artifact:dependencies ignores settings-security.xml and sends password hash to
repository
-----------------------------------------------------------------------------------------
Key: MANTTASKS-177
URL: http://jira.codehaus.org/browse/MANTTASKS-177
Project: Maven 2.x Ant Tasks
Issue Type: Bug
Components: dependencies task
Affects Versions: 2.1.0
Environment: Mac OS X, Ant 1.7.1, Maven 2.2.1, maven-ant-tasks 2.1.0,
Sonatype Nexus Open Source Edition 1.5.0
Reporter: Ross Mellgren
I have a mirror repository configured in .m2/settings.xml, and its <server>
entry uses an encrypted password in <password>, using the master password set
in .m2/settings-security.xml.
I followed this guide:
http://maven.apache.org/guides/mini/guide-encryption.html
I get authentication errors every time i use <?xml version="1.0" ?>
<settings>
<mirrors>
<mirror>
<id>paytronix-public</id>
<url>https://greylock.corp.paytronix.com/nexus/content/groups/public</url>
<mirrorOf>*</mirrorOf>
</mirror>
</mirrors>
<servers>
<server>
<id>paytronix-public</id>
<username>rmellgren</username>
<!-- <password> element omitted -->
</server>
</servers>
</settings>
I switched to http and then used tcpdump to watch the request, then decoded the
Authorization header. The {mumblemumble} password hash was sent not the
decrypted password.
Looking into maven-ant-tasks.jar, I see a META-INF/plexus/components.xml which
does not include plexus-sec-dispatcher from maven-core. I tried spinning my own
copy of maven-ant-tasks with the appropriate component for
plexus-sec-dispatcher added, but it didn't work, so I think I'm out of my depth
in the troubleshooting/rectification department.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
