Maven 2 & 3

very long passwords cause LightweightHTTP wagon to line-wrap the Base64-encoded Authorization header

Details

  • Type: Bug Bug
  • Status: Closed Closed
  • Priority: Major Major
  • Resolution: Fixed
  • Affects Version/s: 2.1.0
  • Fix Version/s: 2.2.0
  • Component/s: Artifacts and Repositories
  • Labels:
    None
  • Complexity:
    Intermediate
  • Number of attachments :
    0

Description

I'll cross-file (and link) this issue into wagon, but Sun's HTTPURLConnection implementation uses a line-wrapping Base64 implementation. When passwords are very long, this causes an invalid HTTP request, since the Authorization header's value is line-wrapped.

Issue Links

duplicates

Bug - A problem which impairs or prevents the functions of the product. WAGON-260 very long passwords cause LightweightHTTP wagon to line-wrap the Base64-encoded Authorization header

  • Major - Major loss of function.
  • Open - The issue is open and ready for the assignee to start work on it.
is duplicated by

Bug - A problem which impairs or prevents the functions of the product. MNG-4754 long name and password combination fail upon authentication with maven repository with mvn 2.2.1

  • Major - Major loss of function.
  • Closed - The issue is considered finished, the resolution is correct. Issues which are not closed can be reopened.
is related to

Bug - A problem which impairs or prevents the functions of the product. MNG-5112 Issue MNG-4147 re-current in maven 3.0.3

  • Major - Major loss of function.
  • Open - The issue is open and ready for the assignee to start work on it.
relates to

Bug - A problem which impairs or prevents the functions of the product. MNG-4207 Plugins that use ArtifactResolver with http repositories AND depend on log4j run into ExceptionInInitializerError

  • Blocker - Blocks development and/or testing work, production could not run
  • Closed - The issue is considered finished, the resolution is correct. Issues which are not closed can be reopened.

Activity

Ascending order - Click to sort in descending order
John Casey made changes -
Field Original Value New Value
Link This issue depends upon WAGON-260 [ WAGON-260 ]
Hide
Permalink
John Casey added a comment -

We're already using httpclient for the webdav wagon in maven 2.1.0, so the main reason for using HTTPURLConnection historically is moot.

Show
John Casey added a comment - We're already using httpclient for the webdav wagon in maven 2.1.0, so the main reason for using HTTPURLConnection historically is moot.
John Casey made changes -
Component/s Artifacts and Repositories [ 11338 ]
Affects Version/s 2.1.0 [ 14587 ]
Assignee John Casey [ jdcasey ]
Fix Version/s 2.1.1 [ 15103 ]
John Casey made changes -
Link This issue depends upon WAGON-260 [ WAGON-260 ]
John Casey made changes -
Link This issue is related to WAGON-260 [ WAGON-260 ]
Hide
Permalink
John Casey added a comment -

this is the issue for the lightweight wagon and line-wrapped Authorization headers.

Show
John Casey added a comment - this is the issue for the lightweight wagon and line-wrapped Authorization headers.
Hide
Permalink
John Casey added a comment -

We should move to the httpclient-based http wagon to avoid problems in Sun's HTTPURLConnection code.

Show
John Casey added a comment - We should move to the httpclient-based http wagon to avoid problems in Sun's HTTPURLConnection code.
Hide
Permalink
Brett Porter added a comment -

a workaround is to use dav:// instead of http:// for the URL

Show
Brett Porter added a comment - a workaround is to use dav:// instead of http:// for the URL
Hide
Permalink
John Casey added a comment -

switched to non-lightweight (httpclient-based) http wagon for 2.2.0

Show
John Casey added a comment - switched to non-lightweight (httpclient-based) http wagon for 2.2.0
John Casey made changes -
Resolution Fixed [ 1 ]
Status Open [ 1 ] Closed [ 6 ]
John Casey made changes -
Link This issue relates to MNG-4207 [ MNG-4207 ]
Hide
Permalink
Benjamin Bentmann added a comment -

For the record, the HTTP provider was switched back to the Lightweight JRE impl in Maven 2.2.1 so the issue generally remains. However, Maven 2.2.1 provides a way to select/configure the HTTP provider, allowing users to choose an impl that works for them, see also Advanced Configuration of the HttpClient HTTP Wagon.

Show
Benjamin Bentmann added a comment - For the record, the HTTP provider was switched back to the Lightweight JRE impl in Maven 2.2.1 so the issue generally remains. However, Maven 2.2.1 provides a way to select/configure the HTTP provider, allowing users to choose an impl that works for them, see also Advanced Configuration of the HttpClient HTTP Wagon .
Benjamin Bentmann made changes -
Link This issue is duplicated by MNG-4754 [ MNG-4754 ]
Brett Sutton made changes -
Link This issue is related to MNG-5112 [ MNG-5112 ]
Hide
Permalink
Chris Tanger added a comment -

It appears that Advanced Configuration has potentially show stopping issues esp. when authentication is needed with Nexus server (1.9.1.1)
http://jira.codehaus.org/browse/MNG-4792

Show
Chris Tanger added a comment - It appears that Advanced Configuration has potentially show stopping issues esp. when authentication is needed with Nexus server (1.9.1.1) http://jira.codehaus.org/browse/MNG-4792
Olivier Lamy made changes -
Link This issue duplicates WAGON-260 [ WAGON-260 ]
Olivier Lamy made changes -
Link This issue is related to WAGON-260 [ WAGON-260 ]

People

  • Assignee:
    John Casey
    Reporter:
    John Casey
Vote (0)
Watch (0)

Dates

  • Created:
    Updated:
    Resolved: