<server>
<id>server001</id>
<username>my_login</username>
<password>my_password</password>
<privateKey>${user.home}/.ssh/id_dsa</privateKey>
<passphrase>some_passphrase</passphrase>
<filePermissions>664</filePermissions>
<directoryPermissions>775</directoryPermissions>
<configuration></configuration>
</server>
from ${MAVEN_HOME}/conf/settings.xml
https://maven.apache.org/ref/3.3.9/maven-settings-builder/apidocs/org/apache/maven/settings/crypto/SettingsDecryptionRequest.html#setServers(java.util.List)
so your org.apache.maven.settings.crypto.SettingsDecryptionRequest.setServers
needs to gather up
the list of server ids from {MAVEN_HOME}/conf/settings.xml
not so clear as javadoc is missing from maven-settings-builder site..romain can
you post this info on
http://maven.apache.org/ref/3.6.1/maven-settings-builder/
?
thanks
________________________________
From: Romain Manni-Bucau <[email protected]>
Sent: Monday, June 24, 2019 1:11 AM
To: Maven Developers List
Subject: Re: Maven Security, @Component and MNG-4384
Hi
Did you have a look to org.apache.maven.settings.crypto.SettingsDecrypter?
It can be injected as a component then you can call decrypt on it passing a
request to the method. You get a new null server if it is not encrypted or
the new server with everything in clear.
Would that work better for you?
Romain
Le lun. 24 juin 2019 à 03:31, Chris Graham <[email protected]> a écrit :
> Hi everyone,
>
> I need to add the ability to load users, passwords etc in a 3rd party
> plugin.
>
> It currently requires a userid and password in the <configuration> section
> of the pom (ugh), ideally, I'd like to look them up from the <servers>
> section of settings.xml, and even better yet, make use of being able to
> decrypt passwords.
>
> So I did what we all do, and go and look to see what has been done before,
> and I came across this:
>
>
> /maven-scm/maven-scm-plugin/src/main/java/org/apache/maven/scm/plugin/AbstractScmMojo.java:
>
> /**
> * When this plugin requires Maven 3.0 as minimum, this component can
> be removed and o.a.m.s.c.SettingsDecrypter be
> * used instead.
> */
> @Component( hint = "mng-4384" )
> private SecDispatcher secDispatcher;
>
> and:
>
>
> /maven-scm/maven-scm-plugin/src/main/resources/META-INF/plexus/components.xml:
>
> <component-set>
> <components>
> <component>
>
> <role>org.sonatype.plexus.components.sec.dispatcher.SecDispatcher</role>
> <role-hint>mng-4384</role-hint>
>
>
> <implementation>org.sonatype.plexus.components.sec.dispatcher.DefaultSecDispatcher</implementation>
> <requirements>
> <requirement>
> <role>org.sonatype.plexus.components.cipher.PlexusCipher</role>
> <role-hint>mng-4384</role-hint>
> <field-name>_cipher</field-name>
> </requirement>
> </requirements>
> <configuration>
>
> <_configuration-file>~/.m2/settings-security.xml</_configuration-file>
> </configuration>
> </component>
> <component>
> <role>org.sonatype.plexus.components.cipher.PlexusCipher</role>
> <role-hint>mng-4384</role-hint>
>
>
> <implementation>org.sonatype.plexus.components.cipher.DefaultPlexusCipher</implementation>
> </component>
> </components>
> </component-set>
>
> So, I'm left with the question, what is the current, correct way of
> accessing userids, passwords (encrypted or not)?
>
> I could simply, copy the same approach, but I'd prefer not too, as it's a
> good opportunity 'to do it right'.
>
> Any suggestions?
>
> Would we then consider updating the existing maven plugins to support this?
>
> @Stephen, sounds like a good idea for a blog entry? ;)
>
