You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@maven.apache.org by "Rich Seddon (JIRA)" <ji...@codehaus.org> on 2009/11/11 00:30:55 UTC
[jira] Created: (MNG-4435) Maven uses artifact download credentials
during deployment in some circumstances
Maven uses artifact download credentials during deployment in some circumstances
--------------------------------------------------------------------------------
Key: MNG-4435
URL: http://jira.codehaus.org/browse/MNG-4435
Project: Maven 2
Issue Type: Bug
Components: Deployment
Affects Versions: 2.2.1
Reporter: Rich Seddon
If Maven downloads an artifact using authorization, this authorization seems to be cached, which can cause a subsequent deployment to succeed where it should have failed.
Steps to reproduce:
# Set up a build which will require downloading an artifact from a Nexus server which requires authentication, and configure your settings.xml appropriately.
# Create a project with a distribution management section which points to a repository in the above server. Make sure the repository id doesn't exist in your settings.xml
# Run "mvn deploy"
What happens:
If the credentials used to download artifacts from Nexus have deployment privileges in the Nexus repository the deployment will succeed.
Now run "mvn deploy" again. This time the deployment will fail with a 401 code.
This bug exists in both Maven 2.2.1 and the latest Maven 3.0 snapshots.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Moved: (WAGON-291) Maven uses artifact download credentials
during deployment in some circumstances
Posted by "Brian Fox (JIRA)" <ji...@codehaus.org>.
[ http://jira.codehaus.org/browse/WAGON-291?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Brian Fox moved MNG-4435 to WAGON-291:
--------------------------------------
Complexity: (was: Intermediate)
Component/s: (was: Deployment)
wagon-http
Affects Version/s: (was: 2.2.1)
1.0-beta-6
Key: WAGON-291 (was: MNG-4435)
Project: Maven Wagon (was: Maven 2)
> Maven uses artifact download credentials during deployment in some circumstances
> --------------------------------------------------------------------------------
>
> Key: WAGON-291
> URL: http://jira.codehaus.org/browse/WAGON-291
> Project: Maven Wagon
> Issue Type: Bug
> Components: wagon-http
> Affects Versions: 1.0-beta-6
> Reporter: Rich Seddon
>
> If Maven downloads an artifact using authorization, this authorization seems to be cached, which can cause a subsequent deployment to succeed where it should have failed.
> Steps to reproduce:
> # Set up a build which will require downloading an artifact from a Nexus server which requires authentication, and configure your settings.xml appropriately.
> # Create a project with a distribution management section which points to a repository in the above server. Make sure the repository id doesn't exist in your settings.xml
> # Run "mvn deploy"
> What happens:
> If the credentials used to download artifacts from Nexus have deployment privileges in the Nexus repository the deployment will succeed.
> Now run "mvn deploy" again. This time the deployment will fail with a 401 code.
> This bug exists in both Maven 2.2.1 and the latest Maven 3.0 snapshots.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (WAGON-291) Maven uses artifact download
credentials during deployment in some circumstances
Posted by "Brad Hendricks (JIRA)" <ji...@codehaus.org>.
[ http://jira.codehaus.org/browse/WAGON-291?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=207480#action_207480 ]
Brad Hendricks commented on WAGON-291:
--------------------------------------
I believe I am also suffering from this issue.
I am using maven 2.2.1 on OS X, and I have a pom.xml which has a repo configured in the Repositories section, as well as a different repository configured in the DistributionManagement section. I am using Nexus as the repository, the Repositories section acutally points to a Group and the DistributionManagement section points to the underlying repository, thus the urls are like
https://foo.com/My_Group/
and
https://foo.com/snapshots/
In my settings.xml I have two server entries for these repos, the first one has a read-only account and the second one has an account with deployment rights. I am unable to deploy my project. The Nexus logs show that during deployment maven attempts to authenticate using the credentials of the first server and not the deployment credentials.
If I remove the entry from the Repositories section I am able to deploy.
> Maven uses artifact download credentials during deployment in some circumstances
> --------------------------------------------------------------------------------
>
> Key: WAGON-291
> URL: http://jira.codehaus.org/browse/WAGON-291
> Project: Maven Wagon
> Issue Type: Bug
> Components: wagon-http-lightweight
> Affects Versions: 1.0-beta-6
> Reporter: Rich Seddon
>
> If Maven downloads an artifact using authorization, this authorization seems to be cached, which can cause a subsequent deployment to succeed where it should have failed.
> Steps to reproduce:
> # Set up a build which will require downloading an artifact from a Nexus server which requires authentication, and configure your settings.xml appropriately.
> # Create a project with a distribution management section which points to a repository in the above server. Make sure the repository id doesn't exist in your settings.xml
> # Run "mvn deploy"
> What happens:
> If the credentials used to download artifacts from Nexus have deployment privileges in the Nexus repository the deployment will succeed.
> Now run "mvn deploy" again. This time the deployment will fail with a 401 code.
> This bug exists in both Maven 2.2.1 and the latest Maven 3.0 snapshots.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Updated: (WAGON-291) Maven uses artifact download
credentials during deployment in some circumstances
Posted by "Brian Fox (JIRA)" <ji...@codehaus.org>.
[ http://jira.codehaus.org/browse/WAGON-291?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Brian Fox updated WAGON-291:
----------------------------
Component/s: (was: wagon-http)
wagon-http-lightweight
Description:
If Maven downloads an artifact using authorization, this authorization seems to be cached, which can cause a subsequent deployment to succeed where it should have failed.
Steps to reproduce:
# Set up a build which will require downloading an artifact from a Nexus server which requires authentication, and configure your settings.xml appropriately.
# Create a project with a distribution management section which points to a repository in the above server. Make sure the repository id doesn't exist in your settings.xml
# Run "mvn deploy"
What happens:
If the credentials used to download artifacts from Nexus have deployment privileges in the Nexus repository the deployment will succeed.
Now run "mvn deploy" again. This time the deployment will fail with a 401 code.
This bug exists in both Maven 2.2.1 and the latest Maven 3.0 snapshots.
was:
If Maven downloads an artifact using authorization, this authorization seems to be cached, which can cause a subsequent deployment to succeed where it should have failed.
Steps to reproduce:
# Set up a build which will require downloading an artifact from a Nexus server which requires authentication, and configure your settings.xml appropriately.
# Create a project with a distribution management section which points to a repository in the above server. Make sure the repository id doesn't exist in your settings.xml
# Run "mvn deploy"
What happens:
If the credentials used to download artifacts from Nexus have deployment privileges in the Nexus repository the deployment will succeed.
Now run "mvn deploy" again. This time the deployment will fail with a 401 code.
This bug exists in both Maven 2.2.1 and the latest Maven 3.0 snapshots.
We saw this when using the lightweight code also in some ITs. It appears that it's the Jdk urlconnection that is doing the actual caching and I don't think we ever figured out how to make it stop. It seems to remember the host and pre-emptively send the credentials, which turns out is a good thing in many cases because it reduces the upload requirements on authenticated repos.
> Maven uses artifact download credentials during deployment in some circumstances
> --------------------------------------------------------------------------------
>
> Key: WAGON-291
> URL: http://jira.codehaus.org/browse/WAGON-291
> Project: Maven Wagon
> Issue Type: Bug
> Components: wagon-http-lightweight
> Affects Versions: 1.0-beta-6
> Reporter: Rich Seddon
>
> If Maven downloads an artifact using authorization, this authorization seems to be cached, which can cause a subsequent deployment to succeed where it should have failed.
> Steps to reproduce:
> # Set up a build which will require downloading an artifact from a Nexus server which requires authentication, and configure your settings.xml appropriately.
> # Create a project with a distribution management section which points to a repository in the above server. Make sure the repository id doesn't exist in your settings.xml
> # Run "mvn deploy"
> What happens:
> If the credentials used to download artifacts from Nexus have deployment privileges in the Nexus repository the deployment will succeed.
> Now run "mvn deploy" again. This time the deployment will fail with a 401 code.
> This bug exists in both Maven 2.2.1 and the latest Maven 3.0 snapshots.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira