You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@maven.apache.org by "Michael Osipov (Jira)" <ji...@apache.org> on 2022/06/15 10:30:00 UTC

[jira] [Updated] (WAGON-627) Maven deploy fails with 401 Unauthorized when using £ in password

     [ https://issues.apache.org/jira/browse/WAGON-627?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Michael Osipov updated WAGON-627:
---------------------------------
    Affects Version/s: 3.5.1

> Maven deploy fails with 401 Unauthorized when using £ in password
> -----------------------------------------------------------------
>
>                 Key: WAGON-627
>                 URL: https://issues.apache.org/jira/browse/WAGON-627
>             Project: Maven Wagon
>          Issue Type: Bug
>    Affects Versions: 3.5.1
>            Reporter: Nélson Cunha
>            Assignee: Michael Osipov
>            Priority: Major
>         Attachments: image-2022-06-08-20-06-39-388.png, image-2022-06-08-20-09-57-536.png, image-2022-06-09-16-52-04-876.png, image-2022-06-09-16-52-19-905.png, image-2022-06-09-17-01-18-568.png
>
>
> Hello.
> I'm using Apache Maven 3.6.3 and maven-deploy-plugin 2.8.2 on Oracle's Java version 1.8.0_321 and I'm currently receiving the 401  Unauthorized error when deploying an artifact to Sonatype Nexus:
> {noformat}
> [ERROR] Failed to execute goal org.apache.maven.plugins:maven-deploy-plugin:2.8.2:deploy (default-deploy) on project XXX: Failed to deploy artifacts: Could not transfer artifact XXX:XXX:pom:4.0.0-20220608.184337-1 from/to nexus-snapshots (http://.../repository/maven-snapshots/): Transfer failed for http://...-4.0.0-20220608.184337-1.pom 401 Unauthorized -> [Help 1]{noformat}
>  
> This error showed up after I changed my password with a leading {{£}} character.
>  
> Using Wireshark to capture the HTTP packages exchanged between the maven client and the nexus repository, I see 3 interactions:
>  # unauthenticated GET request for a maven-metadata.xml file, followed by a 401 response
>  # authenticated GET request for the same maven-metadata.xml file, followed by a 404 response
>  # authenticated PUT request for the pom file, followed by a 401 response
>  
> Now, analyzing the headers for the second and third request I noticed the base64 on the Authentication header is not the same.
>  * 2nd request: GET metadata
> !image-2022-06-08-20-06-39-388.png!
>  
>  * 3rd request PUT pom
> !image-2022-06-08-20-09-57-536.png!
>  
> The decoded base64 with the username:password, shows that, as expected, the request that received a 404 holds the right password, but on the other hand, the PUT request that got a 401 has a password with a {{?}} for the {{{}£{}}}. 
>  
> All the servers on my {{settings.xml}} hold the same user/password and I have tried with the passwords encoded and in plain text.
>  
>  
> Further tests with base64 encoding and decoding showed that the "wrong" password is the actual password but encoded from an ANSI code page where the password accepted by Nexus is encoded from utf8.
>  
> I noticed the 401 responses don't specify the encoding on the {{WWW-Authenticate}} header, which should clear up which encoding to use, but still for some reason the two requests are apparently using different encodings.



--
This message was sent by Atlassian Jira
(v8.20.7#820007)