Maven
  1. Maven
  2. MNG-5253

exception from mvn deploy, fails when the username and password are too secure/long

    Details

    • Type: Bug Bug
    • Status: Closed Closed
    • Priority: Major Major
    • Resolution: Duplicate
    • Affects Version/s: 3.0.3
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None
    • Complexity:
      Intermediate
    • Testcase included:
      yes
    • Number of attachments :
      2

      Description

      If the combination of the username and password is too long, the Base64 encoder used inserts newlines in the encoded value, which is invalid

      java.lang.IllegalArgumentException: Illegal character(s) in message header value: Basic c29tZVVzZXJuYW1lOnNvbWVMb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29v
      b29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vbmdQYXNzd29yZA==
      [INFO] ------------------------------------------------------------------------
      [INFO] BUILD FAILURE
      [INFO] ------------------------------------------------------------------------

      Attaching a sample pom and settings, run 'mvn -s settings.xml deploy' to reproduce

      1. pom.xml
        0.6 kB
        Scott Clasen
      2. settings.xml
        0.2 kB
        Scott Clasen

        Activity

        Hide
        Barrie Treloar added a comment -

        See duplicate WAGON-260 with workaround of setting password to no greater than 76 characters.

        Show
        Barrie Treloar added a comment - See duplicate WAGON-260 with workaround of setting password to no greater than 76 characters.
        Hide
        Scott Clasen added a comment -

        Hmm the workaround to deploy failing when the password is too long is to not use a password that is too long??? Thats not a workaround.

        Show
        Scott Clasen added a comment - Hmm the workaround to deploy failing when the password is too long is to not use a password that is too long??? Thats not a workaround.
        Hide
        Barrie Treloar added a comment -

        I know, but given that the bug is actually in the JVM, and one they have not fixed until Java 7 you do not have any other options.
        A 76 character password is still secure enough.

        Show
        Barrie Treloar added a comment - I know, but given that the bug is actually in the JVM, and one they have not fixed until Java 7 you do not have any other options. A 76 character password is still secure enough.
        Hide
        Scott Clasen added a comment -

        Hmm, this a base64 encoded combination of user and password, which is far less than a 76 char password, quite a blanket statement to just say its secure enough.

        i would suggest that the workaround is to use httpclient instead of HTTPURLConnection, but I assume this would have been done if it was something straightforward to do.

        Show
        Scott Clasen added a comment - Hmm, this a base64 encoded combination of user and password, which is far less than a 76 char password, quite a blanket statement to just say its secure enough. i would suggest that the workaround is to use httpclient instead of HTTPURLConnection, but I assume this would have been done if it was something straightforward to do.

          People

          • Assignee:
            Unassigned
            Reporter:
            Scott Clasen
          • Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: