How are people dealing with authenticated maven proxies?


(Brian M. Carr) #1

The only documentation I’ve found so far requires invoking the addCredentials method on CredentialsStore with plain text principals and credentials. As this is somewhat undesirable, I’m looking for a way to prompt for the credentials if the artifact is not in the local cache (or is a SNAPSHOT requiring an update). I suppose I have two questions:

1.) Does anyone already have a reliable way of dealing with protected repositories that doesn’t require plain text passwords in the build script or init.gradle?

2.) How would one hook into the dependency resolution process such that after the local cache has been consulted, but before an ivy download occurs, I can prompt for a password?

My current (undesirable) solution is to prompt for the password in init.gradle, but this asks for the password regardless of whether or not it will actually be needed.


(Szczepan Faber) #2

1.) Does anyone already have a reliable way of dealing with protected repositories that doesn’t require plain text passwords in the build script or init.gradle?

How about project properties that can be passed in via console (-P)

2.) How would one hook into the dependency resolution process such that after the local cache has been consulted, but before an ivy download occurs, I can prompt for a password?

Not really possible at the moment. the local cache check is baked-in to resolution mechanism. I strongly discourage from accessing / interrogating the local cache directly via file system, because the cache format might change. You can submit feature request in jira if you like (please describe the use case)

My current (undesirable) solution is to prompt for the password in init.gradle

Ouch. I see. Alternative solutions:

Simplest one: 1. use project properties to input the creds 2. when dependencies are unresolved - the user should try with passing the credentials 3. There should be a way of throwing more meaningful exception I think

or: 1. have an explicit task that uses protected repository to resolve dependencies, and requires user/password project properties 2. you can use gradle.taskGraph.whenReady {} to check if the task is included in execution and modify the repositories

You can also wrap it into a plugin.

Hope that helps!