[
https://issues.jboss.org/browse/SHRINKRES-146?page=com.atlassian.jira.plu...
]
Rafał Gała edited comment on SHRINKRES-146 at 8/25/14 3:09 AM:
---------------------------------------------------------------
Escaping curly bracket solves the problem with Shrinkwrap, but adding "\" before
closing bracket changes the password hash and then it is incorrectly decoded by Maven.
For example:
<password>{/XFp4jLOtEMHmqV6niPdSZ1cf/ck/gxDk0PBgjgZkLY=}</password>
and
<password>\{/XFp4jLOtEMHmqV6niPdSZ1cf/ck/gxDk0PBgjgZkLY=\}</password>
is not the same hash.
was (Author: wujaszek):
Escaping curly bracket solves the problem with Shrinkwrap, but adding "\" before
closing bracket changes the password hash and then it is incorrectly decoded by Maven.
For example:
<password>{/XFp4jLOtEMHmqV6niPdSZ1cf/ck/gxDk0PBgjgZkLY=}</password>
and
<password>\{/XFp4jLOtEMHmqV6niPdSZ1cf/ck/gxDk0PBgjgZkLY=\\}</password>
is not the same hash.
Encrypted password support forces presence of settings-security.xml
-------------------------------------------------------------------
Key: SHRINKRES-146
URL:
https://issues.jboss.org/browse/SHRINKRES-146
Project: ShrinkWrap Resolvers
Issue Type: Bug
Security Level: Public(Everyone can see)
Affects Versions: 2.0.0-beta-4, 2.0.0
Reporter: Falko M.
Assignee: Andrew Rubinger
This problem is caused by SHRINKRES-38 "Support encrypted passwords for password
protected repositories".
As soon {{MavenSettingsBuilder}} finds passwords in the settings file, it apprently
assumes that they are encrypted with the master password which is defined in
{{settings-security.xml}}. When the file cannot be found an exception is thrown:
{code}
org.jboss.shrinkwrap.resolver.api.InvalidConfigurationFileException: Unable to get
security configuration from C:\Users\U115417\.m2\settings-security.xml. Please define path
to the settings-security.xml file via -Dorg.apache.maven.security-settings, or put it the
the default location defined by Maven.
at
org.jboss.shrinkwrap.resolver.impl.maven.internal.decrypt.MavenSecurityDispatcher.getMaster(MavenSecurityDispatcher.java:171)
at
org.jboss.shrinkwrap.resolver.impl.maven.internal.decrypt.MavenSecurityDispatcher.decrypt(MavenSecurityDispatcher.java:96)
at
org.jboss.shrinkwrap.resolver.impl.maven.internal.decrypt.MavenSettingsDecrypter.decrypt(MavenSettingsDecrypter.java:92)
at
org.jboss.shrinkwrap.resolver.impl.maven.internal.decrypt.MavenSettingsDecrypter.decrypt(MavenSettingsDecrypter.java:60)
at
org.jboss.shrinkwrap.resolver.impl.maven.bootstrap.MavenSettingsBuilder.decryptPasswords(MavenSettingsBuilder.java:223)
at
org.jboss.shrinkwrap.resolver.impl.maven.bootstrap.MavenSettingsBuilder.buildSettings(MavenSettingsBuilder.java:186)
at
org.jboss.shrinkwrap.resolver.impl.maven.bootstrap.MavenSettingsBuilder.buildDefaultSettings(MavenSettingsBuilder.java:113)
at
org.jboss.shrinkwrap.resolver.impl.maven.MavenWorkingSessionImpl.<init>(MavenWorkingSessionImpl.java:123)
at
org.jboss.shrinkwrap.resolver.impl.maven.MavenResolverSystemImpl.<init>(MavenResolverSystemImpl.java:43)
... 80 more
{code}
This is not correct as passwords can be defined without encryption and in this case no
{{settings-security.xml}} file is needed.
As we use server-side hashed passwords (without client-side encryption), this is a deal
breaker for our project as you cannot work around this problem by just creating an empty
file or a dummy password.
--
This message was sent by Atlassian JIRA
(v6.3.1#6329)