I have a Play v1.2.5 app that I've configured to have a dependency on a Github release binary. To support that I've created a custom repository in my dependencies.yml file as follows:
- github:
type: http
artifact: "https://github.com/[organisation]/[module]/releases/download/[revision]/[module]-[revision].zip"
contains:
- tazmaniax -> *
That works correctly and Ivy is able to construct the correct URL but then has a problem fetching the binary resource because Github redirects to AWS S3 and changes the protocol from https to http in the process. Apparently the standard Java HttpUrlConnection, which is the default used by Ivy, will follow redirects as long as the protocol is not changed. So I'm looking to see how I can resolve this.
Play v1.2.5 is using Ivy v2.2.0 under the covers. Ivy uses the class URLHandlerRegistry to decide whether to use HttpUrlConnection or if Apache HttpClient v3.x if that exists in the classpath. It's possible that HttpClient v3.x might navigate redirects that use a different protocol but in any case the default framework libs does not include HttpClient v3.x and I'm trying to avoid customising Play because I need to deploy this to Heroku.
Ultimately this is an Ivy issue (or Github depending on your perspective) so in the long term the options are:
- Patch org.apache.ivy.util.url.BasicURLHandler to support handling redirects with protocol changes as per Download binary file from Github using Java and then getting an updated version of Ivy included in a future Play release.
- Patch org.apache.ivy.util.url.URLHandlerRegistry to load a more recent version of Apache HttpClient, e.g. v4.2, and make sure that HttpClient lib is included along with the patch in a future Play release. However it looks like early versions of HttpClient v4.2 itself had the same issues with redirect from https to http, HTTPClient unable to establish route between https and http
- Get Github to change it's redirect policy to keep to the same protocol in this case https.
Can anyone advise on what the best course of action would be? Thx
== UPDATE 6th September 2013 ==
The change in protocol on the redirect has been resolved by github and now the redirect retains the 'https' protocol on the request to AWS S3. However now when the dependency is being resolved a 403 is returned on the redirect from what appears to be missing cookie which is required for AWS S3 authentication - another issue with the use of HttpUrlConnection by Ivy I guess and the above options are still mostly relevant except with a focus on adding missing cookie support.
== UPDATE 18th October 2014 ==
I tried running play deps . --sync -Djsse.enableSNIExtension=false as suggested but the issue still occurred. The relevant response headers are:
Date:Sat, 18 Oct 2014 09:56:33 GMT
Location:https://s3.amazonaws.com/github-cloud/releases/25392769/2302c572-56ac-11e4-9623-393cafb2c0e5.zip?response-content-disposition=attachment%3B%20filename%3Dplay-markdown-1.9.zip&response-content-type=application/octet-stream&AWSAccessKeyId=AKIAISTNZFOVBIJMK3TQ&Expires=1413626253&Signature=7gI7fe0CeCzuu73KmcklIVSVPSQ%3D
Server:GitHub.com
Set-Cookie:user_session=692wy9ubPTtFAGT-WGjwFdykXc06-SELUtGGhg3i56vyT0SEVEI5UVnhkDsdQigEQagDUq54dyjTSEUW; path=/; expires=Sat, 01-Nov-2014 09:56:33 GMT; secure; HttpOnly
Set-Cookie:_gh_sess=eyJsYXN0X3dyaXRlIjoxNDEzNjI1ODE1MzkwLCJzZXNzaW9uX2lkIjoiYzFmNzQ0NDRlNmMzYjAwZTE2ZDg4MzVhMDJjNmVhZmMiLCJzcHlfcmVwbyI6InRhem1hbmlheC9wbGF5LW1hcmtkb3duIiwic3B5X3JlcG9fYXQiOjE0MTM2MjYxOTMsInJlZmVycmFsX2NvZGUiOiJodHRwczovL2dpdGh1Yi5jb20vaXZheW5iZXJnL3NlbGVjdDIvY29tbWl0cy9tYXN0ZXIiLCJjb250ZXh0IjoiLyJ9--8c45e0231ec4859b693de524e966cbc4a6582442; path=/; secure; HttpOnly
Status:302 Found
Strict-Transport-Security:max-age=31536000; includeSubdomains; preload
I'm convinced the issue is that Ivy (or the relevant HTTP library called by Ivy) is not setting the cookies on the 302 and then following the location without those cookie parameters fails with the 403.
