堆栈内存溢出
  简体   繁体   English

Maven身份验证如何工作?

[英]How does maven authentication works?

 原文  2017-09-03 07:23:52       maven/ authentication/ repository/ nexus/ jfrog-mission-control

问题描述

I am willing to create a private maven repository, where the access rules are not based on groups/patterns, but on completely custom rules. 我愿意创建一个私有的Maven存储库,其中的访问规则不是基于组/模式,而是基于完全自定义的规则。 I've checked both nexus and jfrog, both of them keeping the simple user/group/pattern approach. 我已经检查了nexus和jfrog,它们都保持了简单的用户/组/模式方法。 And (AFAICS), although they provide custom ways to authenticate, they don't provide a was for custom access rules. 而且(AFAICS),尽管它们提供了自定义的身份验证方式,但并未提供用于自定义访问规则的was。

For this reason I have started thinking the opposite: what if I can create a simple repository with my custom rules. 出于这个原因,我开始思考相反的问题:如果可以使用自定义规则创建简单的存储库,该怎么办。 But when I searched in the Apache documentation, there was no clear explanation how authentication is performed on the back side. 但是当我搜索Apache文档时,没有明确的解释说明如何在背面进行身份验证。

Does anyone knows how this is done, and maybe point me to the correct documentation? 有谁知道这是怎么做的,也许会指出正确的文档?

2 个解决方案

解决方案1
 1 已采纳  2017-09-03 10:06:04

Authentication is done by HTTP Basic Authentication which basically concats the username and password and base64 encodes that. 身份验证是通过HTTP基本身份验证完成的,该基本身份验证基本上包含用户名和密码,并且base64对其进行编码。 So Maven and Apache do understand each other. 因此,Maven和Apache确实相互理解。

But out of the box the Apache authorization is based on, you guessed, it. 但是开箱即用,您可能猜到了Apache授权是基于它的。 Directories (which represent Maven's artifact groups), username and groups. 目录(代表Maven的工件组),用户名和组。 So unless you are willing to write a custom Apache model you won't gain a lot. 因此,除非您愿意编写自定义的Apache模型,否则您不会收获很多。 Probably IP based access control can be done with Apache alone better than with Nexus/JFrog but I haven't looked at the authentication settings for ages. 单独使用Apache可能比使用Nexus / JFrog更好地进行基于IP的访问控制,但是我已经使用了很长时间了。

解决方案2
 0  2017-09-12 14:55:16

In Artifactory what you can do, in order to achieve what you mentioned, is to create permission target per user. 在Artifactory中,为了实现您提到的目的,您可以做的是为每个用户创建权限目标。 Meaning that all of your Maven users will deploy to the same repository BUT each to a different name space. 这意味着您所有的Maven用户都将部署到同一存储库,但每个用户都将部署到不同的名称空间。 For example, 'com/{company}/{project}/' (please replace the company and project with real values) 例如,“ com / {company} / {project} /”(请用实际值替换公司和项目)

This is done on the permission target using the 'Include Pattern' so let's say that my company name is JFrog, and I'm working on a project named 'artifactory' I will have a permission target with the following include pattern '/com/jfrog/artifactory/**/*'. 这是使用“包含模式”在权限目标上完成的,因此,假设我的公司名为JFrog,并且我正在开发一个名为“ artifactory”的项目,我将使用以下包含模式“ / com /”创建一个权限目标jfrog / artifactory的/ ** / *”。

You can also create those permission targets using a script that will automate it for you using this REST API . 您还可以使用脚本创建这些权限目标,该脚本将使用此REST API自动为您实现权限目标。

That means that I will only be able to reach this namespace. 这意味着我将只能访问此名称空间。 Does that help? 有帮助吗?

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 带有Maven的Jenkins的SonarQube扫描仪的分析参数如何工作? - How does the analyse paramethers for SonarQube scanner for jenkins with maven works? Maven 2可以工作,但是Maven 3使用相同的设置和服务器会给出身份验证错误 - Maven 2 works but Maven 3 gives authentication error with same settings and server Maven存储库如何工作 - How maven repository works Maven 着色是如何工作的? - How maven shading works? Map Reduce-Maven(如何工作?) - Map Reduce - Maven (How it works?) Maven在Jar下载中如何工作? - How maven works in Jar downloading? Maven安装有效,但是Intellij的构建不起作用 - Maven install works but Intellij's build does not Maven exec有效,但是java -jar不起作用 - Maven exec works, but java -jar does not Jetty插件如何为Maven工作? - How Jetty plugin works for Maven? Maven 是如何工作的? - How does Maven work?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM