| Using http protocol in provider's uri [message #548397] |
Wed, 21 July 2010 16:58 |
 Alex Kravets
Messages: 561
Registered: November 2009 |
Senior Member |
|
|
I've been trying to make use of http protocol in my rmap, something like this:
| Quote: |
<searchPath name="resource">
<provider readerType="svn" componentTypes="osgi.bundle"
mutable="true" source="true">
<uri format="http://localhost/svn/{0}">
<bc:propertyRef key="buckminster.component" />
</uri>
</provider>
</searchPath>
|
One of the problems I was having is that there is authentication in place for svn and this will not work because subversion challenges to authenticate against my svn. Passing username and password in url (http://{username}:{password}@localhost/svn) causes subversion to return "authentication cancelled" error. I've been trying to figure out how to solve this problem, but could not find any viable solution. It seems I am not the only one with this problem as I have seen this problem that other people were having.
The solution that I found is to make changes to httpd.conf file or /etc/apache2/mods-available/dav_svn.conf as it is in my case. Basically, in that file you want to find definition for your repository something like <Location /svn>
. This how you are accessing your repository from the browser (http://localhost/svn for example). Further down in the file - you'll find these lines:
| Quote: |
AuthType Basic
AuthName "Subversion Repository at t61"
AuthUserFile /etc/subversion/passwd
Require valid-user
|
You can read what this does, but basically it authenticates against entries in file defined by AuthUserFile when you are trying to access svn. From the browser it works fine, but using subversion libraries cause "authentication cancelled" exception. Why? I have no idea.
Now for the weak solution. If you change the last line that reads Require valid-user to
| Quote: |
<LimitExcept GET PROPFIND OPTIONS REPORT>
Require valid-user
</LimitExcept>
|
Full-Access-Read permissions will be granted on this repository. What this means that anybody can view your svn just by hitting http://localhost/svn without being authenticated. And this is what exactly svn provider does - gets stuff from repository. If you read comments about LimitExcept you will see that this grants only read acess, so if someone wants to commit stuff to svn - they will be authenticated. Because of the fact that anybody can access location of your svn without being authenticated I see this solution as weak, however in my situation using this approach is fine - our svn is internal - there is no outside access to it. And just to add some lame "security feature" I created a separate <Location very_secrect_location> that is separate from the main svn location so I access it by going to http://localhost/very_secret_location instead of http://localhost/svn. As you can see this is not secure at all. Anybody can figure this out if they look at my rmap. But again, all of this is internal to our development team, so for us this works.
Hopefully this helps someone, but if someone does figure out how to make authentication in url work in Buckminster, please share I would love to know what is the correct setup of the Apache and Subversion should be.
thanks,
Alex
|
|
|
Powered by
FUDForum. Page generated in 0.03211 seconds
] 
Search
Help
Register
Login
Home
