You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@geronimo.apache.org by "Brill Pappin (JIRA)" <ji...@apache.org> on 2008/04/20 06:32:21 UTC
[jira] Created: (GERONIMO-3969) maven2 module goals should use
standard server definitions.
maven2 module goals should use standard server definitions.
-----------------------------------------------------------
Key: GERONIMO-3969
URL: https://issues.apache.org/jira/browse/GERONIMO-3969
Project: Geronimo
Issue Type: Improvement
Security Level: public (Regular issues)
Components: car-maven-plugin, geronimo-maven-plugin
Affects Versions: 2.1
Environment: Geronimo 2.1
Reporter: Brill Pappin
The maven 2 geronimo plugins should be using the server definitions that are usually entered in the settings.xml file.
However it appears that I have to add the administrators username and password to the plugin definition, which in turn means that some highly secured information will get checked into source control.
If it does userthe server definitions, then that fact is not documented on the plugin site (that I could find). located at: http://geronimo.apache.org/maven/server/maven-plugins/geronimo-maven-plugin/plugin-info.html
I hesitate to call this a bug because it may still work, but its darn close because of the security implications (in my case it makes it unusable).
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (GERONIMO-3969) maven2 module goals should use
standard server definitions.
Posted by "Jacek Laskowski (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/GERONIMO-3969?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12590754#action_12590754 ]
Jacek Laskowski commented on GERONIMO-3969:
-------------------------------------------
Although I have almost no experience as far as maven plugins go yet I'm leaning towards Brill's point of view. I consider settings.xml file a global registry of user settings. The settings.xml file's documentation page - http://maven.apache.org/ref/2.0.8/maven-settings/settings.html reads:
"This is a reference for the user-specific configuration for Maven."
So, I can envision that when a project uses Geronimo a developer could configure it differently with properties (as Dave pointed out) or <server> stanza. Although <server> stanza is used for wagon-based plugins (deploy and such) we could borrow some ideas from it to let people use it for Geronimo too. If they don't it quickly becomes a dead code and we'll whack it. It should be pretty easy to implement and I'd bet there're people out there who'd like to contribute to Geronimo and that would be an excellent task to get started with.
BTW, Dave, why are you so worried that we could potentially overuse <server> stanza?
> maven2 module goals should use standard server definitions.
> -----------------------------------------------------------
>
> Key: GERONIMO-3969
> URL: https://issues.apache.org/jira/browse/GERONIMO-3969
> Project: Geronimo
> Issue Type: Improvement
> Security Level: public(Regular issues)
> Components: car-maven-plugin, geronimo-maven-plugin
> Affects Versions: 2.1
> Environment: Geronimo 2.1
> Reporter: Brill Pappin
> Original Estimate: 1h
> Remaining Estimate: 1h
>
> The maven 2 geronimo plugins should be using the server definitions that are usually entered in the settings.xml file.
> However it appears that I have to add the administrators username and password to the plugin definition, which in turn means that some highly secured information will get checked into source control.
> If it does userthe server definitions, then that fact is not documented on the plugin site (that I could find). located at: http://geronimo.apache.org/maven/server/maven-plugins/geronimo-maven-plugin/plugin-info.html
> I hesitate to call this a bug because it may still work, but its darn close because of the security implications (in my case it makes it unusable).
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (GERONIMO-3969) maven2 module goals should use
standard server definitions.
Posted by "Brill Pappin (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/GERONIMO-3969?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12590743#action_12590743 ]
Brill Pappin commented on GERONIMO-3969:
----------------------------------------
Actually, that's not quite correct. Although using substitution properties might actually work and resolve the problem in the short run, it is definitely *not* the "maven" way of doing it (and the point of maven is repeatable build after all).
See: http://maven.apache.org/settings.html#Servers
See: http://maven.apache.org/ref/2.0.8/maven-settings/settings.html#class_server
See: http://mojo.codehaus.org/tomcat-maven-plugin/configuration.html
The servers element of the settings file is supposed to provide server<->user dependent information to the build. An example of this would be when you run the mvn deploy goal and your artifact is deployed to an Archiva repository. Another example would be the tomcat deploy (from the tomcat plugin) goal, which properly uses the server configurations to deploy a war artifact to a Tomcat server.
As for specific relevance to the car plugin, I though I'd seen the same pattern but I may be mistaken.... if so, the car plugin component can be removed from the issue.
> maven2 module goals should use standard server definitions.
> -----------------------------------------------------------
>
> Key: GERONIMO-3969
> URL: https://issues.apache.org/jira/browse/GERONIMO-3969
> Project: Geronimo
> Issue Type: Improvement
> Security Level: public(Regular issues)
> Components: car-maven-plugin, geronimo-maven-plugin
> Affects Versions: 2.1
> Environment: Geronimo 2.1
> Reporter: Brill Pappin
> Original Estimate: 1h
> Remaining Estimate: 1h
>
> The maven 2 geronimo plugins should be using the server definitions that are usually entered in the settings.xml file.
> However it appears that I have to add the administrators username and password to the plugin definition, which in turn means that some highly secured information will get checked into source control.
> If it does userthe server definitions, then that fact is not documented on the plugin site (that I could find). located at: http://geronimo.apache.org/maven/server/maven-plugins/geronimo-maven-plugin/plugin-info.html
> I hesitate to call this a bug because it may still work, but its darn close because of the security implications (in my case it makes it unusable).
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (GERONIMO-3969) maven2 module goals should use
standard server definitions.
Posted by "David Jencks (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/GERONIMO-3969?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12590773#action_12590773 ]
David Jencks commented on GERONIMO-3969:
----------------------------------------
I assumed that since it has stuff like file system permissions in it it was intended specifically for use with the maven-deploy-plugin. I checked with jason van zyl who says using it for geronimo is completely in line with the intended usage, so lets go for it. As Jacek says a patch would be welcome :-)
> maven2 module goals should use standard server definitions.
> -----------------------------------------------------------
>
> Key: GERONIMO-3969
> URL: https://issues.apache.org/jira/browse/GERONIMO-3969
> Project: Geronimo
> Issue Type: Improvement
> Security Level: public(Regular issues)
> Components: car-maven-plugin, geronimo-maven-plugin
> Affects Versions: 2.1
> Environment: Geronimo 2.1
> Reporter: Brill Pappin
> Original Estimate: 1h
> Remaining Estimate: 1h
>
> The maven 2 geronimo plugins should be using the server definitions that are usually entered in the settings.xml file.
> However it appears that I have to add the administrators username and password to the plugin definition, which in turn means that some highly secured information will get checked into source control.
> If it does userthe server definitions, then that fact is not documented on the plugin site (that I could find). located at: http://geronimo.apache.org/maven/server/maven-plugins/geronimo-maven-plugin/plugin-info.html
> I hesitate to call this a bug because it may still work, but its darn close because of the security implications (in my case it makes it unusable).
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (GERONIMO-3969) maven2 module goals should use
standard server definitions.
Posted by "Brill Pappin (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/GERONIMO-3969?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12590783#action_12590783 ]
Brill Pappin commented on GERONIMO-3969:
----------------------------------------
I could try doing the changes, but I usually have trouble building apache modules because they have so many interlinking dependencies which are not always in repositories I can see (getting all the bits together and get a build to run can consume a lot of time).
However the Tomcat deploy plugin is fairly simple, and it should be obvious looking at its source how it's used.
This is what looks to be the relevant pieces if I take a quick look at the SVN repo for the plugin:
First you instance members:
==
/**
* The Maven Wagon manager to use when obtaining server authentication
* details.
*
* @parameter expression = "${component.org.apache.maven.artifact.manager.WagonManager}"
* @required
* @readonly
*/
private WagonManager wagonManager;
/**
* The server id in settings.xml to use when authenticating with Tomcat
* manager, or <code>null</code> to use defaults of username
* <code>admin</code> and no password.
*
* @parameter expression = "${maven.tomcat.server}"
*/
private String server;
==
and then in your execution:
==
// obtain authenication details for specified server from wagon
AuthenticationInfo info = wagonManager.getAuthenticationInfo( server );
if ( info == null )
{
throw new MojoExecutionException( getMessage( "AbstractCatalinaMojo.unknownServer", server ) );
}
// derive username
userName = info.getUserName();
if ( userName == null )
{
getLog().debug( getMessage( "AbstractCatalinaMojo.defaultUserName" ) );
userName = DEFAULT_USERNAME;
}
// derive password
password = info.getPassword();
if ( password == null )
{
getLog().debug( getMessage( "AbstractCatalinaMojo.defaultPassword" ) );
password = DEFAULT_PASSWORD;
}
==
> maven2 module goals should use standard server definitions.
> -----------------------------------------------------------
>
> Key: GERONIMO-3969
> URL: https://issues.apache.org/jira/browse/GERONIMO-3969
> Project: Geronimo
> Issue Type: Improvement
> Security Level: public(Regular issues)
> Components: car-maven-plugin, geronimo-maven-plugin
> Affects Versions: 2.1
> Environment: Geronimo 2.1
> Reporter: Brill Pappin
> Original Estimate: 1h
> Remaining Estimate: 1h
>
> The maven 2 geronimo plugins should be using the server definitions that are usually entered in the settings.xml file.
> However it appears that I have to add the administrators username and password to the plugin definition, which in turn means that some highly secured information will get checked into source control.
> If it does userthe server definitions, then that fact is not documented on the plugin site (that I could find). located at: http://geronimo.apache.org/maven/server/maven-plugins/geronimo-maven-plugin/plugin-info.html
> I hesitate to call this a bug because it may still work, but its darn close because of the security implications (in my case it makes it unusable).
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (GERONIMO-3969) maven2 module goals should use
standard server definitions.
Posted by "Brill Pappin (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/GERONIMO-3969?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12590769#action_12590769 ]
Brill Pappin commented on GERONIMO-3969:
----------------------------------------
David, I'm not sure I understand why you think it's different?
The "<server> stanza" contains authentication information for a particular server... why wouldn't it apply when I'm connecting to a Geronimo server that requires authentication (for whatever reason)?
> maven2 module goals should use standard server definitions.
> -----------------------------------------------------------
>
> Key: GERONIMO-3969
> URL: https://issues.apache.org/jira/browse/GERONIMO-3969
> Project: Geronimo
> Issue Type: Improvement
> Security Level: public(Regular issues)
> Components: car-maven-plugin, geronimo-maven-plugin
> Affects Versions: 2.1
> Environment: Geronimo 2.1
> Reporter: Brill Pappin
> Original Estimate: 1h
> Remaining Estimate: 1h
>
> The maven 2 geronimo plugins should be using the server definitions that are usually entered in the settings.xml file.
> However it appears that I have to add the administrators username and password to the plugin definition, which in turn means that some highly secured information will get checked into source control.
> If it does userthe server definitions, then that fact is not documented on the plugin site (that I could find). located at: http://geronimo.apache.org/maven/server/maven-plugins/geronimo-maven-plugin/plugin-info.html
> I hesitate to call this a bug because it may still work, but its darn close because of the security implications (in my case it makes it unusable).
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (GERONIMO-3969) maven2 module goals should use
standard server definitions.
Posted by "David Jencks (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/GERONIMO-3969?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12590742#action_12590742 ]
David Jencks commented on GERONIMO-3969:
----------------------------------------
Could you explain how this is relevant to the car-maven-plugin?
I'm not entirely clear on what configuration you are objecting to, an example would have clarified substantially.
For the geronimo-maven-plugin, I haven't looked at the configuration recently, but imagine it has something like
<configuration>
<userName>system</userName>
<password>manager</password>
</configuration>
(an example where the values are hardcoded)
Normally, maven doesn't provide any automatic way of setting these values from elsewhere, but the normal way to set up configuration with such settings is like this:
<configuration>
<userName>${geronimo.user}</userName>
<password>${geronimo.password}</password>
</configuration>
and you can then define the substitution variables in your settings.xml file in an appropriate profile.
Does this not work here? If so, can you provide more details of what goes wrong?
> maven2 module goals should use standard server definitions.
> -----------------------------------------------------------
>
> Key: GERONIMO-3969
> URL: https://issues.apache.org/jira/browse/GERONIMO-3969
> Project: Geronimo
> Issue Type: Improvement
> Security Level: public(Regular issues)
> Components: car-maven-plugin, geronimo-maven-plugin
> Affects Versions: 2.1
> Environment: Geronimo 2.1
> Reporter: Brill Pappin
> Original Estimate: 1h
> Remaining Estimate: 1h
>
> The maven 2 geronimo plugins should be using the server definitions that are usually entered in the settings.xml file.
> However it appears that I have to add the administrators username and password to the plugin definition, which in turn means that some highly secured information will get checked into source control.
> If it does userthe server definitions, then that fact is not documented on the plugin site (that I could find). located at: http://geronimo.apache.org/maven/server/maven-plugins/geronimo-maven-plugin/plugin-info.html
> I hesitate to call this a bug because it may still work, but its darn close because of the security implications (in my case it makes it unusable).
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (GERONIMO-3969) maven2 module goals should use
standard server definitions.
Posted by "David Jencks (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/GERONIMO-3969?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12590745#action_12590745 ]
David Jencks commented on GERONIMO-3969:
----------------------------------------
To me, the use for the maven-deploy-plugin seems different in character to the use in the tomcat-maven-plugin. For one thing all the possible settings (file/directory permissions) are relevant. I'd prefer some confirmation from maven developers that use of a server id would be appropriate here before making any changes. Substitution properties are used quite a bit in the maven builds, such as to specify the staging repo for plugin deployment.
> maven2 module goals should use standard server definitions.
> -----------------------------------------------------------
>
> Key: GERONIMO-3969
> URL: https://issues.apache.org/jira/browse/GERONIMO-3969
> Project: Geronimo
> Issue Type: Improvement
> Security Level: public(Regular issues)
> Components: car-maven-plugin, geronimo-maven-plugin
> Affects Versions: 2.1
> Environment: Geronimo 2.1
> Reporter: Brill Pappin
> Original Estimate: 1h
> Remaining Estimate: 1h
>
> The maven 2 geronimo plugins should be using the server definitions that are usually entered in the settings.xml file.
> However it appears that I have to add the administrators username and password to the plugin definition, which in turn means that some highly secured information will get checked into source control.
> If it does userthe server definitions, then that fact is not documented on the plugin site (that I could find). located at: http://geronimo.apache.org/maven/server/maven-plugins/geronimo-maven-plugin/plugin-info.html
> I hesitate to call this a bug because it may still work, but its darn close because of the security implications (in my case it makes it unusable).
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.