Eclipse Community Forums
Forum Search:

Search      Help    Register    Login    Home
Home » Eclipse Projects » Buckminster » Using http protocol in provider's uri(Weak solution to authentication cancelled error)
Using http protocol in provider's uri [message #548397] Wed, 21 July 2010 12:58
Alex Kravets is currently offline Alex Kravets
Messages: 380
Registered: November 2009
Senior Member
I've been trying to make use of http protocol in my rmap, something like this:
Quote:

<searchPath name="resource">
<provider readerType="svn" componentTypes="osgi.bundle"
mutable="true" source="true">
<uri format="http://localhost/svn/{0}">
<bc:propertyRef key="buckminster.component" />
</uri>
</provider>
</searchPath>


One of the problems I was having is that there is authentication in place for svn and this will not work because subversion challenges to authenticate against my svn. Passing username and password in url (http://{username}:{password}@localhost/svn) causes subversion to return "authentication cancelled" error. I've been trying to figure out how to solve this problem, but could not find any viable solution. It seems I am not the only one with this problem as I have seen this problem that other people were having.
The solution that I found is to make changes to httpd.conf file or /etc/apache2/mods-available/dav_svn.conf as it is in my case. Basically, in that file you want to find definition for your repository something like <Location /svn>
. This how you are accessing your repository from the browser (http://localhost/svn for example). Further down in the file - you'll find these lines:
Quote:

AuthType Basic
AuthName "Subversion Repository at t61"
AuthUserFile /etc/subversion/passwd
Require valid-user


You can read what this does, but basically it authenticates against entries in file defined by AuthUserFile when you are trying to access svn. From the browser it works fine, but using subversion libraries cause "authentication cancelled" exception. Why? I have no idea.

Now for the weak solution. If you change the last line that reads Require valid-user to
Quote:

<LimitExcept GET PROPFIND OPTIONS REPORT>
Require valid-user
</LimitExcept>


Full-Access-Read permissions will be granted on this repository. What this means that anybody can view your svn just by hitting http://localhost/svn without being authenticated. And this is what exactly svn provider does - gets stuff from repository. If you read comments about LimitExcept you will see that this grants only read acess, so if someone wants to commit stuff to svn - they will be authenticated. Because of the fact that anybody can access location of your svn without being authenticated I see this solution as weak, however in my situation using this approach is fine - our svn is internal - there is no outside access to it. And just to add some lame "security feature" I created a separate <Location very_secrect_location> that is separate from the main svn location so I access it by going to http://localhost/very_secret_location instead of http://localhost/svn. As you can see this is not secure at all. Anybody can figure this out if they look at my rmap. But again, all of this is internal to our development team, so for us this works.
Hopefully this helps someone, but if someone does figure out how to make authentication in url work in Buckminster, please share I would love to know what is the correct setup of the Apache and Subversion should be.

thanks,
Alex
Previous Topic:Eclipse java heap allocation
Next Topic:buckminster runtime dependencies
Goto Forum:
  


Current Time: Sat Aug 23 15:29:14 EDT 2014

Powered by FUDForum. Page generated in 0.01773 seconds