Uploaded image for project: 'Maven Wagon'
  1. Maven Wagon
  2. WAGON-538

Basic authentication fails if the password contains non-ASCII characters

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.2.0
    • Fix Version/s: 3.3.0, 3.3.1
    • Component/s: wagon-http
    • Labels:
      None

      Description

      If the username and/or password used to authenticate to Nexus contains non-ascii characters, the authentication fails with an access denied error. After using Wireshark to investigate the headers being sent (in my case "Ø", any non-ascii characters are replaced with "?".

      To test, I have used the following configuration:

      <settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 http://maven.apache.org/xsd/settings-1.0.0.xsd">
      ...
          <servers>
              <server>
                  <id>artifactory</id>
                  <username>userØ</username>
                  <password>userØ</password>
              </server>
          </servers>
          ...
          <mirrors>
              <mirror>
                  <id>nexus</id>
                  <mirrorOf>*</mirrorOf>
                  <name>Local Nexus</name>
                  <url>http://localhost:8081/repository/maven-public</url>
              </mirror>
          </mirrors>
      ...
      </settings>

      The settings.xml file is saved using UTF-8 encoding and it appears that Maven reads the username and passwords correctly into strings, but Apache HttpClient do not encode the UTF-8 characters when encoding them into base64.

      I did a quick patch of Wagon to make it work for my use case, where HttpClient is configured to encode as UTF-8. As is mentioned in MNG-5917, it is not completely clear from the standards how these characters are supposed to be handled, but on my system both wget and the Chrome web browser encode the characters the same way as after my patch and are able to download files from Nexus.

      Since Artifactory was used in MNG-5917, I also tested against that, but in contrast to Maven it was not able to decode the username and password correctly, however it would be broken without the patch anyway.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                michael-o Michael Osipov
                Reporter:
                aleksgj Aleksander Gjermundsen
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: