[shrinkwrap-issues] [JBoss JIRA] (SHRINKRES-146) Encrypted password support forces presence of settings-security.xml
Karel Piwko (JIRA)
issues at jboss.org
Mon Sep 1 12:00:00 EDT 2014
[ https://issues.jboss.org/browse/SHRINKRES-146?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12997523#comment-12997523 ]
Karel Piwko commented on SHRINKRES-146:
---------------------------------------
What do you mean by ShrinkWrap fail? Do you have stack trace handy?
There is a test:
https://github.com/shrinkwrap/resolver/blob/master/impl-maven/src/test/java/org/jboss/shrinkwrap/resolver/impl/maven/integration/RepositoryAuthTestCase.java#L103
Here is settings.xml
https://github.com/shrinkwrap/resolver/blob/master/impl-maven/src/test/resources/profiles/settings-auth-encrypted.xml#L11
Everything is passing fine.
> Encrypted password support forces presence of settings-security.xml
> -------------------------------------------------------------------
>
> Key: SHRINKRES-146
> URL: https://issues.jboss.org/browse/SHRINKRES-146
> Project: ShrinkWrap Resolvers
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Affects Versions: 2.0.0-beta-4, 2.0.0
> Reporter: Falko M.
> Assignee: Andrew Rubinger
>
> This problem is caused by SHRINKRES-38 "Support encrypted passwords for password protected repositories".
> As soon {{MavenSettingsBuilder}} finds passwords in the settings file, it apprently assumes that they are encrypted with the master password which is defined in {{settings-security.xml}}. When the file cannot be found an exception is thrown:
> {code}
> org.jboss.shrinkwrap.resolver.api.InvalidConfigurationFileException: Unable to get security configuration from C:\Users\U115417\.m2\settings-security.xml. Please define path to the settings-security.xml file via -Dorg.apache.maven.security-settings, or put it the the default location defined by Maven.
> at org.jboss.shrinkwrap.resolver.impl.maven.internal.decrypt.MavenSecurityDispatcher.getMaster(MavenSecurityDispatcher.java:171)
> at org.jboss.shrinkwrap.resolver.impl.maven.internal.decrypt.MavenSecurityDispatcher.decrypt(MavenSecurityDispatcher.java:96)
> at org.jboss.shrinkwrap.resolver.impl.maven.internal.decrypt.MavenSettingsDecrypter.decrypt(MavenSettingsDecrypter.java:92)
> at org.jboss.shrinkwrap.resolver.impl.maven.internal.decrypt.MavenSettingsDecrypter.decrypt(MavenSettingsDecrypter.java:60)
> at org.jboss.shrinkwrap.resolver.impl.maven.bootstrap.MavenSettingsBuilder.decryptPasswords(MavenSettingsBuilder.java:223)
> at org.jboss.shrinkwrap.resolver.impl.maven.bootstrap.MavenSettingsBuilder.buildSettings(MavenSettingsBuilder.java:186)
> at org.jboss.shrinkwrap.resolver.impl.maven.bootstrap.MavenSettingsBuilder.buildDefaultSettings(MavenSettingsBuilder.java:113)
> at org.jboss.shrinkwrap.resolver.impl.maven.MavenWorkingSessionImpl.<init>(MavenWorkingSessionImpl.java:123)
> at org.jboss.shrinkwrap.resolver.impl.maven.MavenResolverSystemImpl.<init>(MavenResolverSystemImpl.java:43)
> ... 80 more
> {code}
> This is not correct as passwords can be defined without encryption and in this case no {{settings-security.xml}} file is needed.
> As we use server-side hashed passwords (without client-side encryption), this is a deal breaker for our project as you cannot work around this problem by just creating an empty file or a dummy password.
--
This message was sent by Atlassian JIRA
(v6.3.1#6329)
More information about the shrinkwrap-issues
mailing list