[MRESOLVER-495] Improve Authentication to work based on realm/host

WIP
apache · Aug 16, 2024 · 6fe261f · 6fe261f
1 parent 362a436
commit 6fe261f
Show file tree

Hide file tree

Showing 5 changed files with 136 additions and 6 deletions.
diff --git a/maven-resolver-api/src/main/java/org/eclipse/aether/repository/AuthenticationScope.java b/maven-resolver-api/src/main/java/org/eclipse/aether/repository/AuthenticationScope.java
@@ -0,0 +1,53 @@
+package org.eclipse.aether.repository;
+
+import java.net.URI;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+/**
+ * Allows to restrict authentication information to certain URIs (optionally considering additional attributes).
+ * This class encapsulates the restrictions in terms of
+ * <ol>
+ * <li>mandatory host pattern</li>
+ * <li>optional port</li>
+ * <li>optional protocol</li>
+ * <li>optional scheme</li>
+ * <li>optional realm</li>
+ * <ol>
+ */
+public class AuthenticationScope {
+
+    private final Pattern hostPattern; // mandatory
+    private final int port;   // optional, -1 if not relevant
+    private final String protocol; // protocol, null of not relevant
+    private final String scheme; // scheme, null of not relevant
+    private final String realm; // realm, null of not relevant
+
+    public AuthenticationScope(Pattern hostPattern, int port, String protocol, String scheme, String realm) {
+        this.hostPattern = hostPattern;
+        this.port = port;
+        this.protocol = protocol;
+        this.scheme = scheme;
+        this.realm = realm;
+    }
+
+    public boolean isMatching(URI uri, String scheme, String realm) {
+        Matcher hostMatcher = hostPattern.matcher(uri.getHost());
+        if (!hostMatcher.matches()) {
+            return false;
+        }
+        if (port != -1 && uri.getPort() != port) {
+            return false;
+        }
+        if (protocol != null && !uri.getScheme().equals(protocol)) {
+            return false;
+        }
+        if (this.scheme != null && !this.scheme.equals(scheme)) {
+            return false;
+        }
+        if (this.realm != null && !this.realm.equals(realm)) {
+            return false;
+        }
+        return true;
+    }
+}
diff --git a/maven-resolver-api/src/main/java/org/eclipse/aether/repository/AuthenticationSelector.java b/maven-resolver-api/src/main/java/org/eclipse/aether/repository/AuthenticationSelector.java
@@ -22,7 +22,9 @@
  * Selects authentication for a given remote repository.
  *
  * @see org.eclipse.aether.RepositorySystemSession#getAuthenticationSelector()
+ * @deprecated Use {@link AuthenticationSelectorV2}
  */
+@Deprecated
 public interface AuthenticationSelector {
 
     /**

diff --git a/maven-resolver-api/src/main/java/org/eclipse/aether/repository/AuthenticationSelectorV2.java b/maven-resolver-api/src/main/java/org/eclipse/aether/repository/AuthenticationSelectorV2.java
@@ -0,0 +1,40 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.eclipse.aether.repository;
+
+import java.net.URI;
+
+/**
+ * Selects authentication for a given remote repository.
+ *
+ * @see org.eclipse.aether.RepositorySystemSession#getAuthenticationSelector()
+ */
+public interface AuthenticationSelectorV2 {
+
+    /**
+     * Selects authentication for the specified URI, scheme and realm.
+     *
+     * @param uri the URI of the request for which to select the authentication, must not be {@code null}.
+     * @param scheme the authentication scheme being requested (may be {@code null}), for HTTP  one of the names outlined at <a href="https://www.iana.org/assignments/http-authschemes/http-authschemes.xhtml">Hypertext Transfer Protocol (HTTP) Authentication Scheme Registry</a>
+     * @param realm the authentication realm being requested (may be {@code null})
+     * 
+     * @return The selected authentication or {@code null} if none.
+     */
+    Authentication getAuthentication(URI uri, String scheme, String realm);
+}
diff --git a/...-util/src/main/java/org/eclipse/aether/util/repository/DefaultAuthenticationSelector.java b/...-util/src/main/java/org/eclipse/aether/util/repository/DefaultAuthenticationSelector.java
@@ -18,22 +18,27 @@
  */
 package org.eclipse.aether.util.repository;
 
+import java.net.URI;
 import java.util.HashMap;
 import java.util.Map;
+import java.util.Map.Entry;
 
 import org.eclipse.aether.repository.Authentication;
+import org.eclipse.aether.repository.AuthenticationScope;
 import org.eclipse.aether.repository.AuthenticationSelector;
+import org.eclipse.aether.repository.AuthenticationSelectorV2;
 import org.eclipse.aether.repository.RemoteRepository;
 
 import static java.util.Objects.requireNonNull;
 
 /**
  * A simple authentication selector that selects authentication based on repository identifiers.
  */
-public final class DefaultAuthenticationSelector implements AuthenticationSelector {
-
-    private final Map<String, Authentication> repos = new HashMap<>();
+public final class DefaultAuthenticationSelector implements AuthenticationSelector, AuthenticationSelectorV2 {
 
+    private final Map<String, Authentication> reposById = new HashMap<>();
+    private final Map<AuthenticationScope, Authentication> reposByScope = new HashMap<>();
+
     /**
      * Adds the specified authentication info for the given repository identifier.
      *
@@ -43,16 +48,39 @@ public final class DefaultAuthenticationSelector implements AuthenticationSelect
      */
     public DefaultAuthenticationSelector add(String id, Authentication auth) {
         if (auth != null) {
-            repos.put(id, auth);
+            reposById.put(id, auth);
+        } else {
+            reposById.remove(id);
+        }
+
+        return this;
+    }
+
+    /**
+     * Adds the specified authentication info for the given repository identifier.
+     *
+     * @param scope The scope to add the authentication for, must not be {@code null}.
+     * @param auth The authentication to add, may be {@code null}.
+     * @return This selector for chaining, never {@code null}.
+     */
+    public DefaultAuthenticationSelector add(AuthenticationScope scope, Authentication auth) {
+        if (auth != null) {
+            reposByScope.put(scope, auth);
         } else {
-            repos.remove(id);
+            reposByScope.remove(scope);
         }
 
         return this;
     }
 
     public Authentication getAuthentication(RemoteRepository repository) {
         requireNonNull(repository, "repository cannot be null");
-        return repos.get(repository.getId());
+        return reposById.get(repository.getId());
+    }
+
+    @Override
+    public Authentication getAuthentication(URI uri, String scheme, String realm) {
+        requireNonNull(uri, "uri cannot be null");
+        return reposByScope.entrySet().stream().filter(e -> e.getKey().isMatching(uri, scheme, realm)).map(Entry::getValue).findFirst().orElse(null);
     }
 }
diff --git a/...-resolver-util/src/main/java/org/eclipse/aether/util/repository/DefaultAuthenticator.java b/...-resolver-util/src/main/java/org/eclipse/aether/util/repository/DefaultAuthenticator.java
@@ -0,0 +1,7 @@
+package org.eclipse.aether.util.repository;
+
+import javax.naming.AuthenticationException;
+
+public class DefaultAuthenticator extends Authenticator {
+
+}