[jira] [Commented] (SCM-710) Use of encrypted password in pom.xml confiuration is ignored

Thu, 12 Jun 2025 04:27:48 -0700 


    [ 
https://issues.apache.org/jira/browse/SCM-710?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17964847#comment-17964847
 ] 

Olivier Lamy commented on SCM-710:
----------------------------------

This project has moved from Jira to GitHub Issues. This issue was migrated to 
[apache/maven-scm#916|https://github.com/apache/maven-scm/issues/916]. 

> Use of encrypted password in pom.xml confiuration is ignored
> ------------------------------------------------------------
>
>                 Key: SCM-710
>                 URL: https://issues.apache.org/jira/browse/SCM-710
>             Project: Maven SCM (Moved to GitHub Issues)
>          Issue Type: Bug
>          Components: maven-plugin
>            Reporter: Eddie Webb
>            Priority: Major
>
> THe docs for this plugin say I can use encrypted passwords just like we do 
> for the release plugin.
> It does not seem to support the same 
> <project.scm.id>non-hostname-id</project.scm.id> that the release plugin 
> does, so I included the username and encrypted password directory in the 
> plugin config.
> {noformat}
> ...
>       <plugin>
>         <groupId>org.apache.maven.plugins</groupId>
>         <artifactId>maven-scm-plugin</artifactId>
>         <version>1.8.1</version>
>         <configuration>
>           <username>username</username>
>           <password>{EncycptedStringGeneratedFromMvnPassword=}</password>
>         </configuration>
>       </plugin>
>     </plugins>
> ...
> {noformat}
> But the SCM fails with authentication issue, and the SVN logs determine that 
> no user ID is sent.
> If I instead include the hostname as a server ID in settings.xml, or include 
> these values on the command line, in both cases it invokes a 500 from the 
> application server.
>  mvn scm:checkout -Pforge -Dusername=myuser 
> -Dpassword={EncycptedStringGeneratedFromMvnPassword=}
> svn: Server sent unexpected return value (500 Internal Server Error) in 
> response to OPTIONS request for https://my-svn
> This 500 can be duplicated in a browser by passing the un-encrypted string 
> {foo=}.
> h3. summary
> regardless of where I place the encruypted password it is either ignored, or 
> not decrypted before being sent to the webserver.  
> Can you please document an example of how to use the encrypted passwords, or 
> support the same approach as the release plugin.
> http://jira.codehaus.org/browse/MRELEASE-420



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to