Uploaded image for project: 'Maven Wagon'
  1. Maven Wagon
  2. WAGON-627

Maven deploy fails with 401 Unauthorized when using £ in password

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 3.5.1
    • 3.5.2
    • None
    • None

    Description

      Hello.

      I'm using Apache Maven 3.6.3 and maven-deploy-plugin 2.8.2 on Oracle's Java version 1.8.0_321 and I'm currently receiving the 401  Unauthorized error when deploying an artifact to Sonatype Nexus:

      [ERROR] Failed to execute goal org.apache.maven.plugins:maven-deploy-plugin:2.8.2:deploy (default-deploy) on project XXX: Failed to deploy artifacts: Could not transfer artifact XXX:XXX:pom:4.0.0-20220608.184337-1 from/to nexus-snapshots (http://.../repository/maven-snapshots/): Transfer failed for http://...-4.0.0-20220608.184337-1.pom 401 Unauthorized -> [Help 1]

       

      This error showed up after I changed my password with a leading £ character.

       

      Using Wireshark to capture the HTTP packages exchanged between the maven client and the nexus repository, I see 3 interactions:

      1. unauthenticated GET request for a maven-metadata.xml file, followed by a 401 response
      2. authenticated GET request for the same maven-metadata.xml file, followed by a 404 response
      3. authenticated PUT request for the pom file, followed by a 401 response

       

      Now, analyzing the headers for the second and third request I noticed the base64 on the Authentication header is not the same.

      • 2nd request: GET metadata

       

      • 3rd request PUT pom

       

      The decoded base64 with the username:password, shows that, as expected, the request that received a 404 holds the right password, but on the other hand, the PUT request that got a 401 has a password with a ? for the £

       

      All the servers on my settings.xml hold the same user/password and I have tried with the passwords encoded and in plain text.

       

       

      Further tests with base64 encoding and decoding showed that the "wrong" password is the actual password but encoded from an ANSI code page where the password accepted by Nexus is encoded from utf8.

       

      I noticed the 401 responses don't specify the encoding on the WWW-Authenticate header, which should clear up which encoding to use, but still for some reason the two requests are apparently using different encodings.

      Attachments

        1. image-2022-06-08-20-06-39-388.png
          72 kB
          Nélson Cunha
        2. image-2022-06-08-20-09-57-536.png
          79 kB
          Nélson Cunha
        3. image-2022-06-09-16-52-04-876.png
          88 kB
          Nélson Cunha
        4. image-2022-06-09-16-52-19-905.png
          93 kB
          Nélson Cunha
        5. image-2022-06-09-17-01-18-568.png
          98 kB
          Nélson Cunha

        Issue Links

          links to

          Web Link GitHub Pull Request #83

          Activity

            People

              michael-o Michael Osipov
              ncunha Nélson Cunha
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: