[
https://issues.apache.org/jira/browse/WAGON-590?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17094346#comment-17094346
]
Cintia DR commented on WAGON-590:
---------------------------------
I suppose it's fair, similar to how cookies work in browsers.
But the code you sent haven't been modified in years, so that lead me to think
that it's a change in http client (I think it's using http commons, right?).
!Screen Shot 2020-04-28 at 7.45.33 pm.png!
I looked at the changelogs there, but clearly I don't know well enough to tell
if it's there or not.
I attached the logs from 'mvn -x' output, and I also configured
'org.slf4j.simpleLogger.log.org.apache.maven.wagon.providers.http.httpclient'
to debug below:
(note that I'm using http code 303 for this try, but it's exactly like the
others).
{code:java}
[DEBUG] CookieSpec selected: compatibility
[DEBUG] Re-using cached 'basic' auth scheme for
https://mavenrepo.openmrs.org:443
[DEBUG] Connection request: [route:
{s}->https://mavenrepo.openmrs.org:443][total available: 2; route allocated: 1
of 20; total allocated: 2 of 40]
[DEBUG] Connection leased: [id: 0][route:
{s}->https://mavenrepo.openmrs.org:443][total available: 1; route allocated: 1
of 20; total allocated: 2 of 40]
[DEBUG] http-outgoing-0: set socket timeout to 0
[DEBUG] http-outgoing-0: set socket timeout to 1800000
[DEBUG] Executing request PUT
/tempredirect/snapshots/org/openmrs/module/releasetestmodule/2.1.22-SNAPSHOT/releasetestmodule-2.1.22-20200427.232747-15.pom
HTTP/1.1
[DEBUG] Target auth state: UNCHALLENGED
[DEBUG] Proxy auth state: UNCHALLENGED
[DEBUG] http-outgoing-0 >> PUT
/tempredirect/snapshots/org/openmrs/module/releasetestmodule/2.1.22-SNAPSHOT/releasetestmodule-2.1.22-20200427.232747-15.pom
HTTP/1.1
[DEBUG] http-outgoing-0 >> Cache-control: no-cache
[DEBUG] http-outgoing-0 >> Cache-store: no-store
[DEBUG] http-outgoing-0 >> Pragma: no-cache
[DEBUG] http-outgoing-0 >> User-Agent: Apache-Maven/3.7.0-SNAPSHOT (Java
1.8.0_152; Mac OS X 10.14.6)
[DEBUG] http-outgoing-0 >> Content-Length: 3856
[DEBUG] http-outgoing-0 >> Host: mavenrepo.openmrs.org
[DEBUG] http-outgoing-0 >> Connection: Keep-Alive
[DEBUG] http-outgoing-0 >> Expect: 100-continue
[DEBUG] http-outgoing-0 >> Accept-Encoding: gzip,deflate
[DEBUG] http-outgoing-0 >> Authorization: Basic <magic goes here>
[DEBUG] http-outgoing-0 << HTTP/1.1 100 Continue
[DEBUG] http-outgoing-0 << HTTP/1.1 303 See Other
[DEBUG] http-outgoing-0 << Server: nginx/1.10.3 (Ubuntu)
[DEBUG] http-outgoing-0 << Date: Mon, 27 Apr 2020 23:27:47 GMT
[DEBUG] http-outgoing-0 << Content-Type: text/html
[DEBUG] http-outgoing-0 << Content-Length: 178
[DEBUG] http-outgoing-0 << Connection: keep-alive
[DEBUG] http-outgoing-0 << Location:
https://openmrs.jfrog.io/artifactory/snapshots/org/openmrs/module/releasetestmodule/2.1.22-SNAPSHOT/releasetestmodule-2.1.22-20200427.232747-15.pom
[DEBUG] http-outgoing-0 << Strict-Transport-Security: max-age=15768000
[DEBUG] Connection can be kept alive indefinitely
[DEBUG] Resetting target auth state
[DEBUG] Redirecting to
'https://openmrs.jfrog.io/artifactory/snapshots/org/openmrs/module/releasetestmodule/2.1.22-SNAPSHOT/releasetestmodule-2.1.22-20200427.232747-15.pom'
via {s}->https://openmrs.jfrog.io:443
[DEBUG] Connection [id: 0][route: {s}->https://mavenrepo.openmrs.org:443] can
be kept alive indefinitely
[DEBUG] http-outgoing-0: set socket timeout to 0
[DEBUG] Connection released: [id: 0][route:
{s}->https://mavenrepo.openmrs.org:443][total available: 2; route allocated: 1
of 20; total allocated: 2 of 40]
[DEBUG] CookieSpec selected: compatibility
[DEBUG] Connection request: [route: {s}->https://openmrs.jfrog.io:443][total
available: 2; route allocated: 1 of 20; total allocated: 2 of 40]
[DEBUG] Connection leased: [id: 1][route:
{s}->https://openmrs.jfrog.io:443][total available: 1; route allocated: 1 of
20; total allocated: 2 of 40]
[DEBUG] http-outgoing-1: set socket timeout to 0
[DEBUG] http-outgoing-1: set socket timeout to 1800000
[DEBUG] Executing request PUT
/artifactory/snapshots/org/openmrs/module/releasetestmodule/2.1.22-SNAPSHOT/releasetestmodule-2.1.22-20200427.232747-15.pom
HTTP/1.1
[DEBUG] Target auth state: UNCHALLENGED
[DEBUG] Proxy auth state: UNCHALLENGED
[DEBUG] http-outgoing-1 >> PUT
/artifactory/snapshots/org/openmrs/module/releasetestmodule/2.1.22-SNAPSHOT/releasetestmodule-2.1.22-20200427.232747-15.pom
HTTP/1.1
[DEBUG] http-outgoing-1 >> Cache-control: no-cache
[DEBUG] http-outgoing-1 >> Cache-store: no-store
[DEBUG] http-outgoing-1 >> Pragma: no-cache
[DEBUG] http-outgoing-1 >> User-Agent: Apache-Maven/3.7.0-SNAPSHOT (Java
1.8.0_152; Mac OS X 10.14.6)
[DEBUG] http-outgoing-1 >> Content-Length: 3856
[DEBUG] http-outgoing-1 >> Host: openmrs.jfrog.io
[DEBUG] http-outgoing-1 >> Connection: Keep-Alive
[DEBUG] http-outgoing-1 >> Expect: 100-continue
[DEBUG] http-outgoing-1 >> Accept-Encoding: gzip,deflate
[DEBUG] http-outgoing-1 << HTTP/1.1 100 Continue
[DEBUG] http-outgoing-1 << HTTP/1.1 401 Unauthorized
[DEBUG] http-outgoing-1 << Date: Mon, 27 Apr 2020 23:27:48 GMT
[DEBUG] http-outgoing-1 << Content-Type: application/json;charset=ISO-8859-1
[DEBUG] http-outgoing-1 << Transfer-Encoding: chunked
[DEBUG] http-outgoing-1 << Connection: keep-alive
[DEBUG] http-outgoing-1 << X-Artifactory-Id:
adeda571e82079b424906176b89974b67b7449bb
[DEBUG] http-outgoing-1 << X-Artifactory-Node-Id: openmrs-artifactory-primary-0
[DEBUG] http-outgoing-1 << WWW-Authenticate: Basic realm="Artifactory Realm"
[DEBUG] http-outgoing-1 << Strict-Transport-Security: max-age=15724800;
includeSubDomains
[DEBUG] Connection can be kept alive indefinitely
[DEBUG] Authentication required
[DEBUG] openmrs.jfrog.io:443 requested authentication
[DEBUG] Authentication schemes in the order of preference: [Negotiate,
Kerberos, NTLM, CredSSP, Digest, Basic]
[DEBUG] Challenge for Negotiate authentication scheme not available
[DEBUG] Challenge for Kerberos authentication scheme not available
[DEBUG] Challenge for NTLM authentication scheme not available
[DEBUG] Challenge for CredSSP authentication scheme not available
[DEBUG] Challenge for Digest authentication scheme not available
[DEBUG] Connection [id: 1][route: {s}->https://openmrs.jfrog.io:443] can be
kept alive indefinitely
[DEBUG] http-outgoing-1: set socket timeout to 0
[DEBUG] Connection released: [id: 1][route:
{s}->https://openmrs.jfrog.io:443][total available: 2; route allocated: 1 of
20; total allocated: 2 of 40]{code}
> Maven 3.5.0+ don't seem to send credentials after 301/302 http redirect
> -----------------------------------------------------------------------
>
> Key: WAGON-590
> URL: https://issues.apache.org/jira/browse/WAGON-590
> Project: Maven Wagon
> Issue Type: Bug
> Reporter: Cintia DR
> Priority: Major
> Fix For: waiting-for-feedback
>
> Attachments: Screen Shot 2020-04-28 at 7.45.33 pm.png
>
>
> Since maven 3.5.0 (including 3.6.3), maven seems to not send server
> credentials if distributionManagement server response was a 301 or 302 HTTP
> redirect. Note that the redirect is followed, but I receive unauthorised code.
> Maven 3.2.5 and 3.3.9 work as expected. I could reproduce it on ubuntu and
> OSX. Both are JDK 8, not sure if it could make any difference.
>
> All maven versions (including 3.2.5 and 3.3.9) are using the same version of
> the deploy plugin (2.7), and upgrading it made no difference whatsoever.
> ----
> If I use '[https://openmrs.jfrog.io/artifactory/snapshots/'] as my
> 'distributionManagement', credentials are sent.
> If I use
> '[https://mavenrepo.openmrs.org/proxy/snapshots/|https://mavenrepo.openmrs.org/snapshots/']'
> (a reverse proxy to
> '[https://openmrs.jfrog.io/artifactory/snapshots/|https://openmrs.jfrog.io/artifactory/snapshots/']')
> credentials are sent.
> If I use '[https://mavenrepo.openmrs.org/snapshots/'] (a 301 redirect to
> [https://openmrs.jfrog.io/artifactory/snapshots/|https://openmrs.jfrog.io/artifactory/snapshots/'])
> as my distributionManagement, credentials are _not_ sent and the request
> fails as it's unauthenticated.
>
> You can see the configuration of 'mavenrepo.openmrs.org' server here:
> [https://github.com/openmrs/openmrs-contrib-itsmresources/blob/master/ansible/host_vars/campo.openmrs.org/vars#L33]
>
> All my artefacts are public to download, so I don't have a way to testing
> downloading artefacts with server credentials.
>
> ----
> This is how the output looks like in maven 3.6.3:
> {code:java}
>
> [INFO] --- maven-deploy-plugin:2.7:deploy (default-deploy) @
> releasetestmodule ---
> Downloading from openmrs-repo-snapshots:
> https://mavenrepo.openmrs.org/nexus/content/repositories/snapshots/org/openmrs/module/releasetestmodule/2.1.22-SNAPSHOT/maven-metadata.xml
> Downloaded from openmrs-repo-snapshots:
> https://mavenrepo.openmrs.org/nexus/content/repositories/snapshots/org/openmrs/module/releasetestmodule/2.1.22-SNAPSHOT/maven-metadata.xml
> (616 B at 132 B/s)
> Uploading to openmrs-repo-snapshots:
> https://mavenrepo.openmrs.org/nexus/content/repositories/snapshots/org/openmrs/module/releasetestmodule/2.1.22-SNAPSHOT/releasetestmodule-2.1.22-20200427.091851-13.pom
> ...
> [ERROR] Failed to execute goal
> org.apache.maven.plugins:maven-deploy-plugin:2.7:deploy (default-deploy) on
> project releasetestmodule: Failed to deploy artifacts: Could not transfer
> artifact org.openmrs.module:releasetestmodule:pom:2.1.22-20200427.091851-13
> from/to openmrs-repo-snapshots
> (https://mavenrepo.openmrs.org/nexus/content/repositories/snapshots):
> Transfer failed for
> https://openmrs.jfrog.io/artifactory/snapshots/org/openmrs/module/releasetestmodule/2.1.22-SNAPSHOT/releasetestmodule-2.1.22-20200427.091851-13.pom
> 401 Unauthorized -> [Help 1]{code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
