Maven 2.x Ant Tasks

artifact:dependencies ignores settings-security.xml and sends password hash to repository

Details

  • Type: Bug Bug
  • Status: Closed Closed
  • Priority: Major Major
  • Resolution: Fixed
  • Affects Version/s: 2.1.0
  • Fix Version/s: 3.0.0-beta-1
  • Component/s: dependencies task
  • Labels:
    None
  • Environment:
    Mac OS X, Ant 1.7.1, Maven 2.2.1, maven-ant-tasks 2.1.0, Sonatype Nexus Open Source Edition 1.5.0
  • Number of attachments :
    1

Description

I have a mirror repository configured in .m2/settings.xml, and its <server> entry uses an encrypted password in <password>, using the master password set in .m2/settings-security.xml.

I followed this guide:

http://maven.apache.org/guides/mini/guide-encryption.html

I get authentication errors every time i use

<?xml version="1.0" ?>
<settings>
    <mirrors>
        <mirror>
            <id>paytronix-public</id>
            <url>https://greylock.corp.paytronix.com/nexus/content/groups/public</url>
            <mirrorOf>*</mirrorOf>
        </mirror>
    </mirrors>
    <servers>
        <server>
            <id>paytronix-public</id>
            <username>rmellgren</username>
<!-- <password> element omitted -->
        </server>
    </servers>
</settings>

I switched to http and then used tcpdump to watch the request, then decoded the Authorization header. The

{mumblemumble}

password hash was sent not the decrypted password.

Looking into maven-ant-tasks.jar, I see a META-INF/plexus/components.xml which does not include plexus-sec-dispatcher from maven-core. I tried spinning my own copy of maven-ant-tasks with the appropriate component for plexus-sec-dispatcher added, but it didn't work, so I think I'm out of my depth in the troubleshooting/rectification department.

Activity

Ascending order - Click to sort in descending order
Hide
Permalink
Ross Mellgren added a comment -

Er, I get authentication errors every time I use <artifact:dependencies>:

[INFO] snapshot net.liftweb:lift-actor:2.0-SNAPSHOT: checking for updates from paytronix-public
[WARNING] repository metadata for: 'snapshot net.liftweb:lift-actor:2.0-SNAPSHOT' could not be retrieved from repository: paytronix-public due to an error: Authorization failed: Access denied to: http://greylock.corp.paytronix.com/nexus/content/groups/public/net/liftweb/lift-actor/2.0-SNAPSHOT/maven-metadata.xml
[INFO] Repository 'paytronix-public' will be blacklisted

Using the given .m2/settings.xml

Show
Ross Mellgren added a comment - Er, I get authentication errors every time I use <artifact:dependencies>: [INFO] snapshot net.liftweb:lift-actor:2.0-SNAPSHOT: checking for updates from paytronix-public [WARNING] repository metadata for: 'snapshot net.liftweb:lift-actor:2.0-SNAPSHOT' could not be retrieved from repository: paytronix-public due to an error: Authorization failed: Access denied to: http://greylock.corp.paytronix.com/nexus/content/groups/public/net/liftweb/lift-actor/2.0-SNAPSHOT/maven-metadata.xml [INFO] Repository 'paytronix-public' will be blacklisted Using the given .m2/settings.xml
Hide
Permalink
SebbASF added a comment - - edited

Still seems to be broken in 2.1.3 - for deploy at least

Show
SebbASF added a comment - - edited Still seems to be broken in 2.1.3 - for deploy at least
Hide
Permalink
Holger Reise added a comment - - edited

This patch did the trick for me

Show
Holger Reise added a comment - - edited This patch did the trick for me
Hide
Permalink
Olivier Lamy added a comment -

fixed http://svn.apache.org/r1438231
Thanks !

Show
Olivier Lamy added a comment - fixed http://svn.apache.org/r1438231 Thanks !

People

  • Assignee:
    Olivier Lamy
    Reporter:
    Ross Mellgren
Vote (7)
Watch (7)

Dates

  • Created:
    Updated:
    Resolved: