Hi Did you have a look to org.apache.maven.settings.crypto.SettingsDecrypter?
It can be injected as a component then you can call decrypt on it passing a request to the method. You get a new null server if it is not encrypted or the new server with everything in clear. Would that work better for you? Romain Le lun. 24 juin 2019 à 03:31, Chris Graham <chrisgw...@gmail.com> a écrit : > Hi everyone, > > I need to add the ability to load users, passwords etc in a 3rd party > plugin. > > It currently requires a userid and password in the <configuration> section > of the pom (ugh), ideally, I'd like to look them up from the <servers> > section of settings.xml, and even better yet, make use of being able to > decrypt passwords. > > So I did what we all do, and go and look to see what has been done before, > and I came across this: > > > /maven-scm/maven-scm-plugin/src/main/java/org/apache/maven/scm/plugin/AbstractScmMojo.java: > > /** > * When this plugin requires Maven 3.0 as minimum, this component can > be removed and o.a.m.s.c.SettingsDecrypter be > * used instead. > */ > @Component( hint = "mng-4384" ) > private SecDispatcher secDispatcher; > > and: > > > /maven-scm/maven-scm-plugin/src/main/resources/META-INF/plexus/components.xml: > > <component-set> > <components> > <component> > > <role>org.sonatype.plexus.components.sec.dispatcher.SecDispatcher</role> > <role-hint>mng-4384</role-hint> > > > <implementation>org.sonatype.plexus.components.sec.dispatcher.DefaultSecDispatcher</implementation> > <requirements> > <requirement> > <role>org.sonatype.plexus.components.cipher.PlexusCipher</role> > <role-hint>mng-4384</role-hint> > <field-name>_cipher</field-name> > </requirement> > </requirements> > <configuration> > > <_configuration-file>~/.m2/settings-security.xml</_configuration-file> > </configuration> > </component> > <component> > <role>org.sonatype.plexus.components.cipher.PlexusCipher</role> > <role-hint>mng-4384</role-hint> > > > <implementation>org.sonatype.plexus.components.cipher.DefaultPlexusCipher</implementation> > </component> > </components> > </component-set> > > So, I'm left with the question, what is the current, correct way of > accessing userids, passwords (encrypted or not)? > > I could simply, copy the same approach, but I'd prefer not too, as it's a > good opportunity 'to do it right'. > > Any suggestions? > > Would we then consider updating the existing maven plugins to support this? > > @Stephen, sounds like a good idea for a blog entry? ;) >
