[
http://jira.codehaus.org/browse/WAGON-291?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Brian Fox updated WAGON-291:
----------------------------
Component/s: (was: wagon-http)
wagon-http-lightweight
Description:
If Maven downloads an artifact using authorization, this authorization seems to
be cached, which can cause a subsequent deployment to succeed where it should
have failed.
Steps to reproduce:
# Set up a build which will require downloading an artifact from a Nexus server
which requires authentication, and configure your settings.xml appropriately.
# Create a project with a distribution management section which points to a
repository in the above server. Make sure the repository id doesn't exist in
your settings.xml
# Run "mvn deploy"
What happens:
If the credentials used to download artifacts from Nexus have deployment
privileges in the Nexus repository the deployment will succeed.
Now run "mvn deploy" again. This time the deployment will fail with a 401 code.
This bug exists in both Maven 2.2.1 and the latest Maven 3.0 snapshots.
was:
If Maven downloads an artifact using authorization, this authorization seems to
be cached, which can cause a subsequent deployment to succeed where it should
have failed.
Steps to reproduce:
# Set up a build which will require downloading an artifact from a Nexus server
which requires authentication, and configure your settings.xml appropriately.
# Create a project with a distribution management section which points to a
repository in the above server. Make sure the repository id doesn't exist in
your settings.xml
# Run "mvn deploy"
What happens:
If the credentials used to download artifacts from Nexus have deployment
privileges in the Nexus repository the deployment will succeed.
Now run "mvn deploy" again. This time the deployment will fail with a 401 code.
This bug exists in both Maven 2.2.1 and the latest Maven 3.0 snapshots.
We saw this when using the lightweight code also in some ITs. It appears that
it's the Jdk urlconnection that is doing the actual caching and I don't think
we ever figured out how to make it stop. It seems to remember the host and
pre-emptively send the credentials, which turns out is a good thing in many
cases because it reduces the upload requirements on authenticated repos.
> Maven uses artifact download credentials during deployment in some
> circumstances
> --------------------------------------------------------------------------------
>
> Key: WAGON-291
> URL: http://jira.codehaus.org/browse/WAGON-291
> Project: Maven Wagon
> Issue Type: Bug
> Components: wagon-http-lightweight
> Affects Versions: 1.0-beta-6
> Reporter: Rich Seddon
>
> If Maven downloads an artifact using authorization, this authorization seems
> to be cached, which can cause a subsequent deployment to succeed where it
> should have failed.
> Steps to reproduce:
> # Set up a build which will require downloading an artifact from a Nexus
> server which requires authentication, and configure your settings.xml
> appropriately.
> # Create a project with a distribution management section which points to a
> repository in the above server. Make sure the repository id doesn't exist in
> your settings.xml
> # Run "mvn deploy"
> What happens:
> If the credentials used to download artifacts from Nexus have deployment
> privileges in the Nexus repository the deployment will succeed.
> Now run "mvn deploy" again. This time the deployment will fail with a 401
> code.
> This bug exists in both Maven 2.2.1 and the latest Maven 3.0 snapshots.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
