Maven
  1. Maven
  2. MNG-5253

exception from mvn deploy, fails when the username and password are too secure/long

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Duplicate
    • Affects Version/s: 3.0.3
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None

      Description

      If the combination of the username and password is too long, the Base64 encoder used inserts newlines in the encoded value, which is invalid

      java.lang.IllegalArgumentException: Illegal character(s) in message header value: Basic c29tZVVzZXJuYW1lOnNvbWVMb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29v
      b29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vbmdQYXNzd29yZA==
      [INFO] ------------------------------------------------------------------------
      [INFO] BUILD FAILURE
      [INFO] ------------------------------------------------------------------------

      Attaching a sample pom and settings, run 'mvn -s settings.xml deploy' to reproduce

      1. pom.xml
        0.6 kB
        Scott Clasen
      2. settings.xml
        0.2 kB
        Scott Clasen

        Activity

        Scott Clasen created issue -
        Hide
        Barrie Treloar added a comment -

        See duplicate WAGON-260 with workaround of setting password to no greater than 76 characters.

        Show
        Barrie Treloar added a comment - See duplicate WAGON-260 with workaround of setting password to no greater than 76 characters.
        Barrie Treloar made changes -
        Field Original Value New Value
        Resolution Duplicate [ 3 ]
        Status Open [ 1 ] Closed [ 6 ]
        Hide
        Scott Clasen added a comment -

        Hmm the workaround to deploy failing when the password is too long is to not use a password that is too long??? Thats not a workaround.

        Show
        Scott Clasen added a comment - Hmm the workaround to deploy failing when the password is too long is to not use a password that is too long??? Thats not a workaround.
        Hide
        Barrie Treloar added a comment -

        I know, but given that the bug is actually in the JVM, and one they have not fixed until Java 7 you do not have any other options.
        A 76 character password is still secure enough.

        Show
        Barrie Treloar added a comment - I know, but given that the bug is actually in the JVM, and one they have not fixed until Java 7 you do not have any other options. A 76 character password is still secure enough.
        Hide
        Scott Clasen added a comment -

        Hmm, this a base64 encoded combination of user and password, which is far less than a 76 char password, quite a blanket statement to just say its secure enough.

        i would suggest that the workaround is to use httpclient instead of HTTPURLConnection, but I assume this would have been done if it was something straightforward to do.

        Show
        Scott Clasen added a comment - Hmm, this a base64 encoded combination of user and password, which is far less than a 76 char password, quite a blanket statement to just say its secure enough. i would suggest that the workaround is to use httpclient instead of HTTPURLConnection, but I assume this would have been done if it was something straightforward to do.
        Mark Thomas made changes -
        Project Import Sun Apr 05 08:49:45 UTC 2015 [ 1428223785911 ]
        Mark Thomas made changes -
        Workflow jira [ 12715474 ] Default workflow, editable Closed status [ 12754995 ]
        Mark Thomas made changes -
        Project Import Sun Apr 05 21:45:26 UTC 2015 [ 1428270326204 ]
        Mark Thomas made changes -
        Workflow jira [ 12951677 ] Default workflow, editable Closed status [ 12987887 ]
        Transition Time In Source Status Execution Times Last Executer Last Execution Date
        Open Open Closed Closed
        133d 23h 59m 1 Barrie Treloar 05/Jul/12 19:55

          People

          • Assignee:
            Unassigned
            Reporter:
            Scott Clasen
          • Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development