You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@maven.apache.org by "Cintia DR (Jira)" <ji...@apache.org> on 2020/04/27 14:21:00 UTC

[jira] [Comment Edited] (WAGON-590) Maven 3.5.0+ don't seem to send credentials after 301/302 http redirect

    [ https://issues.apache.org/jira/browse/WAGON-590?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17093558#comment-17093558 ] 

Cintia DR edited comment on WAGON-590 at 4/27/20, 2:20 PM:
-----------------------------------------------------------

Thanks so much for the quick response.

 

> Please try Maven from master. I included a branch new Wagon 3..4.0.

Just did, I have the same behaviour (commit 672041efa).

 

> FTR, please reread RFC 7231 about 3xx status codes. You are maybe use the old behavior of 301/302.

Do you mean changing HTTP methods? I confirmed that, I always receive a PUT (regardless of old or new maven, regardless of which redirect code I use).

Code 303/307 have the same behaviour (tested only maven from master)

 
{noformat}
HTTP code 307 (maven master)
2020-04-27T14:02:59.036Z|d25dc57b2efcd32f|203.206.84.21|anonymous|PUT|/snapshots/org/openmrs/module/releasetestmodule/2.1.22-SNAPSHOT/releasetestmodule-2.1.22-20200427.140258-14.pom|401|3856|0|1|Apache-Maven/3.7.0-SNAPSHOT (Java 1.8.0_152; Mac OS X 10.14.6)

2020-04-27T14:02:59.036Z [d25dc57b2efcd32f] [DENIED DEPLOY] snapshots:org/openmrs/module/releasetestmodule/2.1.22-SNAPSHOT/releasetestmodule-2.1.22-20200427.140258-14.pom  for client : NA / 203.206.84.21.

------
HTTP code 301 (maven master)
2020-04-27T14:05:45.949Z [107482296c1d4bd1] [DENIED DEPLOY] snapshots:org/openmrs/module/releasetestmodule/2.1.22-SNAPSHOT/releasetestmodule-2.1.22-20200427.140545-14.pom  for client : NA / 203.206.84.21.

2020-04-27T14:05:45.950Z|107482296c1d4bd1|203.206.84.21|anonymous|PUT|/snapshots/org/openmrs/module/releasetestmodule/2.1.22-SNAPSHOT/releasetestmodule-2.1.22-20200427.140545-14.pom|401|3870|0|1|Apache-Maven/3.7.0-SNAPSHOT (Java 1.8.0_152; Mac OS X 10.14.6)

----
HTTP code 301 (maven 3.3.9)
2020-04-27T14:13:08.694Z|91e995a19b584a14|203.206.84.21|ci|PUT|/snapshots/org/openmrs/module/releasetestmodule/2.1.22-SNAPSHOT/releasetestmodule-2.1.22-20200427.141307-14.pom|201|3870|0|375|Apache-Maven/3.3.9 (Java 13.0.2; Mac OS X 10.14.6){noformat}
Or maybe I just didn't understand your comment. I'd not an expert in HTTP protocol for sure.

 


was (Author: cintiadr):
Thanks so much for the quick response.

 

> Please try Maven from master. I included a branch new Wagon 3..4.0.

Just did, I have the same behaviour (commit 672041efa).

 

> FTR, please reread RFC 7231 about 3xx status codes. You are maybe use the old behavior of 301/302.

Do you mean changing HTTP methods? I confirmed that, I always receive a PUT (regardless of old or new maven, regardless of which redirect code I use). 

 
{noformat}
HTTP code 307 (maven master)
2020-04-27T14:02:59.036Z|d25dc57b2efcd32f|203.206.84.21|anonymous|PUT|/snapshots/org/openmrs/module/releasetestmodule/2.1.22-SNAPSHOT/releasetestmodule-2.1.22-20200427.140258-14.pom|401|3856|0|1|Apache-Maven/3.7.0-SNAPSHOT (Java 1.8.0_152; Mac OS X 10.14.6)

2020-04-27T14:02:59.036Z [d25dc57b2efcd32f] [DENIED DEPLOY] snapshots:org/openmrs/module/releasetestmodule/2.1.22-SNAPSHOT/releasetestmodule-2.1.22-20200427.140258-14.pom  for client : NA / 203.206.84.21.

------
HTTP code 301 (maven master)
2020-04-27T14:05:45.949Z [107482296c1d4bd1] [DENIED DEPLOY] snapshots:org/openmrs/module/releasetestmodule/2.1.22-SNAPSHOT/releasetestmodule-2.1.22-20200427.140545-14.pom  for client : NA / 203.206.84.21.

2020-04-27T14:05:45.950Z|107482296c1d4bd1|203.206.84.21|anonymous|PUT|/snapshots/org/openmrs/module/releasetestmodule/2.1.22-SNAPSHOT/releasetestmodule-2.1.22-20200427.140545-14.pom|401|3870|0|1|Apache-Maven/3.7.0-SNAPSHOT (Java 1.8.0_152; Mac OS X 10.14.6)

----
HTTP code 301 (maven 3.3.9)
2020-04-27T14:13:08.694Z|91e995a19b584a14|203.206.84.21|ci|PUT|/snapshots/org/openmrs/module/releasetestmodule/2.1.22-SNAPSHOT/releasetestmodule-2.1.22-20200427.141307-14.pom|201|3870|0|375|Apache-Maven/3.3.9 (Java 13.0.2; Mac OS X 10.14.6){noformat}
Or maybe I just didn't understand your comment. I'd not an expert in HTTP protocol for sure.

 

> Maven 3.5.0+ don't seem to send credentials after 301/302 http redirect
> -----------------------------------------------------------------------
>
>                 Key: WAGON-590
>                 URL: https://issues.apache.org/jira/browse/WAGON-590
>             Project: Maven Wagon
>          Issue Type: Bug
>            Reporter: Cintia DR
>            Priority: Major
>             Fix For: waiting-for-feedback
>
>
> Since maven 3.5.0 (including 3.6.3), maven seems to not send server credentials if distributionManagement server response was a 301 or 302 HTTP redirect. Note that the redirect is followed, but I receive unauthorised code.
> Maven 3.2.5 and 3.3.9 work as expected. I could reproduce it on ubuntu and OSX. Both are JDK 8, not sure if it could make any difference.
>  
> All maven versions (including 3.2.5 and 3.3.9) are using the same version of the deploy plugin (2.7), and upgrading it made no difference whatsoever.
> ----
> If I use '[https://openmrs.jfrog.io/artifactory/snapshots/'] as my 'distributionManagement', credentials are sent.
> If I use '[https://mavenrepo.openmrs.org/proxy/snapshots/|https://mavenrepo.openmrs.org/snapshots/']' (a reverse proxy to '[https://openmrs.jfrog.io/artifactory/snapshots/|https://openmrs.jfrog.io/artifactory/snapshots/']') credentials are sent.
> If I use '[https://mavenrepo.openmrs.org/snapshots/'] (a 301 redirect to [https://openmrs.jfrog.io/artifactory/snapshots/|https://openmrs.jfrog.io/artifactory/snapshots/']) as my distributionManagement, credentials are _not_ sent and the request fails as it's unauthenticated. 
>  
> You can see the configuration of 'mavenrepo.openmrs.org' server here: [https://github.com/openmrs/openmrs-contrib-itsmresources/blob/master/ansible/host_vars/campo.openmrs.org/vars#L33]
>  
> All my artefacts are public to download, so I don't have a way to testing downloading artefacts with server credentials.
>  
> ----
> This is how the output looks like in maven 3.6.3:
> {code:java}
>  
> [INFO] --- maven-deploy-plugin:2.7:deploy (default-deploy) @ releasetestmodule ---
> Downloading from openmrs-repo-snapshots: https://mavenrepo.openmrs.org/nexus/content/repositories/snapshots/org/openmrs/module/releasetestmodule/2.1.22-SNAPSHOT/maven-metadata.xml
> Downloaded from openmrs-repo-snapshots: https://mavenrepo.openmrs.org/nexus/content/repositories/snapshots/org/openmrs/module/releasetestmodule/2.1.22-SNAPSHOT/maven-metadata.xml (616 B at 132 B/s)
> Uploading to openmrs-repo-snapshots: https://mavenrepo.openmrs.org/nexus/content/repositories/snapshots/org/openmrs/module/releasetestmodule/2.1.22-SNAPSHOT/releasetestmodule-2.1.22-20200427.091851-13.pom
> ...
> [ERROR] Failed to execute goal org.apache.maven.plugins:maven-deploy-plugin:2.7:deploy (default-deploy) on project releasetestmodule: Failed to deploy artifacts: Could not transfer artifact org.openmrs.module:releasetestmodule:pom:2.1.22-20200427.091851-13 from/to openmrs-repo-snapshots (https://mavenrepo.openmrs.org/nexus/content/repositories/snapshots): Transfer failed for https://openmrs.jfrog.io/artifactory/snapshots/org/openmrs/module/releasetestmodule/2.1.22-SNAPSHOT/releasetestmodule-2.1.22-20200427.091851-13.pom 401 Unauthorized -> [Help 1]{code}



--
This message was sent by Atlassian Jira
(v8.3.4#803005)