[jira] [Commented] (SCM-710) Use of encrypted password in pom.xml confiuration is ignored

Thu, 12 Jun 2025 00:02:20 -0700 


    [ 
https://issues.apache.org/jira/browse/SCM-710?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17962655#comment-17962655
 ] 

ASF GitHub Bot commented on SCM-710:
------------------------------------

jira-importer commented on issue #916:
URL: https://github.com/apache/maven-scm/issues/916#issuecomment-2964632842

   **[Robert 
Scholte](https://issues.apache.org/jira/secure/ViewProfile.jspa?name=rfscholte)**
 commented
   
   Have you followed the instructions of 
http://maven.apache.org/guides/mini/guide-encryption.html ?
   Be sure you have a `settings-security.xml` with an encrypted master-password.
   




> Use of encrypted password in pom.xml confiuration is ignored
> ------------------------------------------------------------
>
>                 Key: SCM-710
>                 URL: https://issues.apache.org/jira/browse/SCM-710
>             Project: Maven SCM (Moved to GitHub Issues)
>          Issue Type: Bug
>          Components: maven-plugin
>            Reporter: Eddie Webb
>            Priority: Major
>
> THe docs for this plugin say I can use encrypted passwords just like we do 
> for the release plugin.
> It does not seem to support the same 
> <project.scm.id>non-hostname-id</project.scm.id> that the release plugin 
> does, so I included the username and encrypted password directory in the 
> plugin config.
> {noformat}
> ...
>       <plugin>
>         <groupId>org.apache.maven.plugins</groupId>
>         <artifactId>maven-scm-plugin</artifactId>
>         <version>1.8.1</version>
>         <configuration>
>           <username>username</username>
>           <password>{EncycptedStringGeneratedFromMvnPassword=}</password>
>         </configuration>
>       </plugin>
>     </plugins>
> ...
> {noformat}
> But the SCM fails with authentication issue, and the SVN logs determine that 
> no user ID is sent.
> If I instead include the hostname as a server ID in settings.xml, or include 
> these values on the command line, in both cases it invokes a 500 from the 
> application server.
>  mvn scm:checkout -Pforge -Dusername=myuser 
> -Dpassword={EncycptedStringGeneratedFromMvnPassword=}
> svn: Server sent unexpected return value (500 Internal Server Error) in 
> response to OPTIONS request for https://my-svn
> This 500 can be duplicated in a browser by passing the un-encrypted string 
> {foo=}.
> h3. summary
> regardless of where I place the encruypted password it is either ignored, or 
> not decrypted before being sent to the webserver.  
> Can you please document an example of how to use the encrypted passwords, or 
> support the same approach as the release plugin.
> http://jira.codehaus.org/browse/MRELEASE-420



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to