Friday, December 21, 2018

maven with NTLM Proxy Server

While I am migrating my project to Java 11, I was facing many issues. I was not sure if the 3rd Party Framesworks work fine. I had a doubt. So I tested several Frameworks. So far, Eclipslink and Jmokit was not running fine on Java11. I have reported to Jmokit. Eclipselink has apparently fixed something in the latest code, but the latest version is not released yet. It is laid in Snapshot repository. I am using Company Nexus Repository which I am not allow to change the configuration for adding Snapshot Repository. To access the Repository, I had to configure Proxy in maven setting.xml. But, I was not able to access the Repository yet. I realized the Proxy Server is required NTML based Authentication. Maven doesn't support NTLM Proxy Authentication. It required another way to solve.

I found out that either use CNTLM or wagon-http-lightweight. CNTLM would be good for various reson. If you use several application behind Proxy, like a VirtualBox, Git, Yum, SVN, ... But, I just need for a maven. so I have chosen wagon-http-lightweight.

It is fairly easy to use this. You can download the file from https://mvnrepository.com/artifact/org.apache.maven.wagon/wagon-http-lightweight/2.2 This is just 15 Kbytes. locate the dowonloaded file under M2_HOME/lib/ext
Now, You need to configure the maven xml files. You can use the password as plaintext in the configuration. But, I recommend to use encrypted password for the security. maven will recognize automatically when the password starts with "{" and will decrypt it before authenticate with Proxy Server. I will create a master password and user password by maven. masterpassword will be used for decrypting userpassword with in maven. userpassword is your NTLM userpassword

USER_HOME/.m2/settings-security.xml
mvn -emp masterpassword

{SPg1nt21S2MHuw0Hy8MJaEF7Gc7dK25UWGDYKHupNCw=}
<settingsSecurity>
  <master>{SPg1nt21S2MHuw0Hy8MJaEF7Gc7dK25UWGDYKHupNCw=}</master>
</settingsSecurity>
 


Set up your proxy in USER_HOME/.m2/setting.xml

mvn -ep userpassword
{7ut6v4FFiJMHtwsmYrsmLMcPoDBGmbz/kgcQ6Vks+/0=}

<proxies>
    <proxy>
   <id>internet-proxy</id>
   <active>true</active>
   <protocol>http</protocol>
   <host>###ProxyHost###</host>
   <username>###Username###</username>
   <password>{7ut6v4FFiJMHtwsmYrsmLMcPoDBGmbz/kgcQ6Vks+/0=}</password>
   <port>###Proxy Port###</port>
   <nonProxyHosts>localhost|127.0.0.1</nonProxyHosts>
    </proxy>
 </proxies>  


PS. Security is good. but it makes develpers crazy. I hope there is a simple way to secure and easy to devlop without configure extra. it takes so much time to configure and get it.

No comments:

Post a Comment