Webdav wagon not robust enough when uploading to a WEBDAV repository which uses
more than one security realm
------------------------------------------------------------------------------------------------------------
Key: WAGON-49
URL: http://jira.codehaus.org/browse/WAGON-49
Project: wagon
Type: Bug
Components: wagon-webdav
Versions: 1.0-alpha-6
Reporter: Cédric Vidal
As an example, let's suppose that we want to upload file
"/b1/b2/artifact-1.0.jar" to repository "http://server/p1/p2/repo";. The
repository requires to authenticate using realm "Realm 1" and I have configured
my login and password for the repository in my maven settings and I know those
are correct.
The Webdav wagon will issue the following HTTP requests:
1 - MKCOL /p1
2 - MKCOL /p1/p2
3 - MKCOL /p1/p2/repo/
4 - MKCOL /p1/p2/repo/b1
5 - MKCOL /p1/p2/repo/b1/b2
6 - PUT /p1/p2/repo/b1/b2/artifact-1.0.jar
On first request, "MKCOL /p1", the server will return a response 401
"Unauthorized access", so the wagon will authenticate and the first request
will be sent again, this time correctly. The following requests 2 to 6 also
return correctly.
But if for example, request 1 and 2 use a different security realm "Realm 2",
then the wagon will fail to issue the first request and abort the upload with
an AuthorizationException, although the wagon is authorized to send requests 3
to 6.
So in this situation, the wagon should ignore unauthorized access to requests 1
and 2 and carry on trying to issue request 3 to 6.
This maven repository server side authorization configuration might be pretty
rare but it is valid and should be adressed properly by the webdav wagon.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
