[jira] Commented: (WAGON-291) Maven uses artifact download credentials during deployment in some circumstances

[Brad Hendricks (JIRA)]

    [ 
http://jira.codehaus.org/browse/WAGON-291?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=207480#action_207480
 ] 

Brad Hendricks commented on WAGON-291:
--------------------------------------

I believe I am also suffering from this issue.

I am using maven 2.2.1 on OS X, and I have a pom.xml which has a repo 
configured in the Repositories section, as well as a different repository 
configured in the DistributionManagement section.  I am using Nexus as the 
repository, the Repositories section acutally points to a Group and the 
DistributionManagement section points to the underlying repository, thus the 
urls are like

https://foo.com/My_Group/
and
https://foo.com/snapshots/

In my settings.xml I have two server entries for these repos, the first one has 
a read-only account and the second one has an account with deployment rights.  
I am unable to deploy my project.  The Nexus logs show that during deployment 
maven attempts to authenticate using the credentials of the first server and 
not the deployment credentials.

If I remove the entry from the Repositories section I am able to deploy.

> Maven uses artifact download credentials during deployment in some 
> circumstances
> --------------------------------------------------------------------------------
>
>                 Key: WAGON-291
>                 URL: http://jira.codehaus.org/browse/WAGON-291
>             Project: Maven Wagon
>          Issue Type: Bug
>          Components: wagon-http-lightweight
>    Affects Versions: 1.0-beta-6
>            Reporter: Rich Seddon
>
> If Maven downloads an artifact using authorization, this authorization seems 
> to be cached, which can cause a subsequent deployment to succeed where it 
> should have failed.
> Steps to reproduce:
> # Set up a build which will require downloading an artifact from a Nexus 
> server which requires authentication, and configure your settings.xml 
> appropriately.
> # Create a project with a distribution management section which points to a 
> repository in the above server. Make sure the repository id doesn't exist in 
> your settings.xml
> # Run "mvn deploy"
> What happens:
> If the credentials used to download artifacts from Nexus have deployment 
> privileges in the Nexus repository the deployment will succeed.
> Now run "mvn deploy" again. This time the deployment will fail with a 401 
> code.
> This bug exists in both Maven 2.2.1 and the latest Maven 3.0 snapshots.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: 
http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira