You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@maven.apache.org by "Olivier Lamy (JIRA)" <ji...@codehaus.org> on 2013/01/24 23:33:13 UTC

[jira] (MANTTASKS-177) artifact:dependencies ignores settings-security.xml and sends password hash to repository

     [ https://jira.codehaus.org/browse/MANTTASKS-177?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Olivier Lamy closed MANTTASKS-177.
----------------------------------

       Resolution: Fixed
    Fix Version/s: 3.0.0-beta-1
         Assignee: Olivier Lamy

fixed http://svn.apache.org/r1438231
Thanks !
                
> artifact:dependencies ignores settings-security.xml and sends password hash to repository
> -----------------------------------------------------------------------------------------
>
>                 Key: MANTTASKS-177
>                 URL: https://jira.codehaus.org/browse/MANTTASKS-177
>             Project: Maven 2.x Ant Tasks
>          Issue Type: Bug
>          Components: dependencies task
>    Affects Versions: 2.1.0
>         Environment: Mac OS X, Ant 1.7.1, Maven 2.2.1, maven-ant-tasks 2.1.0, Sonatype Nexus Open Source Edition 1.5.0
>            Reporter: Ross Mellgren
>            Assignee: Olivier Lamy
>             Fix For: 3.0.0-beta-1
>
>         Attachments: decrypt.patch
>
>
> I have a mirror repository configured in .m2/settings.xml, and its <server> entry uses an encrypted password in <password>, using the master password set in .m2/settings-security.xml.
> I followed this guide:
> http://maven.apache.org/guides/mini/guide-encryption.html
> I get authentication errors every time i use
> {code:xml}
> <?xml version="1.0" ?>
> <settings>
>     <mirrors>
>         <mirror>
>             <id>paytronix-public</id>
>             <url>https://greylock.corp.paytronix.com/nexus/content/groups/public</url>
>             <mirrorOf>*</mirrorOf>
>         </mirror>
>     </mirrors>
>     <servers>
>         <server>
>             <id>paytronix-public</id>
>             <username>rmellgren</username>
> <!-- <password> element omitted -->
>         </server>
>     </servers>
> </settings>
> {code}
> I switched to http and then used tcpdump to watch the request, then decoded the Authorization header. The {mumblemumble} password hash was sent not the decrypted password.
> Looking into maven-ant-tasks.jar, I see a META-INF/plexus/components.xml which does not include plexus-sec-dispatcher from maven-core. I tried spinning my own copy of maven-ant-tasks with the appropriate component for plexus-sec-dispatcher added, but it didn't work, so I think I'm out of my depth in the troubleshooting/rectification department.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://jira.codehaus.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira