Maven 2 & 3

very long passwords cause LightweightHTTP wagon to line-wrap the Base64-encoded Authorization header

Details

  • Type: Bug Bug
  • Status: Closed Closed
  • Priority: Major Major
  • Resolution: Fixed
  • Affects Version/s: 2.1.0
  • Fix Version/s: 2.2.0
  • Component/s: Artifacts and Repositories
  • Labels:
    None
  • Complexity:
    Intermediate
  • Number of attachments :
    0

Description

I'll cross-file (and link) this issue into wagon, but Sun's HTTPURLConnection implementation uses a line-wrapping Base64 implementation. When passwords are very long, this causes an invalid HTTP request, since the Authorization header's value is line-wrapped.

Issue Links

This issue duplicates:
WAGON-260 very long passwords cause LightweightHTTP wagon to line-wrap the Base64-encoded Authorization header Major Open
This issue is duplicated by:
MNG-4754 long name and password combination fail upon authentication with maven repository with mvn 2.2.1 Major Closed
This issue relates to:
MNG-4207 Plugins that use ArtifactResolver with http repositories AND depend on log4j run into ExceptionInInitializerError Blocker Closed
This issue is related to:
MNG-5112 Issue MNG-4147 re-current in maven 3.0.3 Major Open

Activity

Ascending order - Click to sort in descending order
Hide
Permalink
John Casey added a comment -

We're already using httpclient for the webdav wagon in maven 2.1.0, so the main reason for using HTTPURLConnection historically is moot.

Show
John Casey added a comment - We're already using httpclient for the webdav wagon in maven 2.1.0, so the main reason for using HTTPURLConnection historically is moot.
Hide
Permalink
John Casey added a comment -

this is the issue for the lightweight wagon and line-wrapped Authorization headers.

Show
John Casey added a comment - this is the issue for the lightweight wagon and line-wrapped Authorization headers.
Hide
Permalink
John Casey added a comment -

We should move to the httpclient-based http wagon to avoid problems in Sun's HTTPURLConnection code.

Show
John Casey added a comment - We should move to the httpclient-based http wagon to avoid problems in Sun's HTTPURLConnection code.
Hide
Permalink
Brett Porter added a comment -

a workaround is to use dav:// instead of http:// for the URL

Show
Brett Porter added a comment - a workaround is to use dav:// instead of http:// for the URL
Hide
Permalink
John Casey added a comment -

switched to non-lightweight (httpclient-based) http wagon for 2.2.0

Show
John Casey added a comment - switched to non-lightweight (httpclient-based) http wagon for 2.2.0
Hide
Permalink
Benjamin Bentmann added a comment -

For the record, the HTTP provider was switched back to the Lightweight JRE impl in Maven 2.2.1 so the issue generally remains. However, Maven 2.2.1 provides a way to select/configure the HTTP provider, allowing users to choose an impl that works for them, see also Advanced Configuration of the HttpClient HTTP Wagon.

Show
Benjamin Bentmann added a comment - For the record, the HTTP provider was switched back to the Lightweight JRE impl in Maven 2.2.1 so the issue generally remains. However, Maven 2.2.1 provides a way to select/configure the HTTP provider, allowing users to choose an impl that works for them, see also Advanced Configuration of the HttpClient HTTP Wagon.
Hide
Permalink
Chris Tanger added a comment -

It appears that Advanced Configuration has potentially show stopping issues esp. when authentication is needed with Nexus server (1.9.1.1)
http://jira.codehaus.org/browse/MNG-4792

Show
Chris Tanger added a comment - It appears that Advanced Configuration has potentially show stopping issues esp. when authentication is needed with Nexus server (1.9.1.1) http://jira.codehaus.org/browse/MNG-4792

People

Vote (0)
Watch (0)

Dates

  • Created:
    Updated:
    Resolved:
Atlassian JIRA (v4.4.3#663-r165197) | Report a problem
Powered by a free Atlassian JIRA open source license for Codehaus. Try JIRA - bug tracking software for your team.