Maven
  1. Maven
  2. MNG-4147

very long passwords cause LightweightHTTP wagon to line-wrap the Base64-encoded Authorization header

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 2.1.0
    • Fix Version/s: 2.2.0
    • Labels:
      None

      Description

      I'll cross-file (and link) this issue into wagon, but Sun's HTTPURLConnection implementation uses a line-wrapping Base64 implementation. When passwords are very long, this causes an invalid HTTP request, since the Authorization header's value is line-wrapped.

        Issue Links

          Activity

          John Casey created issue -
          John Casey made changes -
          Field Original Value New Value
          Link This issue depends upon WAGON-260 [ WAGON-260 ]
          Hide
          John Casey added a comment -

          We're already using httpclient for the webdav wagon in maven 2.1.0, so the main reason for using HTTPURLConnection historically is moot.

          Show
          John Casey added a comment - We're already using httpclient for the webdav wagon in maven 2.1.0, so the main reason for using HTTPURLConnection historically is moot.
          John Casey made changes -
          Fix Version/s 2.1.1 [ 15103 ]
          Assignee John Casey [ jdcasey ]
          Affects Version/s 2.1.0 [ 14587 ]
          Component/s Artifacts and Repositories [ 11338 ]
          John Casey made changes -
          Link This issue depends upon WAGON-260 [ WAGON-260 ]
          John Casey made changes -
          Link This issue is related to WAGON-260 [ WAGON-260 ]
          Hide
          John Casey added a comment -

          this is the issue for the lightweight wagon and line-wrapped Authorization headers.

          Show
          John Casey added a comment - this is the issue for the lightweight wagon and line-wrapped Authorization headers.
          Hide
          John Casey added a comment -

          We should move to the httpclient-based http wagon to avoid problems in Sun's HTTPURLConnection code.

          Show
          John Casey added a comment - We should move to the httpclient-based http wagon to avoid problems in Sun's HTTPURLConnection code.
          Hide
          Brett Porter added a comment -

          a workaround is to use dav:// instead of http:// for the URL

          Show
          Brett Porter added a comment - a workaround is to use dav:// instead of http:// for the URL
          Hide
          John Casey added a comment -

          switched to non-lightweight (httpclient-based) http wagon for 2.2.0

          Show
          John Casey added a comment - switched to non-lightweight (httpclient-based) http wagon for 2.2.0
          John Casey made changes -
          Status Open [ 1 ] Closed [ 6 ]
          Resolution Fixed [ 1 ]
          John Casey made changes -
          Link This issue relates to MNG-4207 [ MNG-4207 ]
          Hide
          Benjamin Bentmann added a comment -

          For the record, the HTTP provider was switched back to the Lightweight JRE impl in Maven 2.2.1 so the issue generally remains. However, Maven 2.2.1 provides a way to select/configure the HTTP provider, allowing users to choose an impl that works for them, see also Advanced Configuration of the HttpClient HTTP Wagon.

          Show
          Benjamin Bentmann added a comment - For the record, the HTTP provider was switched back to the Lightweight JRE impl in Maven 2.2.1 so the issue generally remains. However, Maven 2.2.1 provides a way to select/configure the HTTP provider, allowing users to choose an impl that works for them, see also Advanced Configuration of the HttpClient HTTP Wagon .
          Benjamin Bentmann made changes -
          Link This issue is duplicated by MNG-4754 [ MNG-4754 ]
          Brett Sutton made changes -
          Link This issue is related to MNG-5112 [ MNG-5112 ]
          Hide
          Chris Tanger added a comment -

          It appears that Advanced Configuration has potentially show stopping issues esp. when authentication is needed with Nexus server (1.9.1.1)
          http://jira.codehaus.org/browse/MNG-4792

          Show
          Chris Tanger added a comment - It appears that Advanced Configuration has potentially show stopping issues esp. when authentication is needed with Nexus server (1.9.1.1) http://jira.codehaus.org/browse/MNG-4792
          Olivier Lamy (*$^¨%`£) made changes -
          Link This issue duplicates WAGON-260 [ WAGON-260 ]
          Olivier Lamy (*$^¨%`£) made changes -
          Link This issue is related to WAGON-260 [ WAGON-260 ]
          Mark Thomas made changes -
          Project Import Sun Apr 05 08:49:45 UTC 2015 [ 1428223785911 ]
          Mark Thomas made changes -
          Link This issue duplicates WAGON-260 [ WAGON-260 ]
          Mark Thomas made changes -
          Workflow jira [ 12714495 ] Default workflow, editable Closed status [ 12755817 ]
          Mark Thomas made changes -
          Project Import Sun Apr 05 21:45:26 UTC 2015 [ 1428270326204 ]
          Mark Thomas made changes -
          Link This issue duplicates WAGON-260 [ WAGON-260 ]
          Mark Thomas made changes -
          Workflow jira [ 12952750 ] Default workflow, editable Closed status [ 12990068 ]
          Transition Time In Source Status Execution Times Last Executer Last Execution Date
          Open Open Closed Closed
          1d 3h 52m 1 John Casey 29/Apr/09 15:32

            People

            • Assignee:
              John Casey
              Reporter:
              John Casey
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development