You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@maven.apache.org by Frank Schwab <Fr...@deutschebahn.com> on 2021/05/05 12:36:19 UTC
How to specify the character set / encoding for user credentials in
basic authentication
Hello, everybody,
I have a problem with passwords for the server. I found the reason why this happens but I am unable to find the correct setting.
Here is the description:
We want to publish some artifacts to a repository, so we set up a settings.xml file which looks like this
<servers>
<server>
<id>some-repo</id>
<username>testuser</username>
<password>{U8jAeLVPH88HRYGnDpbAmAXPtUPSqbrtxxuZoR513V4=}</password>
</server>
</servers>
<profile>
<id>some-repo</id>
<repositories>
<repository>
<id>some repo</id>
<name>Some repository</name>
<url>https://our.url.com/artifactory/list/some-repo/</url>
</repository>
</repositories>
</profile>
When I run a mvn deploy:deploy-file command this works fine, except when the user testuser has a password that contains non-ASCII characters. In that case the non-ASCII characters in the password are replaced by the maven client with question marks when maven authenticates to the repo server.
I searched the internet up and down and since I could not find a fix I traced this down to the following code in Maven:
The class org.apache.maven.wagon.providers.http.httpclient.impl.auth.RFC2617Scheme has two methods which look like this:
public Charset getCredentialsCharset() {
return credentialsCharset != null ? credentialsCharset : Consts.ASCII;
}
String getCredentialsCharset(final HttpRequest request) {
String charset = (String) request.getParams().getParameter(AuthPNames.CREDENTIAL_CHARSET);
if (charset == null) {
charset = getCredentialsCharset().name();
}
return charset;
}
The call request.getParams().getParameter(AuthPNames.CREDENTIAL_CHARSET)returns null so the default character set is used which is US-ASCII. So the password is converted to US-ASCII and all non-ASCII characters are replaced by a "?".
However, the character encoding should be UTF-8. The repo server expects UTF-8. This is standard with http servers. I tried to figure out if this maven client phenomenon is a bug or a feature but I could not resolve this.
The parameter AuthPNames.CREDENTIAL_CHARSET has the value "http.auth.credential-charset". So I tried to set this parameter like this:
<servers>
<server>
<id>some-repo</id>
<configuration>
<httpConfiguration>
<all>
<params>
<param>
<name>http.auth.credential-charset</name>
<value>UTF-8</value>
</param>
</params>
</all>
</httpConfiguration>
<username>testuser</username>
<password>{U8jAeLVPH88HRYGnDpbAmAXPtUPSqbrtxxuZoR513V4=}</password>
</server>
</servers>
But that did not help.
So I have two questions:
1. How can I specify the character set/encoding for the *credentials* in the settings.xml file?
2. Is this behaviour (converting the password to US-ASCII before sending it) a bug?
Any help would be greatly appreciated.
Kind regards,
Frank
________________________________
Pflichtangaben anzeigen<http://www.deutschebahn.com/pflichtangaben/20210430>
N?here Informationen zur Datenverarbeitung im DB-Konzern finden Sie hier: http://www.deutschebahn.com/de/konzern/datenschutz
Re: How to specify the character set / encoding for user credentials
in basic authentication
Posted by Julian Reschke <ju...@gmx.de>.
Am 05.05.2021 um 16:10 schrieb Frank Schwab:
> Hi, Julian,
>
> sorry for not being precise.
>
> RfC 7617 says that the encoding is unspecified. I know.
>
> What I meant is that UTF-8 is (sort of) standard for the repo servers. They are mostly written in Java and the standard encoding for Java is UTF-8 in Basic Authentication.
"the standard encoding for Java is UTF-8 in Basic Authentication" - says
who?
I'd really like to know, because I plan to revise the RFC in the
not-so-distant future.
> FWIW, our repo server (which is Artifactory) expects UTF-8.
Best regards, Julian
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
For additional commands, e-mail: users-help@maven.apache.org
AW: How to specify the character set / encoding for user credentials
in basic authentication
Posted by Frank Schwab <Fr...@deutschebahn.com>.
Hi, Julian,
sorry for not being precise.
RfC 7617 says that the encoding is unspecified. I know.
What I meant is that UTF-8 is (sort of) standard for the repo servers. They are mostly written in Java and the standard encoding for Java is UTF-8 in Basic Authentication.
FWIW, our repo server (which is Artifactory) expects UTF-8.
Regards,
Frank
> Hello, everybody,
>
> I have a problem with passwords for the server. I found the reason why this happens but I am unable to find the correct setting.
>
> Here is the description:
>
> We want to publish some artifacts to a repository, so we set up a settings.xml file which looks like this
>
> <servers>
> <server>
> <id>some-repo</id>
> <username>testuser</username>
> <password>{U8jAeLVPH88HRYGnDpbAmAXPtUPSqbrtxxuZoR513V4=}</password>
> </server>
> </servers>
>
> <profile>
> <id>some-repo</id>
> <repositories>
> <repository>
> <id>some repo</id>
> <name>Some repository</name>
> <url>https://our.url.com/artifactory/list/some-repo/</url>
> </repository>
> </repositories>
> </profile>
>
> When I run a mvn deploy:deploy-file command this works fine, except when the user testuser has a password that contains non-ASCII characters. In that case the non-ASCII characters in the password are replaced by the maven client with question marks when maven authenticates to the repo server.
>
> I searched the internet up and down and since I could not find a fix I traced this down to the following code in Maven:
>
> The class org.apache.maven.wagon.providers.http.httpclient.impl.auth.RFC2617Scheme has two methods which look like this:
>
> public Charset getCredentialsCharset() {
> return credentialsCharset != null ? credentialsCharset : Consts.ASCII;
> }
>
> String getCredentialsCharset(final HttpRequest request) {
> String charset = (String) request.getParams().getParameter(AuthPNames.CREDENTIAL_CHARSET);
> if (charset == null) {
> charset = getCredentialsCharset().name();
> }
> return charset;
> }
>
> The call request.getParams().getParameter(AuthPNames.CREDENTIAL_CHARSET)returns null so the default character set is used which is US-ASCII. So the password is converted to US-ASCII and all non-ASCII characters are replaced by a "?".
>
> However, the character encoding should be UTF-8. The repo server expects UTF-8. This is standard with http servers. I tried to figure out if this maven client phenomenon is a bug or a feature but I could not resolve this.
> ...
FWIW, this is not "standard". It should be, but isn't.
Best regards, Julian (as author of the Basic Auth RFC)
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
For additional commands, e-mail: users-help@maven.apache.org
________________________________
Pflichtangaben anzeigen<http://www.deutschebahn.com/pflichtangaben/20210430>
Nähere Informationen zur Datenverarbeitung im DB-Konzern finden Sie hier: http://www.deutschebahn.com/de/konzern/datenschutz
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
For additional commands, e-mail: users-help@maven.apache.org
Re: How to specify the character set / encoding for user credentials
in basic authentication
Posted by Julian Reschke <ju...@gmx.de>.
Am 05.05.2021 um 14:36 schrieb Frank Schwab:
> Hello, everybody,
>
> I have a problem with passwords for the server. I found the reason why this happens but I am unable to find the correct setting.
>
> Here is the description:
>
> We want to publish some artifacts to a repository, so we set up a settings.xml file which looks like this
>
> <servers>
> <server>
> <id>some-repo</id>
> <username>testuser</username>
> <password>{U8jAeLVPH88HRYGnDpbAmAXPtUPSqbrtxxuZoR513V4=}</password>
> </server>
> </servers>
>
> <profile>
> <id>some-repo</id>
> <repositories>
> <repository>
> <id>some repo</id>
> <name>Some repository</name>
> <url>https://our.url.com/artifactory/list/some-repo/</url>
> </repository>
> </repositories>
> </profile>
>
> When I run a mvn deploy:deploy-file command this works fine, except when the user testuser has a password that contains non-ASCII characters. In that case the non-ASCII characters in the password are replaced by the maven client with question marks when maven authenticates to the repo server.
>
> I searched the internet up and down and since I could not find a fix I traced this down to the following code in Maven:
>
> The class org.apache.maven.wagon.providers.http.httpclient.impl.auth.RFC2617Scheme has two methods which look like this:
>
> public Charset getCredentialsCharset() {
> return credentialsCharset != null ? credentialsCharset : Consts.ASCII;
> }
>
> String getCredentialsCharset(final HttpRequest request) {
> String charset = (String) request.getParams().getParameter(AuthPNames.CREDENTIAL_CHARSET);
> if (charset == null) {
> charset = getCredentialsCharset().name();
> }
> return charset;
> }
>
> The call request.getParams().getParameter(AuthPNames.CREDENTIAL_CHARSET)returns null so the default character set is used which is US-ASCII. So the password is converted to US-ASCII and all non-ASCII characters are replaced by a "?".
>
> However, the character encoding should be UTF-8. The repo server expects UTF-8. This is standard with http servers. I tried to figure out if this maven client phenomenon is a bug or a feature but I could not resolve this.
> ...
FWIW, this is not "standard". It should be, but isn't.
Best regards, Julian (as author of the Basic Auth RFC)
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
For additional commands, e-mail: users-help@maven.apache.org