You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@maven.apache.org by "Cintia DR (Jira)" <ji...@apache.org> on 2020/04/27 09:28:00 UTC
[jira] [Updated] (WAGON-590) Maven 3.5.0+ don't seem to send
credentials after 301/302 http redirect
[ https://issues.apache.org/jira/browse/WAGON-590?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Cintia DR updated WAGON-590:
----------------------------
Description:
Since maven 3.5.0 (including 3.6.3), maven seems to not send server credentials if distributionManagement server response was a 301 or 302 HTTP redirect. Note that the redirect is followed, but I receive unauthorised code.
Maven 3.2.5 and 3.3.9 work as expected. I could reproduce it on ubuntu and OSX. Both are JDK 8, not sure if it could make any difference.
All maven versions (including 3.2.5 and 3.3.9) are using the same version of the deploy plugin (2.7), and upgrading it made no difference whatsoever.
----
If I use '[https://openmrs.jfrog.io/artifactory/snapshots/'] as my 'distributionManagement', credentials are sent.
If I use '[https://mavenrepo.openmrs.org/proxy/snapshots/|https://mavenrepo.openmrs.org/snapshots/']' (a reverse proxy to '[https://openmrs.jfrog.io/artifactory/snapshots/|https://openmrs.jfrog.io/artifactory/snapshots/']') credentials are sent.
If I use '[https://mavenrepo.openmrs.org/snapshots/'] (a 301 redirect to [https://openmrs.jfrog.io/artifactory/snapshots/|https://openmrs.jfrog.io/artifactory/snapshots/']) as my distributionManagement, credentials are _not_ sent and the request fails as it's unauthenticated.
You can see the configuration of 'mavenrepo.openmrs.org' server here: [https://github.com/openmrs/openmrs-contrib-itsmresources/blob/master/ansible/host_vars/campo.openmrs.org/vars#L33]
All my artefacts are public to download, so I don't have a way to testing downloading artefacts with server credentials.
----
This is how the output looks like in maven 3.6.3:
{code:java}
[INFO] --- maven-deploy-plugin:2.7:deploy (default-deploy) @ releasetestmodule ---
Downloading from openmrs-repo-snapshots: https://mavenrepo.openmrs.org/nexus/content/repositories/snapshots/org/openmrs/module/releasetestmodule/2.1.22-SNAPSHOT/maven-metadata.xml
Downloaded from openmrs-repo-snapshots: https://mavenrepo.openmrs.org/nexus/content/repositories/snapshots/org/openmrs/module/releasetestmodule/2.1.22-SNAPSHOT/maven-metadata.xml (616 B at 132 B/s)
Uploading to openmrs-repo-snapshots: https://mavenrepo.openmrs.org/nexus/content/repositories/snapshots/org/openmrs/module/releasetestmodule/2.1.22-SNAPSHOT/releasetestmodule-2.1.22-20200427.091851-13.pom
...
[ERROR] Failed to execute goal org.apache.maven.plugins:maven-deploy-plugin:2.7:deploy (default-deploy) on project releasetestmodule: Failed to deploy artifacts: Could not transfer artifact org.openmrs.module:releasetestmodule:pom:2.1.22-20200427.091851-13 from/to openmrs-repo-snapshots (https://mavenrepo.openmrs.org/nexus/content/repositories/snapshots): Transfer failed for https://openmrs.jfrog.io/artifactory/snapshots/org/openmrs/module/releasetestmodule/2.1.22-SNAPSHOT/releasetestmodule-2.1.22-20200427.091851-13.pom 401 Unauthorized -> [Help 1]{code}
was:
Since maven 3.5.0 (including 3.6.3), maven seems to not send credentials if distributionManagement string was a 301 or 302 HTTP redirect. Note that the redirect is followed, but I receive unauthorised code.
Maven 3.2.5 and 3.3.9 work as expected. I could reproduce it on ubuntu and OSX. Both are JDK 8, not sure if it could make any difference.
All maven versions (including 3.2.5 and 3.3.9) are using the same version of the deploy plugin (2.7), and upgrading it made no difference whatsoever.
-----
If I use '[https://openmrs.jfrog.io/artifactory/snapshots/'] as my 'distributionManagement', credentials are sent.
If I use '[https://mavenrepo.openmrs.org/proxy/snapshots/|https://mavenrepo.openmrs.org/snapshots/']' (a reverse proxy to '[https://openmrs.jfrog.io/artifactory/snapshots/|https://openmrs.jfrog.io/artifactory/snapshots/']') credentials are sent.
If I use '[https://mavenrepo.openmrs.org/snapshots/'] (a 301 redirect to [https://openmrs.jfrog.io/artifactory/snapshots/|https://openmrs.jfrog.io/artifactory/snapshots/']) as my distributionManagement, credentials are _not_ sent and the request fails as it's unauthenticated.
You can see the configuration of 'mavenrepo.openmrs.org' server here: [https://github.com/openmrs/openmrs-contrib-itsmresources/blob/master/ansible/host_vars/campo.openmrs.org/vars#L33]
-----
This is how the output looks like in maven 3.6.3:
{code:java}
[INFO] --- maven-deploy-plugin:2.7:deploy (default-deploy) @ releasetestmodule ---
Downloading from openmrs-repo-snapshots: https://mavenrepo.openmrs.org/nexus/content/repositories/snapshots/org/openmrs/module/releasetestmodule/2.1.22-SNAPSHOT/maven-metadata.xml
Downloaded from openmrs-repo-snapshots: https://mavenrepo.openmrs.org/nexus/content/repositories/snapshots/org/openmrs/module/releasetestmodule/2.1.22-SNAPSHOT/maven-metadata.xml (616 B at 132 B/s)
Uploading to openmrs-repo-snapshots: https://mavenrepo.openmrs.org/nexus/content/repositories/snapshots/org/openmrs/module/releasetestmodule/2.1.22-SNAPSHOT/releasetestmodule-2.1.22-20200427.091851-13.pom
...
[ERROR] Failed to execute goal org.apache.maven.plugins:maven-deploy-plugin:2.7:deploy (default-deploy) on project releasetestmodule: Failed to deploy artifacts: Could not transfer artifact org.openmrs.module:releasetestmodule:pom:2.1.22-20200427.091851-13 from/to openmrs-repo-snapshots (https://mavenrepo.openmrs.org/nexus/content/repositories/snapshots): Transfer failed for https://openmrs.jfrog.io/artifactory/snapshots/org/openmrs/module/releasetestmodule/2.1.22-SNAPSHOT/releasetestmodule-2.1.22-20200427.091851-13.pom 401 Unauthorized -> [Help 1]
{code}
> Maven 3.5.0+ don't seem to send credentials after 301/302 http redirect
> -----------------------------------------------------------------------
>
> Key: WAGON-590
> URL: https://issues.apache.org/jira/browse/WAGON-590
> Project: Maven Wagon
> Issue Type: Bug
> Reporter: Cintia DR
> Priority: Major
>
> Since maven 3.5.0 (including 3.6.3), maven seems to not send server credentials if distributionManagement server response was a 301 or 302 HTTP redirect. Note that the redirect is followed, but I receive unauthorised code.
> Maven 3.2.5 and 3.3.9 work as expected. I could reproduce it on ubuntu and OSX. Both are JDK 8, not sure if it could make any difference.
>
> All maven versions (including 3.2.5 and 3.3.9) are using the same version of the deploy plugin (2.7), and upgrading it made no difference whatsoever.
> ----
> If I use '[https://openmrs.jfrog.io/artifactory/snapshots/'] as my 'distributionManagement', credentials are sent.
> If I use '[https://mavenrepo.openmrs.org/proxy/snapshots/|https://mavenrepo.openmrs.org/snapshots/']' (a reverse proxy to '[https://openmrs.jfrog.io/artifactory/snapshots/|https://openmrs.jfrog.io/artifactory/snapshots/']') credentials are sent.
> If I use '[https://mavenrepo.openmrs.org/snapshots/'] (a 301 redirect to [https://openmrs.jfrog.io/artifactory/snapshots/|https://openmrs.jfrog.io/artifactory/snapshots/']) as my distributionManagement, credentials are _not_ sent and the request fails as it's unauthenticated.
>
> You can see the configuration of 'mavenrepo.openmrs.org' server here: [https://github.com/openmrs/openmrs-contrib-itsmresources/blob/master/ansible/host_vars/campo.openmrs.org/vars#L33]
>
> All my artefacts are public to download, so I don't have a way to testing downloading artefacts with server credentials.
>
> ----
> This is how the output looks like in maven 3.6.3:
> {code:java}
>
> [INFO] --- maven-deploy-plugin:2.7:deploy (default-deploy) @ releasetestmodule ---
> Downloading from openmrs-repo-snapshots: https://mavenrepo.openmrs.org/nexus/content/repositories/snapshots/org/openmrs/module/releasetestmodule/2.1.22-SNAPSHOT/maven-metadata.xml
> Downloaded from openmrs-repo-snapshots: https://mavenrepo.openmrs.org/nexus/content/repositories/snapshots/org/openmrs/module/releasetestmodule/2.1.22-SNAPSHOT/maven-metadata.xml (616 B at 132 B/s)
> Uploading to openmrs-repo-snapshots: https://mavenrepo.openmrs.org/nexus/content/repositories/snapshots/org/openmrs/module/releasetestmodule/2.1.22-SNAPSHOT/releasetestmodule-2.1.22-20200427.091851-13.pom
> ...
> [ERROR] Failed to execute goal org.apache.maven.plugins:maven-deploy-plugin:2.7:deploy (default-deploy) on project releasetestmodule: Failed to deploy artifacts: Could not transfer artifact org.openmrs.module:releasetestmodule:pom:2.1.22-20200427.091851-13 from/to openmrs-repo-snapshots (https://mavenrepo.openmrs.org/nexus/content/repositories/snapshots): Transfer failed for https://openmrs.jfrog.io/artifactory/snapshots/org/openmrs/module/releasetestmodule/2.1.22-SNAPSHOT/releasetestmodule-2.1.22-20200427.091851-13.pom 401 Unauthorized -> [Help 1]{code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)