You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@maven.apache.org by "Frank Schwab (Jira)" <ji...@apache.org> on 2021/05/10 07:56:00 UTC
[jira] [Created] (MNG-7150) Setting credential character
set/encoding for basic authentication in settings.xml not documented
Frank Schwab created MNG-7150:
---------------------------------
Summary: Setting credential character set/encoding for basic authentication in settings.xml not documented
Key: MNG-7150
URL: https://issues.apache.org/jira/browse/MNG-7150
Project: Maven
Issue Type: Bug
Components: Documentation: General
Affects Versions: 3.8.1
Reporter: Frank Schwab
We want to publish some artifacts to a repository, so we set up a {{settings.xml}} file which contains the following lines to specify the repo server:
{code:xml}
<servers>
<server>
<id>some-repo</id>
<username>testuser</username>
<password>{U8jAeLVPH88HRYGnDpbAmAXPtUPSqbrtxxuZoR513V4=}</password>
</server>
</servers>
<profile>
<id>some-repo</id>
<repositories>
<repository>
<id>some repo</id>
<name>Some repository</name>
<url>https://our.url.com/artifactory/list/some-repo/</url>
</repository>
</repositories>
</profile>
{code}
When I run a {{mvn deploy:deploy-file}} command this works fine, except when the user {{testuser}} has a password that contains non-ASCII characters. In that case the non-ASCII characters in the password are replaced by the maven client with question marks when maven authenticates to the repo server.
I searched the internet up and down and asked in the maven user mailing list but I could not find a fix I traced this down to the following code in Maven:
The class {{org.apache.maven.wagon.providers.http.httpclient.impl.auth.RFC2617Scheme}} has two methods which look like this:
{code:java}
public Charset getCredentialsCharset() {
return credentialsCharset != null ? credentialsCharset : Consts.ASCII;
}
String getCredentialsCharset(final HttpRequest request) {
String charset = (String) request.getParams().getParameter(AuthPNames.CREDENTIAL_CHARSET);
if (charset == null) {
charset = getCredentialsCharset().name();
}
return charset;
}
{code}
The call {{request.getParams().getParameter(AuthPNames.CREDENTIAL_CHARSET)}} returns {{null}} so the default character set is used which is {{US-ASCII}}. So the password that up to this point is correct, is converted to {{US-ASCII}} and all non-ASCII characters are replaced by a “?”.
Our repo server expects {{UTF-8}}. This encoding is also used in other programming languages like Rust, Go, or Ruby.
The parameter {{AuthPNames.CREDENTIAL_CHARSET}} has the value {{http.auth.credential-charset}}. So I tried to set this parameter in the {{settings.xml}} like this:
{code:xml}
<servers>
<server>
<id>some-repo</id>
<configuration>
<httpConfiguration>
<all>
<params>
<param>
<name>http.auth.credential-charset</name>
<value>UTF-8</value>
</param>
</params>
</all>
</httpConfiguration>
<username>testuser</username>
<password>{U8jAeLVPH88HRYGnDpbAmAXPtUPSqbrtxxuZoR513V4=}</password>
</server>
</servers>
{code}
But that did not change the behaviour. The password is still sent with a "?" instead of the non-ASCII characters.
There should be a documentation that explains how the character set/encoding for the *credentials* in the {{settings.xml}} file is specified. At least I could not find it and in the user Maven email list nobody could point me to the documentation.
N.B. Maybe it would be a good idea to change the default encoding to {{UTF-8}} but this is not (yet) in the scope of this issue.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)