[JBoss JIRA] (SHRINKRES-146) Encrypted password support forces presence of settings-security.xml

Friday, 26 July 2013

    [
https://issues.jboss.org/browse/SHRINKRES-146?page=com.atlassian.jira.plu...
] 

Andrew Rubinger commented on SHRINKRES-146:
-------------------------------------------

Is this a clone of SHRINKRES-145?  If so, we can mark resolved as "Rejected";
the issue stemmed from a missing escape character before the "{", which
signified an encrypted password.  Else please provide a more descriptive test case.

...
 Encrypted password support forces presence of settings-security.xml
 -------------------------------------------------------------------

                 Key: SHRINKRES-146
                 URL: https://issues.jboss.org/browse/SHRINKRES-146
             Project: ShrinkWrap Resolvers
          Issue Type: Bug
    Affects Versions: 2.0.0-beta-4, 2.0.0
            Reporter: Falko M.
            Assignee: Andrew Rubinger

 This problem is caused by SHRINKRES-38 "Support encrypted passwords for password
protected repositories".
 As soon {{MavenSettingsBuilder}} finds passwords in the settings file, it apprently
assumes that they are encrypted with the master password which is defined in
{{settings-security.xml}}. When the file cannot be found an exception is thrown:
 {code}
 org.jboss.shrinkwrap.resolver.api.InvalidConfigurationFileException: Unable to get
security configuration from C:\Users\U115417\.m2\settings-security.xml. Please define path
to the settings-security.xml file via -Dorg.apache.maven.security-settings, or put it the
the default location defined by Maven.
 	at
org.jboss.shrinkwrap.resolver.impl.maven.internal.decrypt.MavenSecurityDispatcher.getMaster(MavenSecurityDispatcher.java:171)
 	at
org.jboss.shrinkwrap.resolver.impl.maven.internal.decrypt.MavenSecurityDispatcher.decrypt(MavenSecurityDispatcher.java:96)
 	at
org.jboss.shrinkwrap.resolver.impl.maven.internal.decrypt.MavenSettingsDecrypter.decrypt(MavenSettingsDecrypter.java:92)
 	at
org.jboss.shrinkwrap.resolver.impl.maven.internal.decrypt.MavenSettingsDecrypter.decrypt(MavenSettingsDecrypter.java:60)
 	at
org.jboss.shrinkwrap.resolver.impl.maven.bootstrap.MavenSettingsBuilder.decryptPasswords(MavenSettingsBuilder.java:223)
 	at
org.jboss.shrinkwrap.resolver.impl.maven.bootstrap.MavenSettingsBuilder.buildSettings(MavenSettingsBuilder.java:186)
 	at
org.jboss.shrinkwrap.resolver.impl.maven.bootstrap.MavenSettingsBuilder.buildDefaultSettings(MavenSettingsBuilder.java:113)
 	at
org.jboss.shrinkwrap.resolver.impl.maven.MavenWorkingSessionImpl.<init>(MavenWorkingSessionImpl.java:123)
 	at
org.jboss.shrinkwrap.resolver.impl.maven.MavenResolverSystemImpl.<init>(MavenResolverSystemImpl.java:43)
 	... 80 more
 {code}
 This is not correct as passwords can be defined without encryption and in this case no
{{settings-security.xml}} file is needed.
 As we use server-side hashed passwords (without client-side encryption), this is a deal
breaker for our project as you cannot work around this problem by just creating an empty
file or a dummy password. 
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009