You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@maven.apache.org by "Brad Hendricks (JIRA)" <ji...@codehaus.org> on 2010/01/19 16:25:57 UTC

[jira] Commented: (WAGON-291) Maven uses artifact download credentials during deployment in some circumstances

    [ http://jira.codehaus.org/browse/WAGON-291?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=207480#action_207480 ] 

Brad Hendricks commented on WAGON-291:
--------------------------------------

I believe I am also suffering from this issue.

I am using maven 2.2.1 on OS X, and I have a pom.xml which has a repo configured in the Repositories section, as well as a different repository configured in the DistributionManagement section.  I am using Nexus as the repository, the Repositories section acutally points to a Group and the DistributionManagement section points to the underlying repository, thus the urls are like

https://foo.com/My_Group/
and
https://foo.com/snapshots/

In my settings.xml I have two server entries for these repos, the first one has a read-only account and the second one has an account with deployment rights.  I am unable to deploy my project.  The Nexus logs show that during deployment maven attempts to authenticate using the credentials of the first server and not the deployment credentials.

If I remove the entry from the Repositories section I am able to deploy.

> Maven uses artifact download credentials during deployment in some circumstances
> --------------------------------------------------------------------------------
>
>                 Key: WAGON-291
>                 URL: http://jira.codehaus.org/browse/WAGON-291
>             Project: Maven Wagon
>          Issue Type: Bug
>          Components: wagon-http-lightweight
>    Affects Versions: 1.0-beta-6
>            Reporter: Rich Seddon
>
> If Maven downloads an artifact using authorization, this authorization seems to be cached, which can cause a subsequent deployment to succeed where it should have failed.
> Steps to reproduce:
> # Set up a build which will require downloading an artifact from a Nexus server which requires authentication, and configure your settings.xml appropriately.
> # Create a project with a distribution management section which points to a repository in the above server. Make sure the repository id doesn't exist in your settings.xml
> # Run "mvn deploy"
> What happens:
> If the credentials used to download artifacts from Nexus have deployment privileges in the Nexus repository the deployment will succeed.
> Now run "mvn deploy" again. This time the deployment will fail with a 401 code.
> This bug exists in both Maven 2.2.1 and the latest Maven 3.0 snapshots.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira