You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@maven.apache.org by "Michael Osipov (Jira)" <ji...@apache.org> on 2021/05/10 11:25:00 UTC
[jira] [Commented] (MNG-7150) Setting credential character
set/encoding for basic authentication in settings.xml not documented
[ https://issues.apache.org/jira/browse/MNG-7150?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17341838#comment-17341838 ]
Michael Osipov commented on MNG-7150:
-------------------------------------
I don't believe that. See WAGON-538, WAGON-540. Please provide a hex dump of settings.xml and the HttpClient wire log.
> Setting credential character set/encoding for basic authentication in settings.xml not documented
> -------------------------------------------------------------------------------------------------
>
> Key: MNG-7150
> URL: https://issues.apache.org/jira/browse/MNG-7150
> Project: Maven
> Issue Type: Bug
> Components: Documentation: General
> Affects Versions: 3.8.1
> Reporter: Frank Schwab
> Priority: Major
>
> We want to publish some artifacts to a repository, so we set up a {{settings.xml}} file which contains the following lines to specify the repo server:
> {code:xml}
> <servers>
> <server>
> <id>some-repo</id>
> <username>testuser</username>
> <password>{U8jAeLVPH88HRYGnDpbAmAXPtUPSqbrtxxuZoR513V4=}</password>
> </server>
> </servers>
> <profile>
> <id>some-repo</id>
> <repositories>
> <repository>
> <id>some repo</id>
> <name>Some repository</name>
> <url>https://our.url.com/artifactory/list/some-repo/</url>
> </repository>
> </repositories>
> </profile>
> {code}
>
> When I run a {{mvn deploy:deploy-file}} command this works fine, except when the user {{testuser}} has a password that contains non-ASCII characters. In that case the non-ASCII characters in the password are replaced by the maven client with question marks when maven authenticates to the repo server.
> I searched the internet up and down and asked in the maven user mailing list but I could not find a fix I traced this down to the following code in Maven:
> The class {{org.apache.maven.wagon.providers.http.httpclient.impl.auth.RFC2617Scheme}} has two methods which look like this:
> {code:java}
> public Charset getCredentialsCharset() {
> return credentialsCharset != null ? credentialsCharset : Consts.ASCII;
> }
> String getCredentialsCharset(final HttpRequest request) {
> String charset = (String) request.getParams().getParameter(AuthPNames.CREDENTIAL_CHARSET);
> if (charset == null) {
> charset = getCredentialsCharset().name();
> }
> return charset;
> }
> {code}
>
> The call {{request.getParams().getParameter(AuthPNames.CREDENTIAL_CHARSET)}} returns {{null}} so the default character set is used which is {{US-ASCII}}. So the password that up to this point is correct, is converted to {{US-ASCII}} and all non-ASCII characters are replaced by a “?”.
> Our repo server expects {{UTF-8}}. This encoding is also used in other programming languages like Rust, Go, or Ruby.
> The parameter {{AuthPNames.CREDENTIAL_CHARSET}} has the value {{http.auth.credential-charset}}. So I tried to set this parameter in the {{settings.xml}} like this:
> {code:xml}
> <servers>
> <server>
> <id>some-repo</id>
> <configuration>
> <httpConfiguration>
> <all>
> <params>
> <param>
> <name>http.auth.credential-charset</name>
> <value>UTF-8</value>
> </param>
> </params>
> </all>
> </httpConfiguration>
> <username>testuser</username>
> <password>{U8jAeLVPH88HRYGnDpbAmAXPtUPSqbrtxxuZoR513V4=}</password>
> </server>
> </servers>
> {code}
>
> But that did not change the behaviour. The password is still sent with a "?" instead of the non-ASCII characters.
> There should be a documentation that explains how the character set/encoding for the *credentials* in the {{settings.xml}} file is specified. At least I could not find it and in the user Maven email list nobody could point me to the documentation.
> N.B. Maybe it would be a good idea to change the default encoding to {{UTF-8}} but this is not (yet) in the scope of this issue.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)