Description of problem: BRMS 6.0.0.GA in EAP 6.1.1. Even if you edit $JBOSS_HOME/standalone/deployments/business-central.war/WEB-INF/classes/url_filter.yaml, the change is not picked up. This is because URLResourceManager (its ModuleClassLoader) fails to find url_filter.yaml. ==== 64 private Resources loadConfigData() { 65 final Yaml yaml = new Yaml(); 66 final InputStream stream = URLResourceManager.class.getClassLoader().getResourceAsStream( this.configFile ); ... ==== Steps to Reproduce: 1. Configure business-central maven repo in pom.xml and have dependency to a project built by business-central. Clean your local .m2 repo for the dependency jar to make sure it will access to business-central maven repo. <repository> <id>guvnor-m2-repo</id> <name>Guvnor M2 Repo</name> <url>http://localhost:8080/business-central/maven2/</url> </repository> ... <dependency> <groupId>org.kie.example</groupId> <artifactId>project1</artifactId> <version>1.0.0</version> </dependency> Also note that you DON'T have user/password in settings.xml. <servers> <server> <id>guvnor-m2-repo</id> <username>admin</username> <password>password1!</password> </server> </servers> 2. mvn clean install 3. You should see Unauthorized error. Failed to read artifact descriptor for org.kie.example:project1:jar:1.0.0: Could not transfer artifact org.kie.example:project1:pom:1.0.0 from/to guvnor-m2-repo (http://localhost:8080/business-central/maven2/): Not authorized, ReasonPhrase:Unauthorized. 4. Then edit $JBOSS_HOME/standalone/deployments/business-central.war/WEB-INF/classes/url_filter.yaml to remove the maven security ==== filter: - pattern: /rest/** - pattern: /org.kie.workbench.drools.KIEDroolsWebapp/** exclude: - /*.ico - /org.kie.workbench.drools.KIEDroolsWebapp/images/** - /org.kie.workbench.drools.KIEDroolsWebapp/css/** - /css/** - /images/** - /maven2/** ==== 5. Reboot BRMS and run mvn again Actual results: Still see Unauthorized error. Expected results: mvn runs successfully Additional info: This issue didn't exist in BRMS 6.0.0.Beta.
This appears to be two issues? It looks like you're trying to use BRMS's Maven repository from another Maven-based Project; in which case you'll need to add security settings to settings.xml (see https://bugzilla.redhat.com/show_bug.cgi?id=1059584). Alternatively are you're saying when you add an exclusion for /maven2/** to the url_filter.yaml it is not being picked up? I'm not clear.
> Alternatively are you're saying when you add an exclusion for /maven2/** to the url_filter.yaml it is not being picked up? Yes. Simply, URLResourceManager doesn't pick up any change in business-central.war/WEB-INF/classes/url_filter.yaml. Using a debugger, I observed that URLResourceManager.class.getClassLoader().getResourceAsStream( this.configFile ) returns null. "Steps to Reproduce:" is just one example to reproduce the issue. Maven security itself is not a concern of this BZ. Let me know if it's not clear enough yet.
Verified that changes made to EAP's module packaging has resolved the issue. I modified the url_filter.yaml file, cleared my local .m2 cache and created a new Java project that depended on the morgages:mortgages example within the Workbench's Maven repository. I built the project successfully (i.e. all maven dependencies resolved OK). I also repeated process with an unmodified url_filter.yaml (project did not build - as expected) and an unmodified url_filter.yaml but with entries in settings.xml (project built OK - as expected).
Verified with BRMS-6.0.1.ER2