[jira] (SCM-710) Use of encrypted password in pom.xml confiuration is ignored

2013-01-13 Thread Robert Scholte (JIRA) 

 [ 
https://jira.codehaus.org/browse/SCM-710?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Robert Scholte updated SCM-710:
---

Component/s: maven-plugin

 Use of encrypted password in pom.xml confiuration is ignored
 

 Key: SCM-710
 URL: https://jira.codehaus.org/browse/SCM-710
 Project: Maven SCM
  Issue Type: Bug
  Components: maven-plugin
Reporter: Eddie Webb

 THe docs for this plugin say I can use encrypted passwords just like we do 
 for the release plugin.
 It does not seem to support the same 
 project.scm.idnon-hostname-id/project.scm.id that the release plugin 
 does, so I included the username and encrypted password directory in the 
 plugin config.
 {noformat}
 ...
   plugin
 groupIdorg.apache.maven.plugins/groupId
 artifactIdmaven-scm-plugin/artifactId
 version1.8.1/version
 configuration
   usernameusername/username
   password{EncycptedStringGeneratedFromMvnPassword=}/password
 /configuration
   /plugin
 /plugins
 ...
 {noformat}
 But the SCM fails with authentication issue, and the SVN logs determine that 
 no user ID is sent.
 If I instead include the hostname as a server ID in settings.xml, or include 
 these values on the command line, in both cases it invokes a 500 from the 
 application server.
  mvn scm:checkout -Pforge -Dusername=myuser 
 -Dpassword={EncycptedStringGeneratedFromMvnPassword=}
 svn: Server sent unexpected return value (500 Internal Server Error) in 
 response to OPTIONS request for https://my-svn
 This 500 can be duplicated in a browser by passing the un-encrypted string 
 {foo=}.
 h3. summary
 regardless of where I place the encruypted password it is either ignored, or 
 not decrypted before being sent to the webserver.  
 Can you please document an example of how to use the encrypted passwords, or 
 support the same approach as the release plugin.
 http://jira.codehaus.org/browse/MRELEASE-420

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://jira.codehaus.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] (SCM-710) Use of encrypted password in pom.xml confiuration is ignored

2013-01-11 Thread Robert Scholte (JIRA) 

[ 
https://jira.codehaus.org/browse/SCM-710?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=317160#comment-317160
 ] 

Robert Scholte commented on SCM-710:


It should be documented somewhere, but I can't find it.
Since there's no id in the scm-section of the pom file, there's another (old) 
solution by using the host (with optional port) as the id of the server.

{code:xml}
  server
idsvn-forge.com/id !-- or svn-forge.com:443 --
usernamecp_lforge_crucible/username
password{EncycptedStringGeneratedFromMvnPassword=}/password
  /server
{code}

MRELEASE-420 introduced the {{project.scm.id}}-property, to have a more logic 
solution.

Let me see if I can add that for the scm-plugin as well in a short period of 
time.

 Use of encrypted password in pom.xml confiuration is ignored
 

 Key: SCM-710
 URL: https://jira.codehaus.org/browse/SCM-710
 Project: Maven SCM
  Issue Type: Bug
Reporter: Eddie Webb

 THe docs for this plugin say I can use encrypted passwords just like we do 
 for the release plugin.
 It does not seem to support the same 
 project.scm.idnon-hostname-id/project.scm.id that the release plugin 
 does, so I included the username and encrypted password directory in the 
 plugin config.
 {noformat}
 ...
   plugin
 groupIdorg.apache.maven.plugins/groupId
 artifactIdmaven-scm-plugin/artifactId
 version1.8.1/version
 configuration
   usernameusername/username
   password{EncycptedStringGeneratedFromMvnPassword=}/password
 /configuration
   /plugin
 /plugins
 ...
 {noformat}
 But the SCM fails with authentication issue, and the SVN logs determine that 
 no user ID is sent.
 If I instead include the hostname as a server ID in settings.xml, or include 
 these values on the command line, in both cases it invokes a 500 from the 
 application server.
  mvn scm:checkout -Pforge -Dusername=myuser 
 -Dpassword={EncycptedStringGeneratedFromMvnPassword=}
 svn: Server sent unexpected return value (500 Internal Server Error) in 
 response to OPTIONS request for https://my-svn
 This 500 can be duplicated in a browser by passing the un-encrypted string 
 {foo=}.
 h3. summary
 regardless of where I place the encruypted password it is either ignored, or 
 not decrypted before being sent to the webserver.  
 Can you please document an example of how to use the encrypted passwords, or 
 support the same approach as the release plugin.
 http://jira.codehaus.org/browse/MRELEASE-420

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://jira.codehaus.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] (SCM-710) Use of encrypted password in pom.xml confiuration is ignored

2013-01-11 Thread Eddie Webb (JIRA) 

[ 
https://jira.codehaus.org/browse/SCM-710?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=317189#comment-317189
 ] 

Eddie Webb commented on SCM-710:


I'll try the solution you mentioned and get back to you.  

The reason the latter is so valuable (and I really appreciate you taking a 
look!!) to us is that we use many different repos on that host, and leverage 
profiles to provide different teams an easy way to connect. (team A must 
specify -PteamA in order to get the proper credentials for their repo on the 
build server)  Using the hostname method bypasses the need for profiles and 
would require a globally authorized ID, and does not enforce the level of 
separation we prefer.

 Use of encrypted password in pom.xml confiuration is ignored
 

 Key: SCM-710
 URL: https://jira.codehaus.org/browse/SCM-710
 Project: Maven SCM
  Issue Type: Bug
Reporter: Eddie Webb

 THe docs for this plugin say I can use encrypted passwords just like we do 
 for the release plugin.
 It does not seem to support the same 
 project.scm.idnon-hostname-id/project.scm.id that the release plugin 
 does, so I included the username and encrypted password directory in the 
 plugin config.
 {noformat}
 ...
   plugin
 groupIdorg.apache.maven.plugins/groupId
 artifactIdmaven-scm-plugin/artifactId
 version1.8.1/version
 configuration
   usernameusername/username
   password{EncycptedStringGeneratedFromMvnPassword=}/password
 /configuration
   /plugin
 /plugins
 ...
 {noformat}
 But the SCM fails with authentication issue, and the SVN logs determine that 
 no user ID is sent.
 If I instead include the hostname as a server ID in settings.xml, or include 
 these values on the command line, in both cases it invokes a 500 from the 
 application server.
  mvn scm:checkout -Pforge -Dusername=myuser 
 -Dpassword={EncycptedStringGeneratedFromMvnPassword=}
 svn: Server sent unexpected return value (500 Internal Server Error) in 
 response to OPTIONS request for https://my-svn
 This 500 can be duplicated in a browser by passing the un-encrypted string 
 {foo=}.
 h3. summary
 regardless of where I place the encruypted password it is either ignored, or 
 not decrypted before being sent to the webserver.  
 Can you please document an example of how to use the encrypted passwords, or 
 support the same approach as the release plugin.
 http://jira.codehaus.org/browse/MRELEASE-420

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://jira.codehaus.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] (SCM-710) Use of encrypted password in pom.xml confiuration is ignored

2013-01-10 Thread Eddie Webb (JIRA) 

[ 
https://jira.codehaus.org/browse/SCM-710?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=317125#comment-317125
 ] 

Eddie Webb commented on SCM-710:


Update. 

I can now verify that the password is passed when using configuration section 
of the project pom, but does not decrpt the password.  Switching between the 
unencrypted and encrypted password manually resolves the issue.  THe same 
appears to be true if stored in settings.xml using the hostname as the server 
ID.

 Use of encrypted password in pom.xml confiuration is ignored
 

 Key: SCM-710
 URL: https://jira.codehaus.org/browse/SCM-710
 Project: Maven SCM
  Issue Type: Bug
Reporter: Eddie Webb

 THe docs for this plugin say I can use encrypted passwords just like we do 
 for the release plugin.
 It does not seem to support the same 
 project.scm.idnon-hostname-id/project.scm.id that the release plugin 
 does, so I included the username and encrypted password directory in the 
 plugin config.
 {noformat}
 ...
   plugin
 groupIdorg.apache.maven.plugins/groupId
 artifactIdmaven-scm-plugin/artifactId
 version1.8.1/version
 configuration
   usernameusername/username
   password{EncycptedStringGeneratedFromMvnPassword=}/password
 /configuration
   /plugin
 /plugins
 ...
 {noformat}
 But the SCM fails with authentication issue, and the SVN logs determine that 
 no user ID is sent.
 If I instead include the hostname as a server ID in settings.xml, or include 
 these values on the command line, in both cases it invokes a 500 from the 
 application server.
  mvn scm:checkout -Pforge -Dusername=myuser 
 -Dpassword={EncycptedStringGeneratedFromMvnPassword=}
 svn: Server sent unexpected return value (500 Internal Server Error) in 
 response to OPTIONS request for https://my-svn
 This 500 can be duplicated in a browser by passing the un-encrypted string 
 {foo=}.
 h3. summary
 regardless of where I place the encruypted password it is either ignored, or 
 not decrypted before being sent to the webserver.  
 Can you please document an example of how to use the encrypted passwords, or 
 support the same approach as the release plugin.
 http://jira.codehaus.org/browse/MRELEASE-420

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://jira.codehaus.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] (SCM-710) Use of encrypted password in pom.xml confiuration is ignored

2013-01-10 Thread Eddie Webb (JIRA) 

[ 
https://jira.codehaus.org/browse/SCM-710?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=317125#comment-317125
 ] 

Eddie Webb edited comment on SCM-710 at 1/10/13 3:45 PM:
-

Update. 

I can now verify that the password is passed when using configuration section 
of the project pom, but does not decrypt the password.  Switching between the 
unencrypted and encrypted password manually resolves the issue.  THe same 
appears to be true if stored in settings.xml using the hostname as the server 
ID.

encrypted password in pom.xml
{noformat}
[INFO] Executing: /bin/sh -c cd /opt/lforge/testing/bootstrap/target  svn 
--username cp_lforge_crucible --password '*' --no-auth-cache 
--non-interactive checkout 
https://svn-forge.com/svn/FORGE/maven/repository/bootstrap/trunk 
/opt/lforge/testing/bootstrap/target/checkout
[INFO] Working directory: /opt/lforge/testing/bootstrap/target
[ERROR] Provider message:
[ERROR] The svn command failed.
[ERROR] Command output:
[ERROR] svn: OPTIONS of 
'https://svn-forge.com/svn/FORGE/maven/repository/bootstrap/trunk': 
authorization failed (https://svn-forge.com)
{noformat}

plain-text password in pom.xml
{noformat}
[scm:checkout {execution: default-cli}]
[INFO] Removing /opt/lforge/testing/target/checkout
[INFO] Executing: /bin/sh -c cd /opt/lforge/testing/target  svn --username 
cp_lforge_crucible --password '*' --no-auth-cache --non-interactive 
checkout https://svn-forge.com/svn/FORGE/maven/repository/bootstrap/trunk 
/opt/lforge/testing/target/checkout
[INFO] Working directory: /opt/lforge/testing/target
[INFO] 
[INFO] BUILD SUCCESSFUL
[INFO] 
{noformat}

  was (Author: eddiewebb):
Update. 

I can now verify that the password is passed when using configuration section 
of the project pom, but does not decrpt the password.  Switching between the 
unencrypted and encrypted password manually resolves the issue.  THe same 
appears to be true if stored in settings.xml using the hostname as the server 
ID.
  
 Use of encrypted password in pom.xml confiuration is ignored
 

 Key: SCM-710
 URL: https://jira.codehaus.org/browse/SCM-710
 Project: Maven SCM
  Issue Type: Bug
Reporter: Eddie Webb

 THe docs for this plugin say I can use encrypted passwords just like we do 
 for the release plugin.
 It does not seem to support the same 
 project.scm.idnon-hostname-id/project.scm.id that the release plugin 
 does, so I included the username and encrypted password directory in the 
 plugin config.
 {noformat}
 ...
   plugin
 groupIdorg.apache.maven.plugins/groupId
 artifactIdmaven-scm-plugin/artifactId
 version1.8.1/version
 configuration
   usernameusername/username
   password{EncycptedStringGeneratedFromMvnPassword=}/password
 /configuration
   /plugin
 /plugins
 ...
 {noformat}
 But the SCM fails with authentication issue, and the SVN logs determine that 
 no user ID is sent.
 If I instead include the hostname as a server ID in settings.xml, or include 
 these values on the command line, in both cases it invokes a 500 from the 
 application server.
  mvn scm:checkout -Pforge -Dusername=myuser 
 -Dpassword={EncycptedStringGeneratedFromMvnPassword=}
 svn: Server sent unexpected return value (500 Internal Server Error) in 
 response to OPTIONS request for https://my-svn
 This 500 can be duplicated in a browser by passing the un-encrypted string 
 {foo=}.
 h3. summary
 regardless of where I place the encruypted password it is either ignored, or 
 not decrypted before being sent to the webserver.  
 Can you please document an example of how to use the encrypted passwords, or 
 support the same approach as the release plugin.
 http://jira.codehaus.org/browse/MRELEASE-420

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://jira.codehaus.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] (SCM-710) Use of encrypted password in pom.xml confiuration is ignored

2013-01-10 Thread Robert Scholte (JIRA) 

[ 
https://jira.codehaus.org/browse/SCM-710?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=317126#comment-317126
 ] 

Robert Scholte commented on SCM-710:


Have you followed the instructions of 
http://maven.apache.org/guides/mini/guide-encryption.html ?
Be sure you have a {{settings-security.xml}} with an encrypted master-password.

 Use of encrypted password in pom.xml confiuration is ignored
 

 Key: SCM-710
 URL: https://jira.codehaus.org/browse/SCM-710
 Project: Maven SCM
  Issue Type: Bug
Reporter: Eddie Webb

 THe docs for this plugin say I can use encrypted passwords just like we do 
 for the release plugin.
 It does not seem to support the same 
 project.scm.idnon-hostname-id/project.scm.id that the release plugin 
 does, so I included the username and encrypted password directory in the 
 plugin config.
 {noformat}
 ...
   plugin
 groupIdorg.apache.maven.plugins/groupId
 artifactIdmaven-scm-plugin/artifactId
 version1.8.1/version
 configuration
   usernameusername/username
   password{EncycptedStringGeneratedFromMvnPassword=}/password
 /configuration
   /plugin
 /plugins
 ...
 {noformat}
 But the SCM fails with authentication issue, and the SVN logs determine that 
 no user ID is sent.
 If I instead include the hostname as a server ID in settings.xml, or include 
 these values on the command line, in both cases it invokes a 500 from the 
 application server.
  mvn scm:checkout -Pforge -Dusername=myuser 
 -Dpassword={EncycptedStringGeneratedFromMvnPassword=}
 svn: Server sent unexpected return value (500 Internal Server Error) in 
 response to OPTIONS request for https://my-svn
 This 500 can be duplicated in a browser by passing the un-encrypted string 
 {foo=}.
 h3. summary
 regardless of where I place the encruypted password it is either ignored, or 
 not decrypted before being sent to the webserver.  
 Can you please document an example of how to use the encrypted passwords, or 
 support the same approach as the release plugin.
 http://jira.codehaus.org/browse/MRELEASE-420

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://jira.codehaus.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] (SCM-710) Use of encrypted password in pom.xml confiuration is ignored

2013-01-10 Thread Eddie Webb (JIRA) 

[ 
https://jira.codehaus.org/browse/SCM-710?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=317132#comment-317132
 ] 

Eddie Webb commented on SCM-710:


Yes, we use the maven release plugin with these encrypted passwords regularly, 
(setup master password, encrypted all passwords, and added to server section of 
settings.xml) and have no plain text passwords anywhere.  THe issue we are 
experiencing is unique to the SCM plugin which does not seem to respect the 
encryption.

 Use of encrypted password in pom.xml confiuration is ignored
 

 Key: SCM-710
 URL: https://jira.codehaus.org/browse/SCM-710
 Project: Maven SCM
  Issue Type: Bug
Reporter: Eddie Webb

 THe docs for this plugin say I can use encrypted passwords just like we do 
 for the release plugin.
 It does not seem to support the same 
 project.scm.idnon-hostname-id/project.scm.id that the release plugin 
 does, so I included the username and encrypted password directory in the 
 plugin config.
 {noformat}
 ...
   plugin
 groupIdorg.apache.maven.plugins/groupId
 artifactIdmaven-scm-plugin/artifactId
 version1.8.1/version
 configuration
   usernameusername/username
   password{EncycptedStringGeneratedFromMvnPassword=}/password
 /configuration
   /plugin
 /plugins
 ...
 {noformat}
 But the SCM fails with authentication issue, and the SVN logs determine that 
 no user ID is sent.
 If I instead include the hostname as a server ID in settings.xml, or include 
 these values on the command line, in both cases it invokes a 500 from the 
 application server.
  mvn scm:checkout -Pforge -Dusername=myuser 
 -Dpassword={EncycptedStringGeneratedFromMvnPassword=}
 svn: Server sent unexpected return value (500 Internal Server Error) in 
 response to OPTIONS request for https://my-svn
 This 500 can be duplicated in a browser by passing the un-encrypted string 
 {foo=}.
 h3. summary
 regardless of where I place the encruypted password it is either ignored, or 
 not decrypted before being sent to the webserver.  
 Can you please document an example of how to use the encrypted passwords, or 
 support the same approach as the release plugin.
 http://jira.codehaus.org/browse/MRELEASE-420

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://jira.codehaus.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] (SCM-710) Use of encrypted password in pom.xml confiuration is ignored

2013-01-10 Thread Eddie Webb (JIRA) 

[ 
https://jira.codehaus.org/browse/SCM-710?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=317132#comment-317132
 ] 

Eddie Webb edited comment on SCM-710 at 1/10/13 4:44 PM:
-

Yes, we use the maven release plugin with these encrypted passwords regularly, 
(setup master password, encrypted all passwords, and added to server section of 
settings.xml) and have no plain text passwords anywhere.  This has been working 
for several months now. 

THe issue we are experiencing is unique to the SCM plugin which does not seem 
to respect the encryption. The use case is that I am bootstrapping a project by 
programatically plopping a pom.xml on the server, and invoking 
mvn scm:checkout



  was (Author: eddiewebb):
Yes, we use the maven release plugin with these encrypted passwords 
regularly, (setup master password, encrypted all passwords, and added to server 
section of settings.xml) and have no plain text passwords anywhere.  THe issue 
we are experiencing is unique to the SCM plugin which does not seem to respect 
the encryption.
  
 Use of encrypted password in pom.xml confiuration is ignored
 

 Key: SCM-710
 URL: https://jira.codehaus.org/browse/SCM-710
 Project: Maven SCM
  Issue Type: Bug
Reporter: Eddie Webb

 THe docs for this plugin say I can use encrypted passwords just like we do 
 for the release plugin.
 It does not seem to support the same 
 project.scm.idnon-hostname-id/project.scm.id that the release plugin 
 does, so I included the username and encrypted password directory in the 
 plugin config.
 {noformat}
 ...
   plugin
 groupIdorg.apache.maven.plugins/groupId
 artifactIdmaven-scm-plugin/artifactId
 version1.8.1/version
 configuration
   usernameusername/username
   password{EncycptedStringGeneratedFromMvnPassword=}/password
 /configuration
   /plugin
 /plugins
 ...
 {noformat}
 But the SCM fails with authentication issue, and the SVN logs determine that 
 no user ID is sent.
 If I instead include the hostname as a server ID in settings.xml, or include 
 these values on the command line, in both cases it invokes a 500 from the 
 application server.
  mvn scm:checkout -Pforge -Dusername=myuser 
 -Dpassword={EncycptedStringGeneratedFromMvnPassword=}
 svn: Server sent unexpected return value (500 Internal Server Error) in 
 response to OPTIONS request for https://my-svn
 This 500 can be duplicated in a browser by passing the un-encrypted string 
 {foo=}.
 h3. summary
 regardless of where I place the encruypted password it is either ignored, or 
 not decrypted before being sent to the webserver.  
 Can you please document an example of how to use the encrypted passwords, or 
 support the same approach as the release plugin.
 http://jira.codehaus.org/browse/MRELEASE-420

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://jira.codehaus.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira