[jira] [Commented] (MNG-7719) Maven 3.9.0 native http transport ignores username/password for basic auth
[ https://issues.apache.org/jira/browse/MNG-7719?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17697539#comment-17697539 ] Adam Gent commented on MNG-7719: [~cstamas] I can confirm that the slowness is probably not due to transport. FWIW based on the maven event spy extension / maven profiler the deploy plugin is taking the longest part of our build and doesn't take the longest for bigger jars which would indicate slowness in transport but jars that have more dependencies. For example a jar with zero deps but 300k in size takes: {code:java} [INFO] buildnumber-maven-plugin:create (default) [0.002s] [INFO] maven-resources-plugin:resources (default-resources) . [0.001s] [INFO] maven-compiler-plugin:compile (default-compile) .. [0.001s] [INFO] maven-resources-plugin:testResources (default-testResource [0.001s] [INFO] maven-compiler-plugin:testCompile (default-testCompile) .. [0.118s] [INFO] maven-surefire-plugin:test (default-test) [0.005s] [INFO] maven-jar-plugin:jar (default-jar) ... [0.037s] [INFO] maven-source-plugin:jar-no-fork (attach-sources) . [0.015s] [INFO] maven-install-plugin:install (default-install) ... [0.000s] [INFO] maven-deploy-plugin:deploy (default-deploy) .. [4.817s] {code} Here is a tiny jar but with lots of dependencies: {code:java} [INFO] buildnumber-maven-plugin:create (default) [0.004s] [INFO] maven-resources-plugin:resources (default-resources) . [0.002s] [INFO] maven-compiler-plugin:compile (default-compile) .. [0.002s] [INFO] maven-resources-plugin:testResources (default-testResource [0.001s] [INFO] maven-compiler-plugin:testCompile (default-testCompile) .. [0.085s] [INFO] maven-surefire-plugin:test (default-test) [0.004s] [INFO] maven-jar-plugin:jar (default-jar) ... [0.010s] [INFO] maven-source-plugin:jar-no-fork (attach-sources) . [0.009s] [INFO] maven-install-plugin:install (default-install) ... [0.001s] [INFO] maven-deploy-plugin:deploy (default-deploy) .. [15.121s] {code} I will say that deploy has always been embarrassingly the slowest part of our build (ignoring integration tests) regardless of transport (wagon or native) so if one is going to work on it would be nice for a general optimization there. It is annoying problem because the deploy window if it is too large is a known issue of potential corruption. > Maven 3.9.0 native http transport ignores username/password for basic auth > -- > > Key: MNG-7719 > URL: https://issues.apache.org/jira/browse/MNG-7719 > Project: Maven > Issue Type: Improvement > Components: Core, Deployment >Affects Versions: 3.9.0 >Reporter: Adam Gent >Priority: Major > > In 3.9.0 the default maven http transport switched from wagon to native. > It appears that the native transport does not respect: > {code:xml} > > some-repo > some-username > basic-auth-password > > {code} > Now when you do a mvn deploy to some-repo the basic auth headers are missing. > This is probably causing github package problems: > https://github.com/orgs/community/discussions/49001 > - > The issue appears to be that the native client respects Basic Auth Challenges > and our server did not do that (it never sends the WWW-Authenticate) as the > original Wagon HTTP transport did not need it. > The wagon version will always send the credentials on PUT and POST but no > credentials on GET of maven metadata. > The wagon version basically is like a header API key when doing basic auth > instead of the true basic auth workflow. > For whatever reason I removed the WWW-Authenticate header probably for > security reasons. > Since the native client is doing technically the right thing this is not a > bug however it would be nice if there was some option to revert to the old > behavior as it does save a round trip on PUT (a 401 needs to happen with the > header before native will send credentials). -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MNG-7719) Maven 3.9.0 native http transport ignores username/password for basic auth
[ https://issues.apache.org/jira/browse/MNG-7719?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17697377#comment-17697377 ] Tamas Cservenak commented on MNG-7719: -- [~sjaranowski] let's continue on MNG-7722 > Maven 3.9.0 native http transport ignores username/password for basic auth > -- > > Key: MNG-7719 > URL: https://issues.apache.org/jira/browse/MNG-7719 > Project: Maven > Issue Type: Improvement > Components: Core, Deployment >Affects Versions: 3.9.0 >Reporter: Adam Gent >Priority: Major > Fix For: waiting-for-feedback > > > In 3.9.0 the default maven http transport switched from wagon to native. > It appears that the native transport does not respect: > {code:xml} > > some-repo > some-username > basic-auth-password > > {code} > Now when you do a mvn deploy to some-repo the basic auth headers are missing. > This is probably causing github package problems: > https://github.com/orgs/community/discussions/49001 > - > The issue appears to be that the native client respects Basic Auth Challenges > and our server did not do that (it never sends the WWW-Authenticate) as the > original Wagon HTTP transport did not need it. > The wagon version will always send the credentials on PUT and POST but no > credentials on GET of maven metadata. > The wagon version basically is like a header API key when doing basic auth > instead of the true basic auth workflow. > For whatever reason I removed the WWW-Authenticate header probably for > security reasons. > Since the native client is doing technically the right thing this is not a > bug however it would be nice if there was some option to revert to the old > behavior as it does save a round trip on PUT (a 401 needs to happen with the > header before native will send credentials). -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MNG-7719) Maven 3.9.0 native http transport ignores username/password for basic auth
[ https://issues.apache.org/jira/browse/MNG-7719?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17697110#comment-17697110 ] Tamas Cservenak commented on MNG-7719: -- [~sjaranowski] let's create new issue for your investigation, as reporter has solved his issue (and is unrelated to your work). [~agentgt] something is off, as every bench we did, showed native way faster than Wagon... but this may be the upload/deploy bit (and Slawomir actually detected something related to this problem) > Maven 3.9.0 native http transport ignores username/password for basic auth > -- > > Key: MNG-7719 > URL: https://issues.apache.org/jira/browse/MNG-7719 > Project: Maven > Issue Type: Improvement > Components: Core, Deployment >Affects Versions: 3.9.0 >Reporter: Adam Gent >Priority: Major > Fix For: waiting-for-feedback > > > In 3.9.0 the default maven http transport switched from wagon to native. > It appears that the native transport does not respect: > {code:xml} > > some-repo > some-username > basic-auth-password > > {code} > Now when you do a mvn deploy to some-repo the basic auth headers are missing. > This is probably causing github package problems: > https://github.com/orgs/community/discussions/49001 > - > The issue appears to be that the native client respects Basic Auth Challenges > and our server did not do that (it never sends the WWW-Authenticate) as the > original Wagon HTTP transport did not need it. > The wagon version will always send the credentials on PUT and POST but no > credentials on GET of maven metadata. > The wagon version basically is like a header API key when doing basic auth > instead of the true basic auth workflow. > For whatever reason I removed the WWW-Authenticate header probably for > security reasons. > Since the native client is doing technically the right thing this is not a > bug however it would be nice if there was some option to revert to the old > behavior as it does save a round trip on PUT (a 401 needs to happen with the > header before native will send credentials). -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MNG-7719) Maven 3.9.0 native http transport ignores username/password for basic auth
[ https://issues.apache.org/jira/browse/MNG-7719?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17697010#comment-17697010 ] Adam Gent commented on MNG-7719: Once I added back the header www-authenticate to our a custom maven repository server all works fine for me including release plugin deploy. I get largely the same headers minus the github specific stuff and the failed 400. Native appears to be ~ 20% slower than wagon. I'm not sure if this because the wagon way doesn't have deal with the 401 but its hard to imagine just one failed connection slowing down our build process of 50 or so artifacts. > Maven 3.9.0 native http transport ignores username/password for basic auth > -- > > Key: MNG-7719 > URL: https://issues.apache.org/jira/browse/MNG-7719 > Project: Maven > Issue Type: Improvement > Components: Core, Deployment >Affects Versions: 3.9.0 >Reporter: Adam Gent >Priority: Major > Fix For: waiting-for-feedback > > > In 3.9.0 the default maven http transport switched from wagon to native. > It appears that the native transport does not respect: > {code:xml} > > some-repo > some-username > basic-auth-password > > {code} > Now when you do a mvn deploy to some-repo the basic auth headers are missing. > This is probably causing github package problems: > https://github.com/orgs/community/discussions/49001 > - > The issue appears to be that the native client respects Basic Auth Challenges > and our server did not do that (it never sends the WWW-Authenticate) as the > original Wagon HTTP transport did not need it. > The wagon version will always send the credentials on PUT and POST but no > credentials on GET of maven metadata. > The wagon version basically is like a header API key when doing basic auth > instead of the true basic auth workflow. > For whatever reason I removed the WWW-Authenticate header probably for > security reasons. > Since the native client is doing technically the right thing this is not a > bug however it would be nice if there was some option to revert to the old > behavior as it does save a round trip on PUT (a 401 needs to happen with the > header before native will send credentials). -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MNG-7719) Maven 3.9.0 native http transport ignores username/password for basic auth
[ https://issues.apache.org/jira/browse/MNG-7719?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17696550#comment-17696550 ] Slawomir Jaranowski commented on MNG-7719: -- Testing: {{MAVEN_OPTS=-Dorg.slf4j.simpleLogger.log.org.apache.http=DEBUG mvn deploy -X}} h2. With snapshot first request: {noformat} [DEBUG] http-outgoing-0 >> GET /slawekjaranowski/test/test/test/1.6-SNAPSHOT/maven-metadata.xml HTTP/1.1 [DEBUG] http-outgoing-0 >> Cache-Control: no-cache, no-store [DEBUG] http-outgoing-0 >> Pragma: no-cache [DEBUG] http-outgoing-0 >> Host: maven.pkg.github.com [DEBUG] http-outgoing-0 >> Connection: Keep-Alive [DEBUG] http-outgoing-0 >> User-Agent: Apache-Maven/3.9.0 (Java 17.0.6; Mac OS X 12.6.3) [DEBUG] http-outgoing-0 >> Accept-Encoding: gzip,deflate [DEBUG] http-outgoing-0 << HTTP/1.1 401 Unauthorized [DEBUG] http-outgoing-0 << access-control-allow-methods: GET, HEAD, OPTIONS [DEBUG] http-outgoing-0 << Access-Control-Allow-Origin: * [DEBUG] http-outgoing-0 << Content-Security-Policy: default-src 'none'; [DEBUG] http-outgoing-0 << Server: GitHub Registry [DEBUG] http-outgoing-0 << Strict-Transport-Security: max-age=31536000; [DEBUG] http-outgoing-0 << www-authenticate: Basic realm="GitHub Package Registry" [DEBUG] http-outgoing-0 << X-Content-Type-Options: nosniff [DEBUG] http-outgoing-0 << X-Frame-Options: DENY [DEBUG] http-outgoing-0 << X-XSS-Protection: 1; mode=block [DEBUG] http-outgoing-0 << Date: Sun, 05 Mar 2023 09:17:07 GMT [DEBUG] http-outgoing-0 << Content-Length: 0 [DEBUG] http-outgoing-0 << X-GitHub-Request-Id: 96F3:5E81:D2DC0C:DC2EEC:64045E13 [DEBUG] Connection can be kept alive indefinitely [DEBUG] Authentication required {noformat} Next: {noformat} [DEBUG] http-outgoing-0 >> GET /slawekjaranowski/test/test/test/1.6-SNAPSHOT/maven-metadata.xml HTTP/1.1 [DEBUG] http-outgoing-0 >> Cache-Control: no-cache, no-store [DEBUG] http-outgoing-0 >> Pragma: no-cache [DEBUG] http-outgoing-0 >> Host: maven.pkg.github.com [DEBUG] http-outgoing-0 >> Connection: Keep-Alive [DEBUG] http-outgoing-0 >> User-Agent: Apache-Maven/3.9.0 (Java 17.0.6; Mac OS X 12.6.3) [DEBUG] http-outgoing-0 >> Accept-Encoding: gzip,deflate [DEBUG] http-outgoing-0 >> Authorization: Basic xxx [DEBUG] http-outgoing-0 << HTTP/1.1 200 OK [DEBUG] http-outgoing-0 << access-control-allow-methods: GET, HEAD, OPTIONS [DEBUG] http-outgoing-0 << Access-Control-Allow-Origin: * [DEBUG] http-outgoing-0 << Content-Security-Policy: default-src 'none'; [DEBUG] http-outgoing-0 << Content-Type: application/xml [DEBUG] http-outgoing-0 << Server: GitHub Registry [DEBUG] http-outgoing-0 << Strict-Transport-Security: max-age=31536000; [DEBUG] http-outgoing-0 << X-Content-Type-Options: nosniff [DEBUG] http-outgoing-0 << X-Frame-Options: DENY [DEBUG] http-outgoing-0 << X-XSS-Protection: 1; mode=block [DEBUG] http-outgoing-0 << Date: Sun, 05 Mar 2023 09:17:07 GMT [DEBUG] http-outgoing-0 << Transfer-Encoding: chunked [DEBUG] http-outgoing-0 << X-GitHub-Request-Id: 96F3:5E81:D2DC19:DC2EF9:64045E13 [DEBUG] Connection can be kept alive indefinitely {noformat} And for put we have {{OPTIONS}} first {noformat} [DEBUG] http-outgoing-0 >> OPTIONS /slawekjaranowski/test/test/test/1.6-SNAPSHOT/test-1.6-20230305.091705-6.pom HTTP/1.1 [DEBUG] http-outgoing-0 >> Cache-Control: no-cache, no-store [DEBUG] http-outgoing-0 >> Pragma: no-cache [DEBUG] http-outgoing-0 >> Host: maven.pkg.github.com [DEBUG] http-outgoing-0 >> Connection: Keep-Alive [DEBUG] http-outgoing-0 >> User-Agent: Apache-Maven/3.9.0 (Java 17.0.6; Mac OS X 12.6.3) [DEBUG] http-outgoing-0 >> Accept-Encoding: gzip,deflate [DEBUG] http-outgoing-0 >> Authorization: Basic xxx [DEBUG] http-outgoing-0 << HTTP/1.1 200 OK [DEBUG] http-outgoing-0 << access-control-allow-methods: DELETE, GET, HEAD, OPTIONS, PUT [DEBUG] http-outgoing-0 << Access-Control-Allow-Origin: * [DEBUG] http-outgoing-0 << Content-Security-Policy: default-src 'none'; [DEBUG] http-outgoing-0 << Server: GitHub Registry [DEBUG] http-outgoing-0 << Strict-Transport-Security: max-age=31536000; [DEBUG] http-outgoing-0 << X-Content-Type-Options: nosniff [DEBUG] http-outgoing-0 << X-Frame-Options: DENY [DEBUG] http-outgoing-0 << X-XSS-Protection: 1; mode=block [DEBUG] http-outgoing-0 << Date: Sun, 05 Mar 2023 09:17:08 GMT [DEBUG] http-outgoing-0 << Content-Length: 0 [DEBUG] http-outgoing-0 << X-GitHub-Request-Id: 96F3:5E81:D2DC57:DC2F3F:64045E14 {noformat} And finally {{PUT}} with authorization {noformat} [DEBUG] http-outgoing-0 >> PUT /slawekjaranowski/test/test/test/1.6-SNAPSHOT/test-1.6-20230305.091705-6.pom HTTP/1.1 [DEBUG] http-outgoing-0 >> Cache-Control: no-cache, no-store [DEBUG] http-outgoing-0 >> Pragma: no-cache [DEBUG] http-outgoing-0 >> Expect: 100-continue [DEBUG] http-outgoing-0 >> Content-Length: 2089 [DEBUG] http-outgoing-0 >> Host: maven.pkg.github.com [DEBUG] http-outgoing-0 >> Connection: Keep-Alive [DEBUG] http-outgoing-0 >> User-Agent:
[jira] [Commented] (MNG-7719) Maven 3.9.0 native http transport ignores username/password for basic auth
[ https://issues.apache.org/jira/browse/MNG-7719?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17696494#comment-17696494 ] Michael Osipov commented on MNG-7719: - What happened to Expect Continue? Wagon will perform Expect: 100-continue on all requests with a request body. > Maven 3.9.0 native http transport ignores username/password for basic auth > -- > > Key: MNG-7719 > URL: https://issues.apache.org/jira/browse/MNG-7719 > Project: Maven > Issue Type: Improvement > Components: Core, Deployment >Affects Versions: 3.9.0 >Reporter: Adam Gent >Priority: Major > Fix For: waiting-for-feedback > > > In 3.9.0 the default maven http transport switched from wagon to native. > It appears that the native transport does not respect: > {code:xml} > > some-repo > some-username > basic-auth-password > > {code} > Now when you do a mvn deploy to some-repo the basic auth headers are missing. > This is probably causing github package problems: > https://github.com/orgs/community/discussions/49001 > - > The issue appears to be that the native client respects Basic Auth Challenges > and our server did not do that (it never sends the WWW-Authenticate) as the > original Wagon HTTP transport did not need it. > The wagon version will always send the credentials on PUT and POST but no > credentials on GET of maven metadata. > The wagon version basically is like a header API key when doing basic auth > instead of the true basic auth workflow. > For whatever reason I removed the WWW-Authenticate header probably for > security reasons. > Since the native client is doing technically the right thing this is not a > bug however it would be nice if there was some option to revert to the old > behavior as it does save a round trip on PUT (a 401 needs to happen with the > header before native will send credentials). -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MNG-7719) Maven 3.9.0 native http transport ignores username/password for basic auth
[ https://issues.apache.org/jira/browse/MNG-7719?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17696493#comment-17696493 ] Slawomir Jaranowski commented on MNG-7719: -- Ok, For uploading snapshot version we have: {noformat} [INFO] --- deploy:3.1.0:deploy (default-deploy) @ test --- Downloading from github: https://maven.pkg.github.com/slawekjaranowski/test/test/test/1.6-SNAPSHOT/maven-metadata.xml Downloaded from github: https://maven.pkg.github.com/slawekjaranowski/test/test/test/1.6-SNAPSHOT/maven-metadata.xml (3.5 kB at 3.2 kB/s) Uploading to github: https://maven.pkg.github.com/slawekjaranowski/test/test/test/1.6-SNAPSHOT/test-1.6-20230304.215214-5.pom Uploaded to github: https://maven.pkg.github.com/slawekjaranowski/test/test/test/1.6-SNAPSHOT/test-1.6-20230304.215214-5.pom (2.1 kB at 753 B/s) {noformat} For release version: {noformat} [INFO] --- deploy:3.1.0:deploy (default-deploy) @ test --- Uploading to github: https://maven.pkg.github.com/slawekjaranowski/test/test/test/1.6/test-1.6.pom Uploading to github: https://maven.pkg.github.com/slawekjaranowski/test/test/test/1.6/test-1.6.jar Uploaded to github: https://maven.pkg.github.com/slawekjaranowski/test/test/test/1.6/test-1.6.jar (1.9 kB at 630 B/s) {noformat} So we see that for snapshot the first request is downloading a metadata - and auth challenge is done in this step, next step with PUT will have authorisation. For release version first request is for PUT and in this step auth challenge failed for some reason > Maven 3.9.0 native http transport ignores username/password for basic auth > -- > > Key: MNG-7719 > URL: https://issues.apache.org/jira/browse/MNG-7719 > Project: Maven > Issue Type: Improvement > Components: Core, Deployment >Affects Versions: 3.9.0 >Reporter: Adam Gent >Priority: Major > Fix For: waiting-for-feedback > > > In 3.9.0 the default maven http transport switched from wagon to native. > It appears that the native transport does not respect: > {code:xml} > > some-repo > some-username > basic-auth-password > > {code} > Now when you do a mvn deploy to some-repo the basic auth headers are missing. > This is probably causing github package problems: > https://github.com/orgs/community/discussions/49001 > - > The issue appears to be that the native client respects Basic Auth Challenges > and our server did not do that (it never sends the WWW-Authenticate) as the > original Wagon HTTP transport did not need it. > The wagon version will always send the credentials on PUT and POST but no > credentials on GET of maven metadata. > The wagon version basically is like a header API key when doing basic auth > instead of the true basic auth workflow. > For whatever reason I removed the WWW-Authenticate header probably for > security reasons. > Since the native client is doing technically the right thing this is not a > bug however it would be nice if there was some option to revert to the old > behavior as it does save a round trip on PUT (a 401 needs to happen with the > header before native will send credentials). -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MNG-7719) Maven 3.9.0 native http transport ignores username/password for basic auth
[ https://issues.apache.org/jira/browse/MNG-7719?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17696428#comment-17696428 ] Slawomir Jaranowski commented on MNG-7719: -- It is working for me https://github.com/slawekjaranowski/test Please show us your GitHub action and use settings if you use a special one. > Maven 3.9.0 native http transport ignores username/password for basic auth > -- > > Key: MNG-7719 > URL: https://issues.apache.org/jira/browse/MNG-7719 > Project: Maven > Issue Type: Improvement > Components: Core, Deployment >Affects Versions: 3.9.0 >Reporter: Adam Gent >Priority: Major > Fix For: waiting-for-feedback > > > In 3.9.0 the default maven http transport switched from wagon to native. > It appears that the native transport does not respect: > {code:xml} > > some-repo > some-username > basic-auth-password > > {code} > Now when you do a mvn deploy to some-repo the basic auth headers are missing. > This is probably causing github package problems: > https://github.com/orgs/community/discussions/49001 > - > The issue appears to be that the native client respects Basic Auth Challenges > and our server did not do that (it never sends the WWW-Authenticate) as the > original Wagon HTTP transport did not need it. > The wagon version will always send the credentials on PUT and POST but no > credentials on GET of maven metadata. > The wagon version basically is like a header API key when doing basic auth > instead of the true basic auth workflow. > For whatever reason I removed the WWW-Authenticate header probably for > security reasons. > Since the native client is doing technically the right thing this is not a > bug however it would be nice if there was some option to revert to the old > behavior as it does save a round trip on PUT (a 401 needs to happen with the > header before native will send credentials). -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MNG-7719) Maven 3.9.0 native http transport ignores username/password for basic auth
[ https://issues.apache.org/jira/browse/MNG-7719?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17696352#comment-17696352 ] Adam Gent commented on MNG-7719: Per github it appears that the native client respects Basic Auth Challenges and our server did not do that (it never sends the WWW-Authenticate). The wagon version will always send the credentials on PUT an POST. The wagon version basically is like a header API key when doing basic auth instead of the true basic auth workflow. Consequently I suppose this is not a bug. > Maven 3.9.0 native http transport ignores username/password for basic auth > -- > > Key: MNG-7719 > URL: https://issues.apache.org/jira/browse/MNG-7719 > Project: Maven > Issue Type: Improvement > Components: Core, Deployment >Affects Versions: 3.9.0 >Reporter: Adam Gent >Priority: Major > Fix For: waiting-for-feedback > > > In 3.9.0 the default maven http transport switched from wagon to native. > It appears that the native transport does not respect: > {code:xml} > > some-repo > some-username > basic-auth-password > > {code} > Now when you do a mvn deploy to some-repo the basic auth headers are missing. > This is probably causing github package problems: > https://github.com/orgs/community/discussions/49001 -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MNG-7719) Maven 3.9.0 native http transport ignores username/password for basic auth
[ https://issues.apache.org/jira/browse/MNG-7719?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17696270#comment-17696270 ] Tamas Cservenak commented on MNG-7719: -- My counter example: [https://gist.github.com/cstamas/2cbd651498c707f1863c717469520424] My guess for GH issues is that folks who used Plexus XML to configure Wagon are suddenly loosing their config, for them fallback {{-Dmaven.resolver.transport=wagon}} is way to go, and once they fix/update their config, then they can join the party. > Maven 3.9.0 native http transport ignores username/password for basic auth > -- > > Key: MNG-7719 > URL: https://issues.apache.org/jira/browse/MNG-7719 > Project: Maven > Issue Type: Improvement > Components: Core, Deployment >Affects Versions: 3.9.0 >Reporter: Adam Gent >Priority: Major > > In 3.9.0 the default maven http transport switched from wagon to native. > It appears that the native transport does not respect: > {code:xml} > > some-repo > some-username > basic-auth-password > > {code} > Now when you do a mvn deploy to some-repo the basic auth headers are missing. > This is probably causing github package problems: > https://github.com/orgs/community/discussions/49001 -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MNG-7719) Maven 3.9.0 native http transport ignores username/password for basic auth
[ https://issues.apache.org/jira/browse/MNG-7719?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17696262#comment-17696262 ] Tamas Cservenak commented on MNG-7719: -- Can you provide a reproducer? > Maven 3.9.0 native http transport ignores username/password for basic auth > -- > > Key: MNG-7719 > URL: https://issues.apache.org/jira/browse/MNG-7719 > Project: Maven > Issue Type: Improvement > Components: Core, Deployment >Affects Versions: 3.9.0 >Reporter: Adam Gent >Priority: Major > > In 3.9.0 the default maven http transport switched from wagon to native. > It appears that the native transport does not respect: > {code:xml} > > some-repo > some-username > basic-auth-password > > {code} > Now when you do a mvn deploy to some-repo the basic auth headers are missing. > This is probably causing github package problems: > https://github.com/orgs/community/discussions/49001 -- This message was sent by Atlassian Jira (v8.20.10#820010)