Maven Ant Tasks
  1. Maven Ant Tasks
  2. MANTTASKS-177

artifact:dependencies ignores settings-security.xml and sends password hash to repository

    Details

    • Type: Bug Bug
    • Status: Closed Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 2.1.0
    • Fix Version/s: 3.0.0-beta-1
    • Component/s: dependencies task
    • Labels:
      None
    • Environment:
      Mac OS X, Ant 1.7.1, Maven 2.2.1, maven-ant-tasks 2.1.0, Sonatype Nexus Open Source Edition 1.5.0
    • Number of attachments :
      1

      Description

      I have a mirror repository configured in .m2/settings.xml, and its <server> entry uses an encrypted password in <password>, using the master password set in .m2/settings-security.xml.

      I followed this guide:

      http://maven.apache.org/guides/mini/guide-encryption.html

      I get authentication errors every time i use

      <?xml version="1.0" ?>
      <settings>
          <mirrors>
              <mirror>
                  <id>paytronix-public</id>
                  <url>https://greylock.corp.paytronix.com/nexus/content/groups/public</url>
                  <mirrorOf>*</mirrorOf>
              </mirror>
          </mirrors>
          <servers>
              <server>
                  <id>paytronix-public</id>
                  <username>rmellgren</username>
      <!-- <password> element omitted -->
              </server>
          </servers>
      </settings>
      

      I switched to http and then used tcpdump to watch the request, then decoded the Authorization header. The

      {mumblemumble}

      password hash was sent not the decrypted password.

      Looking into maven-ant-tasks.jar, I see a META-INF/plexus/components.xml which does not include plexus-sec-dispatcher from maven-core. I tried spinning my own copy of maven-ant-tasks with the appropriate component for plexus-sec-dispatcher added, but it didn't work, so I think I'm out of my depth in the troubleshooting/rectification department.

        Activity

        Hide
        Ross Mellgren added a comment -

        Er, I get authentication errors every time I use <artifact:dependencies>:

        [INFO] snapshot net.liftweb:lift-actor:2.0-SNAPSHOT: checking for updates from paytronix-public
        [WARNING] repository metadata for: 'snapshot net.liftweb:lift-actor:2.0-SNAPSHOT' could not be retrieved from repository: paytronix-public due to an error: Authorization failed: Access denied to: http://greylock.corp.paytronix.com/nexus/content/groups/public/net/liftweb/lift-actor/2.0-SNAPSHOT/maven-metadata.xml
        [INFO] Repository 'paytronix-public' will be blacklisted

        Using the given .m2/settings.xml

        Show
        Ross Mellgren added a comment - Er, I get authentication errors every time I use <artifact:dependencies>: [INFO] snapshot net.liftweb:lift-actor:2.0-SNAPSHOT: checking for updates from paytronix-public [WARNING] repository metadata for: 'snapshot net.liftweb:lift-actor:2.0-SNAPSHOT' could not be retrieved from repository: paytronix-public due to an error: Authorization failed: Access denied to: http://greylock.corp.paytronix.com/nexus/content/groups/public/net/liftweb/lift-actor/2.0-SNAPSHOT/maven-metadata.xml [INFO] Repository 'paytronix-public' will be blacklisted Using the given .m2/settings.xml
        Hide
        SebbASF added a comment - - edited

        Still seems to be broken in 2.1.3 - for deploy at least

        Show
        SebbASF added a comment - - edited Still seems to be broken in 2.1.3 - for deploy at least
        Hide
        Holger Reise added a comment - - edited

        This patch did the trick for me

        Show
        Holger Reise added a comment - - edited This patch did the trick for me
        Hide
        Olivier Lamy added a comment -
        Show
        Olivier Lamy added a comment - fixed http://svn.apache.org/r1438231 Thanks !
        Hide
        cforce added a comment -

        Are there any beta build artefact`s for download?
        Will this ever be released??
        How can a MAJOR bug be on track this 5 MONTHS!!!

        Show
        cforce added a comment - Are there any beta build artefact`s for download? Will this ever be released?? How can a MAJOR bug be on track this 5 MONTHS!!!

          People

          • Assignee:
            Olivier Lamy
            Reporter:
            Ross Mellgren
          • Votes:
            7 Vote for this issue
            Watchers:
            9 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: