It's been a while since I look into this, but if I recall correctly my idea was to add new component that would handle server credentials. If fronted by a generic interface, it should be possible to plug in a different impl possible using something else than settings.xml as the storage. The default would be as today though. It all started out as a small idea of MNG-5356 but then grow into MNG-5615. I affects many bits of Maven core though and I believe that's why didn't proceed; it will take a fair amount of time to get it in place. However, it would be very nice to have so that Maven could fit better into enterprise environments/infrastructure. Also, and possibly my main desire, it would be possible to get a better integration into CI environments where today a sorts of magic is required to use different credentials.
/Anders On Mon, Nov 10, 2014 at 8:59 PM, Benson Margulies <bimargul...@gmail.com> wrote: > Well, see https://github.com/benson-basis/github-release-note-maven-plugin > for the code I have. Is this the sort of thing you're talking about? > > > On Mon, Nov 10, 2014 at 2:57 PM, Anders Hammar <and...@hammar.net> wrote: > >> I've been working with/on a plugin for talking to github, and I'm > >> staring at some fairly complex code for processing proxy information > >> from settings.xml, and some slightly less complex code for obtaining > >> and decrypting credentials from servers. > >> > >> Is there a shared component in which I put this? (I don't write > >> 'copy', because I'm not the author, and I don't know if he/she will be > >> interesting in contributing. If not, I'll make a new one.) > >> > > > > I have a dream of, one day, getting a plug-able solution for the server > > credentials handling in Maven [1]. As it would affect some plugins as > well > > as Maven core, it should be a separate lib. Maybe now is a good time to > > start to work on this? > > > > [1] http://jira.codehaus.org/browse/MNG-5356 > > > > /Anders > > > > > >> > >> Relatedly, I ran into the problem of wanting to make an HTTPs > >> connection with a host whose key had an intermediate certificate in > >> its chain. This led me to a code snippet which installed a truststore > >> into the global SSL context. It seemed a trifle off to me that code in > >> one plugin could side-effect the global environment to this extent. > >> Now, practically, I suppose that it would take a SecurityManager to > >> prevent this; that seems a cure worse than the disease, but I wonder > >> if others have thought upon it before. > >> > >> --------------------------------------------------------------------- > >> To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org > >> For additional commands, e-mail: dev-h...@maven.apache.org > >> > >> > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org > For additional commands, e-mail: dev-h...@maven.apache.org > >
