Maven SCM
  1. Maven SCM
  2. SCM-415

1.1 requires setting a Perforce password breaking Perforce setup for external authentication

    Details

    • Type: Bug Bug
    • Status: Closed Closed
    • Priority: Blocker Blocker
    • Resolution: Fixed
    • Affects Version/s: 1.1
    • Fix Version/s: 1.2
    • Labels:
      None
    • Complexity:
      Intermediate
    • Number of attachments :
      2

      Description

      checkin r654744 for SCM-363 introduces a requirement to set a Perforce password.
      This will break the SCM provider when Perforce is configured to not accept a password. This will be the case when using the OS security instead of Perforce' own.
      The SCM pluging throws an exception when not providing a password, Perforce throws an error when trying to login with a (dummy) password.

      When no username and/or password is provided, the Perforce login step should be skipped.

      =========
      Perforce login output when running p4 from the command prompt:
      p4 login
      'login' not necessary, no password set for this user.

      p4 login john
      You don't have permission for this operation.

      =========

      Offending code:
      PerforceLoginCommand.java

      if ( StringUtils.isEmpty( repo.getPassword() ) )

      { throw new ScmException( "password is required for the perforce scm plugin." ); }
      1. perforce_login.patch
        2 kB
        ajbanck
      2. scm-415.patch
        3 kB
        Peter Janes

        Issue Links

          Activity

          Hide
          ajbanck added a comment -

          Patch to allow login when no username/password is provided. This will use Perforce current user.

          Show
          ajbanck added a comment - Patch to allow login when no username/password is provided. This will use Perforce current user.
          Hide
          Peter Janes added a comment -

          Alternative patch that logs an info message when no password is set and attempts to continue. This also allows for ticket-based login using Perforce's cache.

          Show
          Peter Janes added a comment - Alternative patch that logs an info message when no password is set and attempts to continue. This also allows for ticket-based login using Perforce's cache.
          Hide
          ajbanck added a comment -

          Second patch also works for me.

          Show
          ajbanck added a comment - Second patch also works for me.
          Hide
          Jeff Jensen added a comment -

          I am adding this comment to hopefully provide additional Perforce context.

          Basically, the Maven SCM Perforce provider always requires a userid and password; it always passes them on the command line using the -u -P arguments. This causes an unsolvable problem for many Perforce installations.

          Since 2003, Perforce has a login feature that does not use userid and password specified with the command (args -u and -P, respectively). In fact, the highest Perforce security level prevents specifying the password on the command line and requires using the login feature.

          Perforce has 4 security levels, numbered 0 through 3. They are defined here:
          http://www.perforce.com/perforce/doc.081/manuals/p4sag/03_superuser.html#1081537

          Security levels 0-2 allow the specification of the password on the command line. Security level 3 only allows access via the login feature.

          If the Perforce security level is 3, then specifying -P <password> does not work and Perforce errors with "Password not allowed at this server security level, use 'p4 login'."

          However, when not specifying the password to the SCM plugin, the plugin errors with "password is required for the perforce scm plugin."

          This is why it is an unsolvable problem for the user with security level 3...the SCM plugin requires a password, Perforce won't allow a password specified with the command.

          Therefore, it seems incorrect to make the password argument required, as the user could already be logged in via the login feature.

          Another option is to change the SCM login to use the Perforce login feature, since it will always work.

          Note that p4 login is possible at all security levels.

          Show
          Jeff Jensen added a comment - I am adding this comment to hopefully provide additional Perforce context. Basically, the Maven SCM Perforce provider always requires a userid and password; it always passes them on the command line using the -u -P arguments. This causes an unsolvable problem for many Perforce installations. Since 2003, Perforce has a login feature that does not use userid and password specified with the command (args -u and -P, respectively). In fact, the highest Perforce security level prevents specifying the password on the command line and requires using the login feature. Perforce has 4 security levels, numbered 0 through 3. They are defined here: http://www.perforce.com/perforce/doc.081/manuals/p4sag/03_superuser.html#1081537 Security levels 0-2 allow the specification of the password on the command line. Security level 3 only allows access via the login feature. If the Perforce security level is 3, then specifying -P <password> does not work and Perforce errors with "Password not allowed at this server security level, use 'p4 login'." However, when not specifying the password to the SCM plugin, the plugin errors with "password is required for the perforce scm plugin." This is why it is an unsolvable problem for the user with security level 3...the SCM plugin requires a password, Perforce won't allow a password specified with the command. Therefore, it seems incorrect to make the password argument required, as the user could already be logged in via the login feature. Another option is to change the SCM login to use the Perforce login feature, since it will always work. Note that p4 login is possible at all security levels.
          Hide
          Carlos Sanchez added a comment -

          Patch applied. Thanks

          Show
          Carlos Sanchez added a comment - Patch applied. Thanks

            People

            • Assignee:
              Carlos Sanchez
              Reporter:
              ajbanck
            • Votes:
              4 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: