Maven 服务器身份验证作为配置文件属性
我正在尝试在构建服务器上设置共享身份验证系统。 我们有几个 Maven 项目,它们声明了如何针对我们拥有的不同团队进行部署(每个团队都有自己的身份验证用户/密码):
<profile>
<id>release-profile</id>
<distributionManagement>
<repository>
<id>rep-releases</id>
<name>rep-releases</name>
<url>http://somewhere-releases</url>
</repository>
<snapshotRepository>
<id>rep-snapshots</id>
<name>rep-snapshots</name>
<url>http://somewhere-snapshots</url>
</snapshotRepository>
</distributionManagement>
</profile>
然后我在 settings.xml 中声明对声明的服务器的身份验证,如下所示
<servers>
<server>
<id>rep-releases</id>
<username>${release.user.name}</username>
<password>${release.user.password}</password>
</server>
<server>
<id>rep-snapshots</id>
<username>${release.user.name}</username>
<password>${release.user.password}</password>
</server>
</servers>
: ,根据我想要部署的项目,我在构建服务器的 settings.xml 中定义了多个配置文件:
<profile>
<id>dep-team1</id>
<activation>
<activeByDefault>false</activeByDefault>
</activation>
<properties>
<release.user.name>team1-user</release.user.name>
<release.user.password>team1-password</release.user.password>
</properties>
</profile>
问题是,在部署项目时,我收到如下身份验证错误(HTTP 401):
Error deploying artifact: Failed to transfer file: http://......./my-project-0.2-20090423.123247-3.pom. Return code is: 401
如果我通过用团队的用户/密码替换属性来修改服务器身份验证,一切正常。
不要使用标签
其他人如何设置他们的构建系统以实现相同的目标?
感谢您的帮助。
编辑:我正在使用hudson,对我来说,一个解决方案是安装多次maven2,并为每个团队提供重复的设置(用户/密码除外),并将每个项目与良好的maven安装联系起来。 我必须承认这个解决方案并不让我着迷......
I am trying to setup a shared authentication system on a build server.
We have several maven projects that declares how the deployment should be done regarding the different teams that we have (each team has its own authentication user/password):
<profile>
<id>release-profile</id>
<distributionManagement>
<repository>
<id>rep-releases</id>
<name>rep-releases</name>
<url>http://somewhere-releases</url>
</repository>
<snapshotRepository>
<id>rep-snapshots</id>
<name>rep-snapshots</name>
<url>http://somewhere-snapshots</url>
</snapshotRepository>
</distributionManagement>
</profile>
Then I declare in the settings.xml the authentification to the declared servers as following:
<servers>
<server>
<id>rep-releases</id>
<username>${release.user.name}</username>
<password>${release.user.password}</password>
</server>
<server>
<id>rep-snapshots</id>
<username>${release.user.name}</username>
<password>${release.user.password}</password>
</server>
</servers>
Finally, depending on the projects I want to deploy I have several profiles defined in the settings.xml of the build server:
<profile>
<id>dep-team1</id>
<activation>
<activeByDefault>false</activeByDefault>
</activation>
<properties>
<release.user.name>team1-user</release.user.name>
<release.user.password>team1-password</release.user.password>
</properties>
</profile>
The problem is that when doing a deploy of the project I got an authentication error (HTTP 401) like the following:
Error deploying artifact: Failed to transfer file: http://......./my-project-0.2-20090423.123247-3.pom. Return code is: 401
If I modify the server authentication by replacing the properties with the user/password of the team, all is working fine.
Don't the tags <servers><server> accept values as properties?
How do others setup their build system in order to achieve the same?
Thanks for your help.
Edit: I am using hudson, a solution for me can be to install several time maven2 and have duplicated settings (except user/password) for each team and tie each project to the good maven installation. I must admit that this solution does not enchant me...
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
如果您有多个团队,因此有多个身份验证方案,最简单、最直接的方法就是在 distributionManagement 中使用不同的 id。 因此,您可以使用 team1-repo / team2-repo 来代替rep-releases/rep-snapshots(在发布和快照之间分离身份验证通常没有任何价值......特别是如果您使用 repo manager 具有良好的安全控制)
然后在构建机器的设置中,只需为构建服务器的每个团队定义一个用户和密码。
这种方法确实有一个缺点,如果您在单个公司 pom 中定义存储库,它会扰乱继承......但如果您有团队级别的 pom,那就很容易了。
另一个想法是为什么同一台构建机器在构建时需要以不同的人身份登录? 该构建机器不应该具有大部分完全访问权限吗?
The easiest and most direct method if you have multiple teams and thus multiple auth schemes, is just use a different id in the distributionManagement. So instead of rep-releases/rep-snapshots, you can have team1-repo / team2-repo (there's generally no value in separating the auth between release and snapshots...particularly if you use a repo manager with good security controls)
Then in the settings of your build machine, just define a user and password for each team for the build server.
This approach does have a draw back that it would mess up inheritence if you defined the repos in a single corporate pom...but if you have a team level pom it would be easy.
Another thought is why does the same build machine need to login as a different person when doing builds? Shouldn't that build machine have mostly full access?
首先,我没有看到 dep-team1 配置文件如何连接到 distributionManagement 标签 - 它似乎需要 release-profile 才能激活。
其次,我的个人资料元素的结构有点不同(请参阅,其中没有 distributionManagement 标签)。 不确定这是否有什么区别。:
这是分发管理:
First of all, I do not see how dep-team1 profile is connected to the distributionManagement tag - it seems to need release-profile to be active.
Second, I have my profile element structured a bit differently (see, there is no distributionManagement tag within). Not sure if it makes the difference.:
Here is the distribution management: