[Commented] (WAGON-590) Maven 3.5.0+ doesn't seem to send credentials after 301/302 HTTP redirect

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[Commented] (WAGON-590) Maven 3.5.0+ doesn't seem to send credentials after 301/302 HTTP redirect

Marco Patavini (Jira)

    [ https://issues.apache.org/jira/browse/WAGON-590?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17243053#comment-17243053 ]

IG commented on WAGON-590:
--------------------------

Made it work with the following settings and wagon-3.4.2 inside maven 3.6.3 :
{code:java}
<configuration>
  <basicAuthScope>
    <host>ANY</host>
    <port>ANY</port>
  </basicAuthScope>
  <httpConfiguration>
    <all>
      <params>
        <property>
          <name>http.protocol.cookie-policy</name>
          <value>standard</value>
        </property>
      </params>
    </all>
  </httpConfiguration>
</configuration>

{code}
cookie-policy was still required for correct cookie handling.

 

> Maven 3.5.0+ doesn't seem to send credentials after 301/302 HTTP redirect
> -------------------------------------------------------------------------
>
>                 Key: WAGON-590
>                 URL: https://issues.apache.org/jira/browse/WAGON-590
>             Project: Maven Wagon
>          Issue Type: Bug
>    Affects Versions: 3.4.0
>            Reporter: Cintia DR
>            Priority: Major
>             Fix For: waiting-for-feedback
>
>         Attachments: 0001-conditonally-set-AuthScope-to-any.patch, Screen Shot 2020-04-28 at 7.45.33 pm.png, any-auth.log, expect-continue-done-right-any-auth.log, master_osx.log, master_ubuntu.log, maven_x.log, mvn-master-batch.log, mvn-wagon590branch-debug-osx.log, mvn-wagon590branch-osx.log, mvn339_osx.log, mvn339_ubuntu.log, scoped-auth.log
>
>
> Since maven 3.5.0 (including 3.6.3), maven seems to not send server credentials if distributionManagement server response was a 301 or 302 HTTP redirect. Note that the redirect is followed, but I receive unauthorised code.
> Maven 3.2.5 and 3.3.9 work as expected. I could reproduce it on ubuntu and OSX. Both are JDK 8, not sure if it could make any difference.
>  
> All maven versions (including 3.2.5 and 3.3.9) are using the same version of the deploy plugin (2.7), and upgrading it made no difference whatsoever.
> ----
> If I use '[https://openmrs.jfrog.io/artifactory/snapshots/'] as my 'distributionManagement', credentials are sent.
> If I use '[https://mavenrepo.openmrs.org/proxy/snapshots/|https://mavenrepo.openmrs.org/snapshots/']' (a reverse proxy to '[https://openmrs.jfrog.io/artifactory/snapshots/|https://openmrs.jfrog.io/artifactory/snapshots/']') credentials are sent.
> If I use '[https://mavenrepo.openmrs.org/snapshots/'] (a 301 redirect to [https://openmrs.jfrog.io/artifactory/snapshots/|https://openmrs.jfrog.io/artifactory/snapshots/']) as my distributionManagement, credentials are _not_ sent and the request fails as it's unauthenticated. 
>  
> You can see the configuration of 'mavenrepo.openmrs.org' server here: [https://github.com/openmrs/openmrs-contrib-itsmresources/blob/master/ansible/host_vars/campo.openmrs.org/vars#L33]
>  
> All my artefacts are public to download, so I don't have a way to testing downloading artefacts with server credentials.
>  
> ----
> This is how the output looks like in maven 3.6.3:
> {code:java}
>  
> [INFO] --- maven-deploy-plugin:2.7:deploy (default-deploy) @ releasetestmodule ---
> Downloading from openmrs-repo-snapshots: https://mavenrepo.openmrs.org/nexus/content/repositories/snapshots/org/openmrs/module/releasetestmodule/2.1.22-SNAPSHOT/maven-metadata.xml
> Downloaded from openmrs-repo-snapshots: https://mavenrepo.openmrs.org/nexus/content/repositories/snapshots/org/openmrs/module/releasetestmodule/2.1.22-SNAPSHOT/maven-metadata.xml (616 B at 132 B/s)
> Uploading to openmrs-repo-snapshots: https://mavenrepo.openmrs.org/nexus/content/repositories/snapshots/org/openmrs/module/releasetestmodule/2.1.22-SNAPSHOT/releasetestmodule-2.1.22-20200427.091851-13.pom
> ...
> [ERROR] Failed to execute goal org.apache.maven.plugins:maven-deploy-plugin:2.7:deploy (default-deploy) on project releasetestmodule: Failed to deploy artifacts: Could not transfer artifact org.openmrs.module:releasetestmodule:pom:2.1.22-20200427.091851-13 from/to openmrs-repo-snapshots (https://mavenrepo.openmrs.org/nexus/content/repositories/snapshots): Transfer failed for https://openmrs.jfrog.io/artifactory/snapshots/org/openmrs/module/releasetestmodule/2.1.22-SNAPSHOT/releasetestmodule-2.1.22-20200427.091851-13.pom 401 Unauthorized -> [Help 1]{code}



--
This message was sent by Atlassian Jira
(v8.3.4#803005)