[
https://issues.apache.org/jira/browse/SCM-710?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17962653#comment-17962653
]
ASF GitHub Bot commented on SCM-710:
------------------------------------
jira-importer commented on issue #916:
URL: https://github.com/apache/maven-scm/issues/916#issuecomment-2964632836
**[Eddie
Webb](https://issues.apache.org/jira/secure/ViewProfile.jspa?name=eddiewebb)**
commented
Update.
I can now verify that the password is passed when using configuration
section of the project pom, but does not decrypt the password. Switching
between the unencrypted and encrypted password manually resolves the issue.
THe same appears to be true if stored in settings.xml using the hostname as the
server ID.
encrypted password in pom.xml
```
[INFO] Executing: /bin/sh -c cd /opt/lforge/testing/bootstrap/target && svn
--username cp_lforge_crucible --password '*****' --no-auth-cache
--non-interactive checkout
https://svn-forge.com/svn/FORGE/maven/repository/bootstrap/trunk
/opt/lforge/testing/bootstrap/target/checkout
[INFO] Working directory: /opt/lforge/testing/bootstrap/target
[ERROR] Provider message:
[ERROR] The svn command failed.
[ERROR] Command output:
[ERROR] svn: OPTIONS of
'https://svn-forge.com/svn/FORGE/maven/repository/bootstrap/trunk':
authorization failed (https://svn-forge.com)
```
plain-text password in pom.xml
```
[scm:checkout {execution: default-cli}]
[INFO] Removing /opt/lforge/testing/target/checkout
[INFO] Executing: /bin/sh -c cd /opt/lforge/testing/target && svn --username
cp_lforge_crucible --password '*****' --no-auth-cache --non-interactive
checkout https://svn-forge.com/svn/FORGE/maven/repository/bootstrap/trunk
/opt/lforge/testing/target/checkout
[INFO] Working directory: /opt/lforge/testing/target
[INFO]
------------------------------------------------------------------------
[INFO] BUILD SUCCESSFUL
[INFO]
------------------------------------------------------------------------
```
> Use of encrypted password in pom.xml confiuration is ignored
> ------------------------------------------------------------
>
> Key: SCM-710
> URL: https://issues.apache.org/jira/browse/SCM-710
> Project: Maven SCM (Moved to GitHub Issues)
> Issue Type: Bug
> Components: maven-plugin
> Reporter: Eddie Webb
> Priority: Major
>
> THe docs for this plugin say I can use encrypted passwords just like we do
> for the release plugin.
> It does not seem to support the same
> <project.scm.id>non-hostname-id</project.scm.id> that the release plugin
> does, so I included the username and encrypted password directory in the
> plugin config.
> {noformat}
> ...
> <plugin>
> <groupId>org.apache.maven.plugins</groupId>
> <artifactId>maven-scm-plugin</artifactId>
> <version>1.8.1</version>
> <configuration>
> <username>username</username>
> <password>{EncycptedStringGeneratedFromMvnPassword=}</password>
> </configuration>
> </plugin>
> </plugins>
> ...
> {noformat}
> But the SCM fails with authentication issue, and the SVN logs determine that
> no user ID is sent.
> If I instead include the hostname as a server ID in settings.xml, or include
> these values on the command line, in both cases it invokes a 500 from the
> application server.
> mvn scm:checkout -Pforge -Dusername=myuser
> -Dpassword={EncycptedStringGeneratedFromMvnPassword=}
> svn: Server sent unexpected return value (500 Internal Server Error) in
> response to OPTIONS request for https://my-svn
> This 500 can be duplicated in a browser by passing the un-encrypted string
> {foo=}.
> h3. summary
> regardless of where I place the encruypted password it is either ignored, or
> not decrypted before being sent to the webserver.
> Can you please document an example of how to use the encrypted passwords, or
> support the same approach as the release plugin.
> http://jira.codehaus.org/browse/MRELEASE-420
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
