[
https://issues.jboss.org/browse/SHRINKRES-146?page=com.atlassian.jira.plu...
]
Rafał Gała commented on SHRINKRES-146:
--------------------------------------
After a few hours of investigation I finally found something :) The problem is actually
with decrypting the password, not the curly brackets.
When I run Maven, I set MAVEN_OPTS variable to
*-Dsettings.security=%M2_HOME%\conf\settings-security.xml*, so when ShrinkWrap resolves
artifacts it should look for that file where the parameter points to, instead of looking
in .m2 directory in user's home directory, but it does not work. It seems that
ShrinkWrap ignores this parameter.
Passing *-Dorg.apache.maven.security-settings=%M2_HOME%\conf\settings-security.xml*
parameter to Maven seems to solve the problem.
Encrypted password support forces presence of settings-security.xml
-------------------------------------------------------------------
Key: SHRINKRES-146
URL:
https://issues.jboss.org/browse/SHRINKRES-146
Project: ShrinkWrap Resolvers
Issue Type: Bug
Security Level: Public(Everyone can see)
Affects Versions: 2.0.0-beta-4, 2.0.0
Reporter: Falko M.
Assignee: Andrew Rubinger
This problem is caused by SHRINKRES-38 "Support encrypted passwords for password
protected repositories".
As soon {{MavenSettingsBuilder}} finds passwords in the settings file, it apprently
assumes that they are encrypted with the master password which is defined in
{{settings-security.xml}}. When the file cannot be found an exception is thrown:
{code}
org.jboss.shrinkwrap.resolver.api.InvalidConfigurationFileException: Unable to get
security configuration from C:\Users\U115417\.m2\settings-security.xml. Please define path
to the settings-security.xml file via -Dorg.apache.maven.security-settings, or put it the
the default location defined by Maven.
at
org.jboss.shrinkwrap.resolver.impl.maven.internal.decrypt.MavenSecurityDispatcher.getMaster(MavenSecurityDispatcher.java:171)
at
org.jboss.shrinkwrap.resolver.impl.maven.internal.decrypt.MavenSecurityDispatcher.decrypt(MavenSecurityDispatcher.java:96)
at
org.jboss.shrinkwrap.resolver.impl.maven.internal.decrypt.MavenSettingsDecrypter.decrypt(MavenSettingsDecrypter.java:92)
at
org.jboss.shrinkwrap.resolver.impl.maven.internal.decrypt.MavenSettingsDecrypter.decrypt(MavenSettingsDecrypter.java:60)
at
org.jboss.shrinkwrap.resolver.impl.maven.bootstrap.MavenSettingsBuilder.decryptPasswords(MavenSettingsBuilder.java:223)
at
org.jboss.shrinkwrap.resolver.impl.maven.bootstrap.MavenSettingsBuilder.buildSettings(MavenSettingsBuilder.java:186)
at
org.jboss.shrinkwrap.resolver.impl.maven.bootstrap.MavenSettingsBuilder.buildDefaultSettings(MavenSettingsBuilder.java:113)
at
org.jboss.shrinkwrap.resolver.impl.maven.MavenWorkingSessionImpl.<init>(MavenWorkingSessionImpl.java:123)
at
org.jboss.shrinkwrap.resolver.impl.maven.MavenResolverSystemImpl.<init>(MavenResolverSystemImpl.java:43)
... 80 more
{code}
This is not correct as passwords can be defined without encryption and in this case no
{{settings-security.xml}} file is needed.
As we use server-side hashed passwords (without client-side encryption), this is a deal
breaker for our project as you cannot work around this problem by just creating an empty
file or a dummy password.
--
This message was sent by Atlassian JIRA
(v6.3.1#6329)