Maven uses artifact download credentials during deployment in some circumstances
--------------------------------------------------------------------------------
Key: MNG-4435
URL: http://jira.codehaus.org/browse/MNG-4435
Project: Maven 2
Issue Type: Bug
Components: Deployment
Affects Versions: 2.2.1
Reporter: Rich Seddon
If Maven downloads an artifact using authorization, this authorization seems to
be cached, which can cause a subsequent deployment to succeed where it should
have failed.
Steps to reproduce:
# Set up a build which will require downloading an artifact from a Nexus server
which requires authentication, and configure your settings.xml appropriately.
# Create a project with a distribution management section which points to a
repository in the above server. Make sure the repository id doesn't exist in
your settings.xml
# Run "mvn deploy"
What happens:
If the credentials used to download artifacts from Nexus have deployment
privileges in the Nexus repository the deployment will succeed.
Now run "mvn deploy" again. This time the deployment will fail with a 401 code.
This bug exists in both Maven 2.2.1 and the latest Maven 3.0 snapshots.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
