You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@maven.apache.org by mi...@apache.org on 2020/12/04 17:55:31 UTC
[maven-site] branch master updated: Document auth scope limitation
lift for WAGON-590
This is an automated email from the ASF dual-hosted git repository.
michaelo pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/maven-site.git
The following commit(s) were added to refs/heads/master by this push:
new dd59f47 Document auth scope limitation lift for WAGON-590
dd59f47 is described below
commit dd59f4768e57534d6d49269ecc0bca947fe37551
Author: mildis <mi...@users.noreply.github.com>
AuthorDate: Fri Dec 4 11:05:37 2020 +0100
Document auth scope limitation lift for WAGON-590
This closes #217
---
content/apt/guides/mini/guide-http-settings.apt | 33 +++++++++++++++++++++++++
1 file changed, 33 insertions(+)
diff --git a/content/apt/guides/mini/guide-http-settings.apt b/content/apt/guides/mini/guide-http-settings.apt
index 33d7dc1..0ea7aae 100644
--- a/content/apt/guides/mini/guide-http-settings.apt
+++ b/content/apt/guides/mini/guide-http-settings.apt
@@ -301,6 +301,39 @@ problems with HTTP servers and proxies that do not support HTTP/1.1 protocol.
</settings>
+---+
+**Example: Lifting auth scope restriction for external authentication systems
+
+ Maven Wagon by default limits supplied credentials to the host:port combination
+ scope, ignoring any other target servers. When the target server delegates
+ authentication to an external system, you need to deliberately lift that scope
+ limitation. Configure your server element to pass authentication to all target
+ servers which challenge the client.
++---+
+<settings>
+ <servers>
+ <server>
+ <id>my-server</id>
+ <configuration>
+ <basicAuthScope>
+ <host>ANY</host>
+ <port>ANY</port> <!-- or even 443 to force the use of TLS -->
+ </basicAuthScope>
+ <httpConfiguration>
+ <all>
+ <params>
+ <property>
+ <name>http.protocol.cookie-policy</name>
+ <value>standard</value>
+ </property>
+ </params>
+ </all>
+ </httpConfiguration>
+ </configuration>
+ </server>
+ </servers>
+</settings>
++---+
+
**Ignoring Cookies
Like the example above, telling the HttpClient to ignore cookies for all methods of request is a simple matter of