed basic, so it is forcing me to do NTLM.
To work around this I plan to write a proxy-proxy.....
I will create a java program that will negotiate NTLM with the companies proxy.
Then I should be able to change my proxy settings to point to the java
program and everything should work. Perhaps this could work for you as
well.
This will require java 1.5 as well.
-Steve More
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
For additional commands, e-mail: users-help@maven.apache.org
Re: Firewall/proxy issues
Posted by Mykel Alvis <my...@weirdness.com>.
Hi Steve,
I did that (thanks very much for that incredibly useful snippet) and I get
[localbuild@BHBHVMVMLXBuild1AH ~]$ java -cp . debugISA
Server: Proxy-Authenticate: NTLM
Server: Proxy-Authenticate: BASIC realm="User"
I definitely know I can do BASIC auth out of the proxy, because that's how
it works with Firefox, etc as well as the way the wget works above. The
real question appears to be why can't I seem to get it to work with maven
using the same settings that work for BASIC auth in my settings.xml or maybe
even in java properties?
Are there other settings to try, or maybe a variant method for specifying
BASIC auth explicitly?
On 12/28/06, Stephen More <st...@gmail.com> wrote:
>
> If you are not sure what methods are supported, try this:
>
> public class debugISA
> {
> public static void main(String[] args) throws Exception
> {
> try
> {
> // Enter the ip and port of your proxy here
> java.net.Socket socket = new java.net.Socket( "10.5.0.99",
> 8080 );
> java.io.DataOutputStream os = new
> java.io.DataOutputStream( socket.getOutputStream() );
> java.io.DataInputStream is = new java.io.DataInputStream(
> socket.getInputStream() );
> java.util.regex.Pattern p =
> java.util.regex.Pattern.compile( "Proxy-Authenticate.*" );
>
> if( socket != null && os != null && is != null)
> {
> os.writeBytes("GET http://www.google.com/ HTTP/1.1");
> os.writeBytes("\015\012\015\012\015\012\015\012");
>
> String responseLine;
> while ((responseLine = is.readLine()) != null) {
> java.util.regex.Matcher m = p.matcher( responseLine );
> if( m.matches() )
> {
> System.out.println("Server: " + responseLine);
> }
> }
> os.close();
> is.close();
> socket.close();
> }
> }
> catch( Exception e )
> {
> System.err.println("Exception: " + e);
> }
> }
> }
>
>
> -Steve
>
> On 12/28/06, Stephen More <st...@gmail.com> wrote:
> > Do you know what method your proxy supports ?
> >
> > Proxy-Authenticate: Basic
> > Proxy-Authenticate: NTLM
> > Proxy-Authenticate: Kerberos
> > Proxy-Authenticate: Negotiate
> >
> >
> > Our staff removed Basic support and I ran into all sorts of problems.
> >
> > -Steve More
> >
> > On 12/7/06, Mykel Alvis <my...@weirdness.com> wrote:
> > > By copying my repository from the windows box, I was able to determine
> that
> > > the settings are correctly being acquired.
> > >
> > > The problem appears to be with some interaction with the wagon
> client. I'll
> > > take this issue on over to that list.
> > >
> > > On 12/7/06, Mykel Alvis <my...@weirdness.com> wrote:
> > > >
> > > > Heh. That's a chicken and egg problem. The help plugin doesn't come
> with
> > > > the base install, so getting it to debug the method I'm using to get
> plugins
> > > > is a little problematic. :)
> > > >
> > > > Hmm... I guess I could look at using a windows machine as a proxy
> for my
> > > > connection just to get the plugins, though.
> > > >
> > > > Thanks!
> > > >
> > > > On 12/7/06, Aaron Digulla <di...@hepe.com> wrote:
> > > > >
> > > > >
> > > > >
> > > > > Mykel Alvis-2 wrote:
> > > > > >
> > > > > > The Linux build boxes, with the exact same file for settings,
> will
> > > > > not.
> > > > > >
> > > > >
> > > > > Does mvn help:effective-settings show your proxy settings?
> > > > >
> > > > > Also, you may try to install a dummy/forwarding proxy which logs
> all
> > > > > traffic
> > > > > to see what the two talk with each other.
> > > > >
> > > > > Regards,
> > > > >
> > > > > --
> > > > > Aaron Digulla
> > > > > --
> > > > > View this message in context:
> http://www.nabble.com/Firewall-proxy-issues-tf2771836s177.html#a7738866
> > > > >
> > > > > Sent from the Maven - Users mailing list archive at Nabble.com.
> > > > >
> > > > >
> > > > >
> ---------------------------------------------------------------------
> > > > > To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
> > > > > For additional commands, e-mail: users-help@maven.apache.org
> > > > >
> > > > >
> > > >
> > > >
> > > > --
> > > > I'm just an unfrozen caveman software developer. I don't understand
> your
> > > > strange, "modern" ways.
> > > >
> > >
> > >
> > >
> > > --
> > > I'm just an unfrozen caveman software developer. I don't understand
> your
> > > strange, "modern" ways.
> > >
> > >
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
> For additional commands, e-mail: users-help@maven.apache.org
>
>
--
I'm just an unfrozen caveman software developer. I don't understand your
strange, "modern" ways.
Re: Firewall/proxy issues
Posted by Stephen More <st...@gmail.com>.
If you are not sure what methods are supported, try this:
public class debugISA
{
public static void main(String[] args) throws Exception
{
try
{
// Enter the ip and port of your proxy here
java.net.Socket socket = new java.net.Socket( "10.5.0.99", 8080 );
java.io.DataOutputStream os = new
java.io.DataOutputStream( socket.getOutputStream() );
java.io.DataInputStream is = new java.io.DataInputStream(
socket.getInputStream() );
java.util.regex.Pattern p =
java.util.regex.Pattern.compile( "Proxy-Authenticate.*" );
if( socket != null && os != null && is != null)
{
os.writeBytes("GET http://www.google.com/ HTTP/1.1");
os.writeBytes("\015\012\015\012\015\012\015\012");
String responseLine;
while ((responseLine = is.readLine()) != null) {
java.util.regex.Matcher m = p.matcher( responseLine );
if( m.matches() )
{
System.out.println("Server: " + responseLine);
}
}
os.close();
is.close();
socket.close();
}
}
catch( Exception e )
{
System.err.println("Exception: " + e);
}
}
}
-Steve
On 12/28/06, Stephen More <st...@gmail.com> wrote:
> Do you know what method your proxy supports ?
>
> Proxy-Authenticate: Basic
> Proxy-Authenticate: NTLM
> Proxy-Authenticate: Kerberos
> Proxy-Authenticate: Negotiate
>
>
> Our staff removed Basic support and I ran into all sorts of problems.
>
> -Steve More
>
> On 12/7/06, Mykel Alvis <my...@weirdness.com> wrote:
> > By copying my repository from the windows box, I was able to determine that
> > the settings are correctly being acquired.
> >
> > The problem appears to be with some interaction with the wagon client. I'll
> > take this issue on over to that list.
> >
> > On 12/7/06, Mykel Alvis <my...@weirdness.com> wrote:
> > >
> > > Heh. That's a chicken and egg problem. The help plugin doesn't come with
> > > the base install, so getting it to debug the method I'm using to get plugins
> > > is a little problematic. :)
> > >
> > > Hmm... I guess I could look at using a windows machine as a proxy for my
> > > connection just to get the plugins, though.
> > >
> > > Thanks!
> > >
> > > On 12/7/06, Aaron Digulla <di...@hepe.com> wrote:
> > > >
> > > >
> > > >
> > > > Mykel Alvis-2 wrote:
> > > > >
> > > > > The Linux build boxes, with the exact same file for settings, will
> > > > not.
> > > > >
> > > >
> > > > Does mvn help:effective-settings show your proxy settings?
> > > >
> > > > Also, you may try to install a dummy/forwarding proxy which logs all
> > > > traffic
> > > > to see what the two talk with each other.
> > > >
> > > > Regards,
> > > >
> > > > --
> > > > Aaron Digulla
> > > > --
> > > > View this message in context: http://www.nabble.com/Firewall-proxy-issues-tf2771836s177.html#a7738866
> > > >
> > > > Sent from the Maven - Users mailing list archive at Nabble.com.
> > > >
> > > >
> > > > ---------------------------------------------------------------------
> > > > To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
> > > > For additional commands, e-mail: users-help@maven.apache.org
> > > >
> > > >
> > >
> > >
> > > --
> > > I'm just an unfrozen caveman software developer. I don't understand your
> > > strange, "modern" ways.
> > >
> >
> >
> >
> > --
> > I'm just an unfrozen caveman software developer. I don't understand your
> > strange, "modern" ways.
> >
> >
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
For additional commands, e-mail: users-help@maven.apache.org
Re: Firewall/proxy issues
Posted by Stephen More <st...@gmail.com>.
Do you know what method your proxy supports ?
Proxy-Authenticate: Basic
Proxy-Authenticate: NTLM
Proxy-Authenticate: Kerberos
Proxy-Authenticate: Negotiate
Our staff removed Basic support and I ran into all sorts of problems.
-Steve More
On 12/7/06, Mykel Alvis <my...@weirdness.com> wrote:
> By copying my repository from the windows box, I was able to determine that
> the settings are correctly being acquired.
>
> The problem appears to be with some interaction with the wagon client. I'll
> take this issue on over to that list.
>
> On 12/7/06, Mykel Alvis <my...@weirdness.com> wrote:
> >
> > Heh. That's a chicken and egg problem. The help plugin doesn't come with
> > the base install, so getting it to debug the method I'm using to get plugins
> > is a little problematic. :)
> >
> > Hmm... I guess I could look at using a windows machine as a proxy for my
> > connection just to get the plugins, though.
> >
> > Thanks!
> >
> > On 12/7/06, Aaron Digulla <di...@hepe.com> wrote:
> > >
> > >
> > >
> > > Mykel Alvis-2 wrote:
> > > >
> > > > The Linux build boxes, with the exact same file for settings, will
> > > not.
> > > >
> > >
> > > Does mvn help:effective-settings show your proxy settings?
> > >
> > > Also, you may try to install a dummy/forwarding proxy which logs all
> > > traffic
> > > to see what the two talk with each other.
> > >
> > > Regards,
> > >
> > > --
> > > Aaron Digulla
> > > --
> > > View this message in context: http://www.nabble.com/Firewall-proxy-issues-tf2771836s177.html#a7738866
> > >
> > > Sent from the Maven - Users mailing list archive at Nabble.com.
> > >
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
> > > For additional commands, e-mail: users-help@maven.apache.org
> > >
> > >
> >
> >
> > --
> > I'm just an unfrozen caveman software developer. I don't understand your
> > strange, "modern" ways.
> >
>
>
>
> --
> I'm just an unfrozen caveman software developer. I don't understand your
> strange, "modern" ways.
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
For additional commands, e-mail: users-help@maven.apache.org
Re: Firewall/proxy issues
Posted by Mykel Alvis <my...@weirdness.com>.
By copying my repository from the windows box, I was able to determine that
the settings are correctly being acquired.
The problem appears to be with some interaction with the wagon client. I'll
take this issue on over to that list.
On 12/7/06, Mykel Alvis <my...@weirdness.com> wrote:
>
> Heh. That's a chicken and egg problem. The help plugin doesn't come with
> the base install, so getting it to debug the method I'm using to get plugins
> is a little problematic. :)
>
> Hmm... I guess I could look at using a windows machine as a proxy for my
> connection just to get the plugins, though.
>
> Thanks!
>
> On 12/7/06, Aaron Digulla <di...@hepe.com> wrote:
> >
> >
> >
> > Mykel Alvis-2 wrote:
> > >
> > > The Linux build boxes, with the exact same file for settings, will
> > not.
> > >
> >
> > Does mvn help:effective-settings show your proxy settings?
> >
> > Also, you may try to install a dummy/forwarding proxy which logs all
> > traffic
> > to see what the two talk with each other.
> >
> > Regards,
> >
> > --
> > Aaron Digulla
> > --
> > View this message in context: http://www.nabble.com/Firewall-proxy-issues-tf2771836s177.html#a7738866
> >
> > Sent from the Maven - Users mailing list archive at Nabble.com.
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
> > For additional commands, e-mail: users-help@maven.apache.org
> >
> >
>
>
> --
> I'm just an unfrozen caveman software developer. I don't understand your
> strange, "modern" ways.
>
--
I'm just an unfrozen caveman software developer. I don't understand your
strange, "modern" ways.
Re: Firewall/proxy issues
Posted by Mykel Alvis <my...@weirdness.com>.
Heh. That's a chicken and egg problem. The help plugin doesn't come with
the base install, so getting it to debug the method I'm using to get plugins
is a little problematic. :)
Hmm... I guess I could look at using a windows machine as a proxy for my
connection just to get the plugins, though.
Thanks!
On 12/7/06, Aaron Digulla <di...@hepe.com> wrote:
>
>
>
> Mykel Alvis-2 wrote:
> >
> > The Linux build boxes, with the exact same file for settings, will not.
> >
>
> Does mvn help:effective-settings show your proxy settings?
>
> Also, you may try to install a dummy/forwarding proxy which logs all
> traffic
> to see what the two talk with each other.
>
> Regards,
>
> --
> Aaron Digulla
> --
> View this message in context:
> http://www.nabble.com/Firewall-proxy-issues-tf2771836s177.html#a7738866
> Sent from the Maven - Users mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
> For additional commands, e-mail: users-help@maven.apache.org
>
>
--
I'm just an unfrozen caveman software developer. I don't understand your
strange, "modern" ways.
Re: Firewall/proxy issues
Posted by Aaron Digulla <di...@hepe.com>.
Mykel Alvis-2 wrote:
>
> The Linux build boxes, with the exact same file for settings, will not.
>
Does mvn help:effective-settings show your proxy settings?
Also, you may try to install a dummy/forwarding proxy which logs all traffic
to see what the two talk with each other.
Regards,
--
Aaron Digulla
--
View this message in context: http://www.nabble.com/Firewall-proxy-issues-tf2771836s177.html#a7738866
Sent from the Maven - Users mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
For additional commands, e-mail: users-help@maven.apache.org