[
https://issues.apache.org/jira/browse/MNG-7719?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17697539#comment-17697539
]
Adam Gent commented on MNG-7719:
--------------------------------
[~cstamas] I can confirm that the slowness is probably not due to transport.
FWIW based on the maven event spy extension / maven profiler the deploy plugin
is taking the longest part of our build and doesn't take the longest for bigger
jars which would indicate slowness in transport but jars that have more
dependencies.
For example a jar with zero deps but 300k in size takes:
{code:java}
[INFO] buildnumber-maven-plugin:create (default) ................ [0.002s]
[INFO] maven-resources-plugin:resources (default-resources) ..... [0.001s]
[INFO] maven-compiler-plugin:compile (default-compile) .......... [0.001s]
[INFO] maven-resources-plugin:testResources (default-testResource [0.001s]
[INFO] maven-compiler-plugin:testCompile (default-testCompile) .. [0.118s]
[INFO] maven-surefire-plugin:test (default-test) ................ [0.005s]
[INFO] maven-jar-plugin:jar (default-jar) ....................... [0.037s]
[INFO] maven-source-plugin:jar-no-fork (attach-sources) ......... [0.015s]
[INFO] maven-install-plugin:install (default-install) ........... [0.000s]
[INFO] maven-deploy-plugin:deploy (default-deploy) .............. [4.817s]
{code}
Here is a tiny jar but with lots of dependencies:
{code:java}
[INFO] buildnumber-maven-plugin:create (default) ................ [0.004s]
[INFO] maven-resources-plugin:resources (default-resources) ..... [0.002s]
[INFO] maven-compiler-plugin:compile (default-compile) .......... [0.002s]
[INFO] maven-resources-plugin:testResources (default-testResource [0.001s]
[INFO] maven-compiler-plugin:testCompile (default-testCompile) .. [0.085s]
[INFO] maven-surefire-plugin:test (default-test) ................ [0.004s]
[INFO] maven-jar-plugin:jar (default-jar) ....................... [0.010s]
[INFO] maven-source-plugin:jar-no-fork (attach-sources) ......... [0.009s]
[INFO] maven-install-plugin:install (default-install) ........... [0.001s]
[INFO] maven-deploy-plugin:deploy (default-deploy) .............. [15.121s]
{code}
I will say that deploy has always been embarrassingly the slowest part of our
build (ignoring integration tests) regardless of transport (wagon or native) so
if one is going to work on it would be nice for a general optimization there.
It is annoying problem because the deploy window if it is too large is a known
issue of potential corruption.
> Maven 3.9.0 native http transport ignores username/password for basic auth
> --------------------------------------------------------------------------
>
> Key: MNG-7719
> URL: https://issues.apache.org/jira/browse/MNG-7719
> Project: Maven
> Issue Type: Improvement
> Components: Core, Deployment
> Affects Versions: 3.9.0
> Reporter: Adam Gent
> Priority: Major
>
> In 3.9.0 the default maven http transport switched from wagon to native.
> It appears that the native transport does not respect:
> {code:xml}
> <server>
> <id>some-repo</id>
> <username>some-username</username>
> <password>basic-auth-password</password>
> </server>
> {code}
> Now when you do a mvn deploy to some-repo the basic auth headers are missing.
> This is probably causing github package problems:
> https://github.com/orgs/community/discussions/49001
> -----
> The issue appears to be that the native client respects Basic Auth Challenges
> and our server did not do that (it never sends the WWW-Authenticate) as the
> original Wagon HTTP transport did not need it.
> The wagon version will always send the credentials on PUT and POST but no
> credentials on GET of maven metadata.
> The wagon version basically is like a header API key when doing basic auth
> instead of the true basic auth workflow.
> For whatever reason I removed the WWW-Authenticate header probably for
> security reasons.
> Since the native client is doing technically the right thing this is not a
> bug however it would be nice if there was some option to revert to the old
> behavior as it does save a round trip on PUT (a 401 needs to happen with the
> header before native will send credentials).
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
