You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@maven.apache.org by "Michael Osipov (Jira)" <ji...@apache.org> on 2020/12/02 20:39:00 UTC

[jira] [Updated] (WAGON-590) Maven 3.5.0+ doesn't seem to send credentials after 301/302 http redirect

     [ https://issues.apache.org/jira/browse/WAGON-590?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Michael Osipov updated WAGON-590:
---------------------------------
    Summary: Maven 3.5.0+ doesn't seem to send credentials after 301/302 http redirect  (was: Maven 3.5.0+ don't seem to send credentials after 301/302 http redirect)

> Maven 3.5.0+ doesn't seem to send credentials after 301/302 http redirect
> -------------------------------------------------------------------------
>
>                 Key: WAGON-590
>                 URL: https://issues.apache.org/jira/browse/WAGON-590
>             Project: Maven Wagon
>          Issue Type: Bug
>    Affects Versions: 3.4.0
>            Reporter: Cintia DR
>            Priority: Major
>         Attachments: 0001-conditonally-set-AuthScope-to-any.patch, Screen Shot 2020-04-28 at 7.45.33 pm.png, any-auth.log, expect-continue-done-right-any-auth.log, master_osx.log, master_ubuntu.log, maven_x.log, mvn-master-batch.log, mvn-wagon590branch-debug-osx.log, mvn-wagon590branch-osx.log, mvn339_osx.log, mvn339_ubuntu.log, scoped-auth.log
>
>
> Since maven 3.5.0 (including 3.6.3), maven seems to not send server credentials if distributionManagement server response was a 301 or 302 HTTP redirect. Note that the redirect is followed, but I receive unauthorised code.
> Maven 3.2.5 and 3.3.9 work as expected. I could reproduce it on ubuntu and OSX. Both are JDK 8, not sure if it could make any difference.
>  
> All maven versions (including 3.2.5 and 3.3.9) are using the same version of the deploy plugin (2.7), and upgrading it made no difference whatsoever.
> ----
> If I use '[https://openmrs.jfrog.io/artifactory/snapshots/'] as my 'distributionManagement', credentials are sent.
> If I use '[https://mavenrepo.openmrs.org/proxy/snapshots/|https://mavenrepo.openmrs.org/snapshots/']' (a reverse proxy to '[https://openmrs.jfrog.io/artifactory/snapshots/|https://openmrs.jfrog.io/artifactory/snapshots/']') credentials are sent.
> If I use '[https://mavenrepo.openmrs.org/snapshots/'] (a 301 redirect to [https://openmrs.jfrog.io/artifactory/snapshots/|https://openmrs.jfrog.io/artifactory/snapshots/']) as my distributionManagement, credentials are _not_ sent and the request fails as it's unauthenticated. 
>  
> You can see the configuration of 'mavenrepo.openmrs.org' server here: [https://github.com/openmrs/openmrs-contrib-itsmresources/blob/master/ansible/host_vars/campo.openmrs.org/vars#L33]
>  
> All my artefacts are public to download, so I don't have a way to testing downloading artefacts with server credentials.
>  
> ----
> This is how the output looks like in maven 3.6.3:
> {code:java}
>  
> [INFO] --- maven-deploy-plugin:2.7:deploy (default-deploy) @ releasetestmodule ---
> Downloading from openmrs-repo-snapshots: https://mavenrepo.openmrs.org/nexus/content/repositories/snapshots/org/openmrs/module/releasetestmodule/2.1.22-SNAPSHOT/maven-metadata.xml
> Downloaded from openmrs-repo-snapshots: https://mavenrepo.openmrs.org/nexus/content/repositories/snapshots/org/openmrs/module/releasetestmodule/2.1.22-SNAPSHOT/maven-metadata.xml (616 B at 132 B/s)
> Uploading to openmrs-repo-snapshots: https://mavenrepo.openmrs.org/nexus/content/repositories/snapshots/org/openmrs/module/releasetestmodule/2.1.22-SNAPSHOT/releasetestmodule-2.1.22-20200427.091851-13.pom
> ...
> [ERROR] Failed to execute goal org.apache.maven.plugins:maven-deploy-plugin:2.7:deploy (default-deploy) on project releasetestmodule: Failed to deploy artifacts: Could not transfer artifact org.openmrs.module:releasetestmodule:pom:2.1.22-20200427.091851-13 from/to openmrs-repo-snapshots (https://mavenrepo.openmrs.org/nexus/content/repositories/snapshots): Transfer failed for https://openmrs.jfrog.io/artifactory/snapshots/org/openmrs/module/releasetestmodule/2.1.22-SNAPSHOT/releasetestmodule-2.1.22-20200427.091851-13.pom 401 Unauthorized -> [Help 1]{code}



--
This message was sent by Atlassian Jira
(v8.3.4#803005)