Maven
  1. Maven
  2. MNG-4147

very long passwords cause LightweightHTTP wagon to line-wrap the Base64-encoded Authorization header

    Details

    • Type: Bug Bug
    • Status: Closed Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 2.1.0
    • Fix Version/s: 2.2.0
    • Labels:
      None
    • Complexity:
      Intermediate
    • Number of attachments :
      0

      Description

      I'll cross-file (and link) this issue into wagon, but Sun's HTTPURLConnection implementation uses a line-wrapping Base64 implementation. When passwords are very long, this causes an invalid HTTP request, since the Authorization header's value is line-wrapped.

        Issue Links

          Activity

          Hide
          John Casey added a comment -

          We're already using httpclient for the webdav wagon in maven 2.1.0, so the main reason for using HTTPURLConnection historically is moot.

          Show
          John Casey added a comment - We're already using httpclient for the webdav wagon in maven 2.1.0, so the main reason for using HTTPURLConnection historically is moot.
          Hide
          John Casey added a comment -

          this is the issue for the lightweight wagon and line-wrapped Authorization headers.

          Show
          John Casey added a comment - this is the issue for the lightweight wagon and line-wrapped Authorization headers.
          Hide
          John Casey added a comment -

          We should move to the httpclient-based http wagon to avoid problems in Sun's HTTPURLConnection code.

          Show
          John Casey added a comment - We should move to the httpclient-based http wagon to avoid problems in Sun's HTTPURLConnection code.
          Hide
          Brett Porter added a comment -

          a workaround is to use dav:// instead of http:// for the URL

          Show
          Brett Porter added a comment - a workaround is to use dav:// instead of http:// for the URL
          Hide
          John Casey added a comment -

          switched to non-lightweight (httpclient-based) http wagon for 2.2.0

          Show
          John Casey added a comment - switched to non-lightweight (httpclient-based) http wagon for 2.2.0
          Hide
          Benjamin Bentmann added a comment -

          For the record, the HTTP provider was switched back to the Lightweight JRE impl in Maven 2.2.1 so the issue generally remains. However, Maven 2.2.1 provides a way to select/configure the HTTP provider, allowing users to choose an impl that works for them, see also Advanced Configuration of the HttpClient HTTP Wagon.

          Show
          Benjamin Bentmann added a comment - For the record, the HTTP provider was switched back to the Lightweight JRE impl in Maven 2.2.1 so the issue generally remains. However, Maven 2.2.1 provides a way to select/configure the HTTP provider, allowing users to choose an impl that works for them, see also Advanced Configuration of the HttpClient HTTP Wagon .
          Hide
          Chris Tanger added a comment -

          It appears that Advanced Configuration has potentially show stopping issues esp. when authentication is needed with Nexus server (1.9.1.1)
          http://jira.codehaus.org/browse/MNG-4792

          Show
          Chris Tanger added a comment - It appears that Advanced Configuration has potentially show stopping issues esp. when authentication is needed with Nexus server (1.9.1.1) http://jira.codehaus.org/browse/MNG-4792

            People

            • Assignee:
              John Casey
              Reporter:
              John Casey
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: