Is there anyone have tested how to deploy artifacts within Archiva which security enabled.
I have the following configuration
My ivysettings.xml
<ivysettings>
<settings defaultResolver="archiva"/>
<resolvers>
<ibiblio name="archiva"
m2compatible="true"
root="http://localhost:8080/archiva/repository/internal/[organization]/[module]/[revision]/[artifact]-[revision].[ext]"/>
</resolvers>
</ivysettings>
My build.xml
<target name="ivy-init">
<ivy:settings file="${ivy.settings.dir}/ivysettings.xml" refid="ivy.classpath">
<credentials host="localhost"
realm="Repository Archiva Managed Internal Repository"
username="deploy_user" passwd="deploy_pwd" />
</ivy:settings>
</target>
<target name="deploy2Archiva"
depends="jar,local-maven-version">
<ivy:makepom ivyfile="${ivy.file}"
pomfile="dist/demo-core.pom">
<mapping conf="compile" scope="compile"/>
<mapping conf="test" scope="test"/>
</ivy:makepom>
<ivy:publish
resolver="public"
pubrevision="${version}"
overwrite="true"
pubdate="${now}"
status="release"
forcedeliver="true"
artifactspattern="${dist.dir}/[artifact].[ext]"/>
</target>
My Archiva deploy_user has the 'Repository Manager' Archiva role but I get an unauthorized message.
In fact, the credentials doesn't seem to be into account because if I set the 'Repository Manager' to the guest Archiva user (unauthenticated user), the artifacts are deployed.
Archiva uses the protocol webdav. Have you got experimented credentials with an Ivy webdav resolver?
Any thoughts on this?
The realm attribute of the credentials element seems to be case-sensitive so you may want to try using realm="Repository Archiva Managed internal Repository" (note the lower case 'i' in 'internal'!)
Was having a lot of trouble with this as well. Here's the solution:
Turn debug logging on for Ant
Look for a message like this just before the exception:
[ivy:publish] try to get credentials for: Repository Archiva Managed internal Repository#domain.com
You need to add into your ivysettings.xml file credentials that match what it's looking for
<credentials
host="domain.com"
realm="Repository Archiva Managed internal Repository"
username="username"
passwd="password" />
The Realm being "Repository Archiva Managed internal Repository" and the host being "domain.com", replaced with whatever values are showing up in your debug output, as well as your correct username and password.
I hope this helps someone!
Related
I tries to start Infinispan 10.1.3 in server mode. But after security configuration I have following error in CLI:
[disconnected]> connect
Username: admin
Password: ********
The user is not allowed to access the server resource: ISPN000287: Unauthorized access: subject 'null' lacks 'ADMIN' permission
In result I can't connect to my Infinspan server via CLI :(
I created all Infinispan configuration exactly according documentation:
in file infinispan.xml I added:
<security>
<authorization>
<identity-role-mapper />
<role name="all" permissions="ALL" />
<role name="reader" permissions="READ" />
<role name="writer" permissions="WRITE" />
<role name="supervisor" permissions="READ WRITE EXEC"/>
</authorization>
</security>
...
<endpoints socket-binding="default" security-realm="default">
<hotrod-connector name="hotrod">
<authentication>
<sasl mechanisms="SCRAM-SHA-512 SCRAM-SHA-384 SCRAM-SHA-256
SCRAM-SHA-1 DIGEST-SHA-512 DIGEST-SHA-384
DIGEST-SHA-256 DIGEST-SHA DIGEST-MD5 PLAIN"
server-name="infinispan"
qop="auth"/>
</authentication>
</hotrod-connector>
<rest-connector name="rest">
<authentication mechanisms="DIGEST BASIC"/>
</rest-connector>
</endpoints>
In file users.properties I added:
admin=123
In file groups.properties I added:
admin=admin
The CLI uses the REST API. I'm not sure if your configuration is correct, but I'm fixing some issues that might be related just now. Will be probably released in the next 10.1.x version
https://issues.redhat.com/browse/ISPN-11525
Update:
If you upgrade your 10.1.x version, it should work now
I am trying to setup Keycloak with Tomcat 8.
I followed the instruction carefully. I downloaded the Client Adapter for Tomcat8 and copied all the jar into $CATALINA_HOME/lib directory. I modified my web.xml login-config to use KEYCLOAK. Yet when I started Tomcat I kept getting Severe Error Unknown Authenticator??
Anywhere I googled everyone said you have to install the Client Adapter but.. in my case IT IS ALREADY THERE!!! HELP!!
I think you forgot to create a META-INF directory beside the WEB-INF and put a file named context.xml into it:
The contents of this file has to be
<?xml version="1.0" encoding="UTF-8"?>
<Context>
<Valve className="org.keycloak.adapters.tomcat.KeycloakAuthenticatorValve"/>
</Context>
This is not needed if you deploy the war into WildFly. I had the same problem when I tried to transfer a well working webApp from WildFly to Tomcat.
We have an app that is being deployed as an ear. Within this ear, there is a war that needs to use a specific security domain.
To achieve this, we have configured the standalone-full-ha.xml with the following security section
<security-domain name="ourDomain" cache-type="default">
<authentication>
<login-module code="blah.blah.OurDomain" flag="required" />
</authentication>
</security-domain>
ear/war/WEB-INF/jboss-web.xml is configured as follows:
<?xml version="1.0" encoding="UTF-8"?>
<jboss-web>
<security-domain>Quark</security-domain>
<disable-audit>true</disable-audit>
</jboss-web>
With this configuration, the app tries to authenticate against the "other" domain which is there in JBoss by default.
log entries as follows:
TRACE [org.jboss.security] (http-/127.0.0.1:8080-6) PBOX000224: End getAppConfigurationEntry(other), AuthInfo: AppConfigurationEntry[]:
[0]
LoginModule Class: org.jboss.as.security.remoting.RemotingLoginModule
ControlFlag: LoginModuleControlFlag: optional
Options:
name=password-stacking, value=useFirstPass
[1]
LoginModule Class: org.jboss.as.security.RealmDirectLoginModule
ControlFlag: LoginModuleControlFlag: required
Options:
name=password-stacking, value=useFirstPass
When trying to define this as part of the ear in ear/META-INF/jboss-app.xml, that made the whole thing blow up pretty spectacularly - so figured that was less likely to be the way to resolve this.
If the default security domain is changed to ourDomain however, it all works as expected.
This doesn't seem to be a big deal - however, it feels better to be able to leave as much of the configuration in the app as possible.
Any pointers to resolve this appreciated.
Your security domain name specified in jboss-web.xml needs to match the name of some security domain in your JBoss config, in your case the web descriptor specifies Quark while the security subsystem defined domain named ourDomain.
Whenever JBoss can not find the security domain you request in your jboss-web.xml, it will fallback to the default security domain, which in case of 7.x is named other.
Hi I am trying to reach my repository via JNDI.
I recieve the following message when i try to connect:
"The repository home C:\apache-tomcat-7.0.53-windows-x64\apache-tomcat-7.0.53\bin\myrepo > appears to be in use since the file named .lock is already locked by the current process."
This code is runing on a web application, deployed on the same Tomcat.
InitialContext context = new InitialContext();
Context environment = (Context) context.lookup("java:comp/env");
Repository repository = (Repository) environment.lookup("jcr/repository");
Tomcat is locking "myrepo" when it starts and wont release it until I shuts it down.
Why is this happening?
Im running apache-tomcat-7.0.53-windows-x64 on Windows 7, using jackrabbit-webapp-2.6.5.war.
Edit May 10:
I have now tried to edit server.xml ann context.xml for my tomcat.
server.xml:
<GlobalNamingResources>
<!-- Editable user database that can also be used by
UserDatabaseRealm to authenticate users -->
<Resource name="UserDatabase" auth="Container"
type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved"
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
pathname="conf/tomcat-users.xml" />
<Resource configFilePath="C:\apache-tomcat-7.0.53-windows-x64\apache-tomcat-7.0.53\bin\myrepo\repository.xml"
factory="org.apache.jackrabbit.core.jndi.BindableRepositoryFactory"
name="jcr/globalRepository" repHomeDir="C:\apache-tomcat-7.0.53-windows-x64\apache-tomcat-7.0.53\bin\myrepo"
type="javax.jcr.Repository"
auth="Container" />
</GlobalNamingResources>
context.xml
<ResourceLink name="jcr/repository"
global="jcr/globalRepository"
type="javax.jcr.Repository"/>
The error is still the same.
There are a .lock file inside the repository folder. delete that file.
Can I use NLog in a WCF Service? I am trying to but cannot get it to work.
First I set up a simple configuration in a Windows Forms application to check that I was setting up correctly and this wrote the log file fine (I am writing to a network location using name and not IP address).
I then did exactly the same thing in the WCF Service. It did not work.
To check permissions I then added some code to use a TextWriter.
TextWriter tw = new StreamWriter(fileName);
tw.WriteLine(DateTime.Now);
tw.Close();
This worked OK so I know I can write to the location.
Check that your NLog.config file is in the same directory as your .svc file and NOT the Bin directory.
If you've just added the config file to the WCF project, then published it you will probably find your config file has been copied to the bin directory which is why NLog can't find it. Move it to up a level then restart the website hosting the service (to make sure the change is picked up).
This had me stumped for a while this morning!
Put your NLog config in the web.config file. Like so:
<?xml version="1.0"?>
<configuration>
<configSections>
<section name="nlog" type="NLog.Config.ConfigSectionHandler, NLog"/>
</configSections>
. . . (lots of web stuff)
<nlog>
<targets>
<target name="file" xsi:type="File" fileName="${basedir}/logs/nlog.log"/>
</targets>
<rules>
<logger name="*" minlevel="Trace" writeTo="file" />
</rules>
</nlog>
</configuration>
See my comment to your original question for how to turn on NLog's internal logging.
To turn on NLog's internal logging, modify the top of you NLog config to look like this:
<nlog xmlns="http://www.nlog-project.org/schemas/NLog.mono2.xsd"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
autoReload="true"
internalLogLevel="Trace"
internalLogFile="nlog_log.log"
>
The key parts are internalLogLevel and internalLogFile.
You can also set internalLogToConsole to true or false to direct the internal logging to the console.
There is another setting, throwExceptions, that tells NLog whether or not to throw exceptions. Ordinarily, this is set to false once logging is successfully configured and working. You can set it to true to help determine if your problem is due to an NLog error.
So, if you had all of those options enabled, the top of your NLog configuration might look like this:
<nlog xmlns="http://www.nlog-project.org/schemas/NLog.mono2.xsd"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
autoReload="true"
internalLogLevel="Trace"
internalLogFile="nlog_log.log"
internalLogToConsole="true"
throwExceptions="true"
>
My first guess is that NLog is not finding the config information. Are you using an external config file (NLog.config) or "inline" configuration (in your app.config or web.config)? In your project, is(are) your config file(s) marked (in Properties) as Copy Always?