Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
2.1.0
-
None
-
None
-
Mac OS X, Ant 1.7.1, Maven 2.2.1, maven-ant-tasks 2.1.0, Sonatype Nexus Open Source Edition 1.5.0
Description
I have a mirror repository configured in .m2/settings.xml, and its <server> entry uses an encrypted password in <password>, using the master password set in .m2/settings-security.xml.
I followed this guide:
http://maven.apache.org/guides/mini/guide-encryption.html
I get authentication errors every time i use
<?xml version="1.0" ?> <settings> <mirrors> <mirror> <id>paytronix-public</id> <url>https://greylock.corp.paytronix.com/nexus/content/groups/public</url> <mirrorOf>*</mirrorOf> </mirror> </mirrors> <servers> <server> <id>paytronix-public</id> <username>rmellgren</username> <!-- <password> element omitted --> </server> </servers> </settings>
I switched to http and then used tcpdump to watch the request, then decoded the Authorization header. The
{mumblemumble}password hash was sent not the decrypted password.
Looking into maven-ant-tasks.jar, I see a META-INF/plexus/components.xml which does not include plexus-sec-dispatcher from maven-core. I tried spinning my own copy of maven-ant-tasks with the appropriate component for plexus-sec-dispatcher added, but it didn't work, so I think I'm out of my depth in the troubleshooting/rectification department.