[jira] [Commented] (MNG-7719) Maven 3.9.0 native http transport ignores username/password for basic auth
[
https://issues.apache.org/jira/browse/MNG-7719?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17697539#comment-17697539
]
Adam Gent commented on MNG-7719:
[~cstamas] I can confirm that the slowness is probably not due to transport.
FWIW based on the maven event spy extension / maven profiler the deploy plugin
is taking the longest part of our build and doesn't take the longest for bigger
jars which would indicate slowness in transport but jars that have more
dependencies.
For example a jar with zero deps but 300k in size takes:
{code:java}
[INFO] buildnumber-maven-plugin:create (default) [0.002s]
[INFO] maven-resources-plugin:resources (default-resources) . [0.001s]
[INFO] maven-compiler-plugin:compile (default-compile) .. [0.001s]
[INFO] maven-resources-plugin:testResources (default-testResource [0.001s]
[INFO] maven-compiler-plugin:testCompile (default-testCompile) .. [0.118s]
[INFO] maven-surefire-plugin:test (default-test) [0.005s]
[INFO] maven-jar-plugin:jar (default-jar) ... [0.037s]
[INFO] maven-source-plugin:jar-no-fork (attach-sources) . [0.015s]
[INFO] maven-install-plugin:install (default-install) ... [0.000s]
[INFO] maven-deploy-plugin:deploy (default-deploy) .. [4.817s]
{code}
Here is a tiny jar but with lots of dependencies:
{code:java}
[INFO] buildnumber-maven-plugin:create (default) [0.004s]
[INFO] maven-resources-plugin:resources (default-resources) . [0.002s]
[INFO] maven-compiler-plugin:compile (default-compile) .. [0.002s]
[INFO] maven-resources-plugin:testResources (default-testResource [0.001s]
[INFO] maven-compiler-plugin:testCompile (default-testCompile) .. [0.085s]
[INFO] maven-surefire-plugin:test (default-test) [0.004s]
[INFO] maven-jar-plugin:jar (default-jar) ... [0.010s]
[INFO] maven-source-plugin:jar-no-fork (attach-sources) . [0.009s]
[INFO] maven-install-plugin:install (default-install) ... [0.001s]
[INFO] maven-deploy-plugin:deploy (default-deploy) .. [15.121s]
{code}
I will say that deploy has always been embarrassingly the slowest part of our
build (ignoring integration tests) regardless of transport (wagon or native) so
if one is going to work on it would be nice for a general optimization there.
It is annoying problem because the deploy window if it is too large is a known
issue of potential corruption.
> Maven 3.9.0 native http transport ignores username/password for basic auth
> --
>
> Key: MNG-7719
> URL: https://issues.apache.org/jira/browse/MNG-7719
> Project: Maven
> Issue Type: Improvement
> Components: Core, Deployment
>Affects Versions: 3.9.0
>Reporter: Adam Gent
>Priority: Major
>
> In 3.9.0 the default maven http transport switched from wagon to native.
> It appears that the native transport does not respect:
> {code:xml}
>
> some-repo
> some-username
> basic-auth-password
>
> {code}
> Now when you do a mvn deploy to some-repo the basic auth headers are missing.
> This is probably causing github package problems:
> https://github.com/orgs/community/discussions/49001
> -
> The issue appears to be that the native client respects Basic Auth Challenges
> and our server did not do that (it never sends the WWW-Authenticate) as the
> original Wagon HTTP transport did not need it.
> The wagon version will always send the credentials on PUT and POST but no
> credentials on GET of maven metadata.
> The wagon version basically is like a header API key when doing basic auth
> instead of the true basic auth workflow.
> For whatever reason I removed the WWW-Authenticate header probably for
> security reasons.
> Since the native client is doing technically the right thing this is not a
> bug however it would be nice if there was some option to revert to the old
> behavior as it does save a round trip on PUT (a 401 needs to happen with the
> header before native will send credentials).
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Commented] (MNG-7719) Maven 3.9.0 native http transport ignores username/password for basic auth
[
https://issues.apache.org/jira/browse/MNG-7719?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17697377#comment-17697377
]
Tamas Cservenak commented on MNG-7719:
--
[~sjaranowski] let's continue on MNG-7722
> Maven 3.9.0 native http transport ignores username/password for basic auth
> --
>
> Key: MNG-7719
> URL: https://issues.apache.org/jira/browse/MNG-7719
> Project: Maven
> Issue Type: Improvement
> Components: Core, Deployment
>Affects Versions: 3.9.0
>Reporter: Adam Gent
>Priority: Major
> Fix For: waiting-for-feedback
>
>
> In 3.9.0 the default maven http transport switched from wagon to native.
> It appears that the native transport does not respect:
> {code:xml}
>
> some-repo
> some-username
> basic-auth-password
>
> {code}
> Now when you do a mvn deploy to some-repo the basic auth headers are missing.
> This is probably causing github package problems:
> https://github.com/orgs/community/discussions/49001
> -
> The issue appears to be that the native client respects Basic Auth Challenges
> and our server did not do that (it never sends the WWW-Authenticate) as the
> original Wagon HTTP transport did not need it.
> The wagon version will always send the credentials on PUT and POST but no
> credentials on GET of maven metadata.
> The wagon version basically is like a header API key when doing basic auth
> instead of the true basic auth workflow.
> For whatever reason I removed the WWW-Authenticate header probably for
> security reasons.
> Since the native client is doing technically the right thing this is not a
> bug however it would be nice if there was some option to revert to the old
> behavior as it does save a round trip on PUT (a 401 needs to happen with the
> header before native will send credentials).
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Commented] (MNG-7719) Maven 3.9.0 native http transport ignores username/password for basic auth
[
https://issues.apache.org/jira/browse/MNG-7719?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17697110#comment-17697110
]
Tamas Cservenak commented on MNG-7719:
--
[~sjaranowski] let's create new issue for your investigation, as reporter has
solved his issue (and is unrelated to your work).
[~agentgt] something is off, as every bench we did, showed native way faster
than Wagon... but this may be the upload/deploy bit (and Slawomir actually
detected something related to this problem)
> Maven 3.9.0 native http transport ignores username/password for basic auth
> --
>
> Key: MNG-7719
> URL: https://issues.apache.org/jira/browse/MNG-7719
> Project: Maven
> Issue Type: Improvement
> Components: Core, Deployment
>Affects Versions: 3.9.0
>Reporter: Adam Gent
>Priority: Major
> Fix For: waiting-for-feedback
>
>
> In 3.9.0 the default maven http transport switched from wagon to native.
> It appears that the native transport does not respect:
> {code:xml}
>
> some-repo
> some-username
> basic-auth-password
>
> {code}
> Now when you do a mvn deploy to some-repo the basic auth headers are missing.
> This is probably causing github package problems:
> https://github.com/orgs/community/discussions/49001
> -
> The issue appears to be that the native client respects Basic Auth Challenges
> and our server did not do that (it never sends the WWW-Authenticate) as the
> original Wagon HTTP transport did not need it.
> The wagon version will always send the credentials on PUT and POST but no
> credentials on GET of maven metadata.
> The wagon version basically is like a header API key when doing basic auth
> instead of the true basic auth workflow.
> For whatever reason I removed the WWW-Authenticate header probably for
> security reasons.
> Since the native client is doing technically the right thing this is not a
> bug however it would be nice if there was some option to revert to the old
> behavior as it does save a round trip on PUT (a 401 needs to happen with the
> header before native will send credentials).
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Commented] (MNG-7719) Maven 3.9.0 native http transport ignores username/password for basic auth
[
https://issues.apache.org/jira/browse/MNG-7719?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17697010#comment-17697010
]
Adam Gent commented on MNG-7719:
Once I added back the header www-authenticate to our a custom maven repository
server all works fine for me including release plugin deploy.
I get largely the same headers minus the github specific stuff and the failed
400.
Native appears to be ~ 20% slower than wagon. I'm not sure if this because the
wagon way doesn't have deal with the 401 but its hard to imagine just one
failed connection slowing down our build process of 50 or so artifacts.
> Maven 3.9.0 native http transport ignores username/password for basic auth
> --
>
> Key: MNG-7719
> URL: https://issues.apache.org/jira/browse/MNG-7719
> Project: Maven
> Issue Type: Improvement
> Components: Core, Deployment
>Affects Versions: 3.9.0
>Reporter: Adam Gent
>Priority: Major
> Fix For: waiting-for-feedback
>
>
> In 3.9.0 the default maven http transport switched from wagon to native.
> It appears that the native transport does not respect:
> {code:xml}
>
> some-repo
> some-username
> basic-auth-password
>
> {code}
> Now when you do a mvn deploy to some-repo the basic auth headers are missing.
> This is probably causing github package problems:
> https://github.com/orgs/community/discussions/49001
> -
> The issue appears to be that the native client respects Basic Auth Challenges
> and our server did not do that (it never sends the WWW-Authenticate) as the
> original Wagon HTTP transport did not need it.
> The wagon version will always send the credentials on PUT and POST but no
> credentials on GET of maven metadata.
> The wagon version basically is like a header API key when doing basic auth
> instead of the true basic auth workflow.
> For whatever reason I removed the WWW-Authenticate header probably for
> security reasons.
> Since the native client is doing technically the right thing this is not a
> bug however it would be nice if there was some option to revert to the old
> behavior as it does save a round trip on PUT (a 401 needs to happen with the
> header before native will send credentials).
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Commented] (MNG-7719) Maven 3.9.0 native http transport ignores username/password for basic auth
[
https://issues.apache.org/jira/browse/MNG-7719?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17696550#comment-17696550
]
Slawomir Jaranowski commented on MNG-7719:
--
Testing: {{MAVEN_OPTS=-Dorg.slf4j.simpleLogger.log.org.apache.http=DEBUG mvn
deploy -X}}
h2. With snapshot
first request:
{noformat}
[DEBUG] http-outgoing-0 >> GET
/slawekjaranowski/test/test/test/1.6-SNAPSHOT/maven-metadata.xml HTTP/1.1
[DEBUG] http-outgoing-0 >> Cache-Control: no-cache, no-store
[DEBUG] http-outgoing-0 >> Pragma: no-cache
[DEBUG] http-outgoing-0 >> Host: maven.pkg.github.com
[DEBUG] http-outgoing-0 >> Connection: Keep-Alive
[DEBUG] http-outgoing-0 >> User-Agent: Apache-Maven/3.9.0 (Java 17.0.6; Mac OS
X 12.6.3)
[DEBUG] http-outgoing-0 >> Accept-Encoding: gzip,deflate
[DEBUG] http-outgoing-0 << HTTP/1.1 401 Unauthorized
[DEBUG] http-outgoing-0 << access-control-allow-methods: GET, HEAD, OPTIONS
[DEBUG] http-outgoing-0 << Access-Control-Allow-Origin: *
[DEBUG] http-outgoing-0 << Content-Security-Policy: default-src 'none';
[DEBUG] http-outgoing-0 << Server: GitHub Registry
[DEBUG] http-outgoing-0 << Strict-Transport-Security: max-age=31536000;
[DEBUG] http-outgoing-0 << www-authenticate: Basic realm="GitHub Package
Registry"
[DEBUG] http-outgoing-0 << X-Content-Type-Options: nosniff
[DEBUG] http-outgoing-0 << X-Frame-Options: DENY
[DEBUG] http-outgoing-0 << X-XSS-Protection: 1; mode=block
[DEBUG] http-outgoing-0 << Date: Sun, 05 Mar 2023 09:17:07 GMT
[DEBUG] http-outgoing-0 << Content-Length: 0
[DEBUG] http-outgoing-0 << X-GitHub-Request-Id: 96F3:5E81:D2DC0C:DC2EEC:64045E13
[DEBUG] Connection can be kept alive indefinitely
[DEBUG] Authentication required
{noformat}
Next:
{noformat}
[DEBUG] http-outgoing-0 >> GET
/slawekjaranowski/test/test/test/1.6-SNAPSHOT/maven-metadata.xml HTTP/1.1
[DEBUG] http-outgoing-0 >> Cache-Control: no-cache, no-store
[DEBUG] http-outgoing-0 >> Pragma: no-cache
[DEBUG] http-outgoing-0 >> Host: maven.pkg.github.com
[DEBUG] http-outgoing-0 >> Connection: Keep-Alive
[DEBUG] http-outgoing-0 >> User-Agent: Apache-Maven/3.9.0 (Java 17.0.6; Mac OS
X 12.6.3)
[DEBUG] http-outgoing-0 >> Accept-Encoding: gzip,deflate
[DEBUG] http-outgoing-0 >> Authorization: Basic xxx
[DEBUG] http-outgoing-0 << HTTP/1.1 200 OK
[DEBUG] http-outgoing-0 << access-control-allow-methods: GET, HEAD, OPTIONS
[DEBUG] http-outgoing-0 << Access-Control-Allow-Origin: *
[DEBUG] http-outgoing-0 << Content-Security-Policy: default-src 'none';
[DEBUG] http-outgoing-0 << Content-Type: application/xml
[DEBUG] http-outgoing-0 << Server: GitHub Registry
[DEBUG] http-outgoing-0 << Strict-Transport-Security: max-age=31536000;
[DEBUG] http-outgoing-0 << X-Content-Type-Options: nosniff
[DEBUG] http-outgoing-0 << X-Frame-Options: DENY
[DEBUG] http-outgoing-0 << X-XSS-Protection: 1; mode=block
[DEBUG] http-outgoing-0 << Date: Sun, 05 Mar 2023 09:17:07 GMT
[DEBUG] http-outgoing-0 << Transfer-Encoding: chunked
[DEBUG] http-outgoing-0 << X-GitHub-Request-Id: 96F3:5E81:D2DC19:DC2EF9:64045E13
[DEBUG] Connection can be kept alive indefinitely
{noformat}
And for put we have {{OPTIONS}} first
{noformat}
[DEBUG] http-outgoing-0 >> OPTIONS
/slawekjaranowski/test/test/test/1.6-SNAPSHOT/test-1.6-20230305.091705-6.pom
HTTP/1.1
[DEBUG] http-outgoing-0 >> Cache-Control: no-cache, no-store
[DEBUG] http-outgoing-0 >> Pragma: no-cache
[DEBUG] http-outgoing-0 >> Host: maven.pkg.github.com
[DEBUG] http-outgoing-0 >> Connection: Keep-Alive
[DEBUG] http-outgoing-0 >> User-Agent: Apache-Maven/3.9.0 (Java 17.0.6; Mac OS
X 12.6.3)
[DEBUG] http-outgoing-0 >> Accept-Encoding: gzip,deflate
[DEBUG] http-outgoing-0 >> Authorization: Basic xxx
[DEBUG] http-outgoing-0 << HTTP/1.1 200 OK
[DEBUG] http-outgoing-0 << access-control-allow-methods: DELETE, GET, HEAD,
OPTIONS, PUT
[DEBUG] http-outgoing-0 << Access-Control-Allow-Origin: *
[DEBUG] http-outgoing-0 << Content-Security-Policy: default-src 'none';
[DEBUG] http-outgoing-0 << Server: GitHub Registry
[DEBUG] http-outgoing-0 << Strict-Transport-Security: max-age=31536000;
[DEBUG] http-outgoing-0 << X-Content-Type-Options: nosniff
[DEBUG] http-outgoing-0 << X-Frame-Options: DENY
[DEBUG] http-outgoing-0 << X-XSS-Protection: 1; mode=block
[DEBUG] http-outgoing-0 << Date: Sun, 05 Mar 2023 09:17:08 GMT
[DEBUG] http-outgoing-0 << Content-Length: 0
[DEBUG] http-outgoing-0 << X-GitHub-Request-Id: 96F3:5E81:D2DC57:DC2F3F:64045E14
{noformat}
And finally {{PUT}} with authorization
{noformat}
[DEBUG] http-outgoing-0 >> PUT
/slawekjaranowski/test/test/test/1.6-SNAPSHOT/test-1.6-20230305.091705-6.pom
HTTP/1.1
[DEBUG] http-outgoing-0 >> Cache-Control: no-cache, no-store
[DEBUG] http-outgoing-0 >> Pragma: no-cache
[DEBUG] http-outgoing-0 >> Expect: 100-continue
[DEBUG] http-outgoing-0 >> Content-Length: 2089
[DEBUG] http-outgoing-0 >> Host: maven.pkg.github.com
[DEBUG] http-outgoing-0 >> Connection: Keep-Alive
[DEBUG] http-outgoing-0 >> User-Agent:
[jira] [Commented] (MNG-7719) Maven 3.9.0 native http transport ignores username/password for basic auth
[
https://issues.apache.org/jira/browse/MNG-7719?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17696494#comment-17696494
]
Michael Osipov commented on MNG-7719:
-
What happened to Expect Continue? Wagon will perform Expect: 100-continue on
all requests with a request body.
> Maven 3.9.0 native http transport ignores username/password for basic auth
> --
>
> Key: MNG-7719
> URL: https://issues.apache.org/jira/browse/MNG-7719
> Project: Maven
> Issue Type: Improvement
> Components: Core, Deployment
>Affects Versions: 3.9.0
>Reporter: Adam Gent
>Priority: Major
> Fix For: waiting-for-feedback
>
>
> In 3.9.0 the default maven http transport switched from wagon to native.
> It appears that the native transport does not respect:
> {code:xml}
>
> some-repo
> some-username
> basic-auth-password
>
> {code}
> Now when you do a mvn deploy to some-repo the basic auth headers are missing.
> This is probably causing github package problems:
> https://github.com/orgs/community/discussions/49001
> -
> The issue appears to be that the native client respects Basic Auth Challenges
> and our server did not do that (it never sends the WWW-Authenticate) as the
> original Wagon HTTP transport did not need it.
> The wagon version will always send the credentials on PUT and POST but no
> credentials on GET of maven metadata.
> The wagon version basically is like a header API key when doing basic auth
> instead of the true basic auth workflow.
> For whatever reason I removed the WWW-Authenticate header probably for
> security reasons.
> Since the native client is doing technically the right thing this is not a
> bug however it would be nice if there was some option to revert to the old
> behavior as it does save a round trip on PUT (a 401 needs to happen with the
> header before native will send credentials).
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Commented] (MNG-7719) Maven 3.9.0 native http transport ignores username/password for basic auth
[
https://issues.apache.org/jira/browse/MNG-7719?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17696493#comment-17696493
]
Slawomir Jaranowski commented on MNG-7719:
--
Ok,
For uploading snapshot version we have:
{noformat}
[INFO] --- deploy:3.1.0:deploy (default-deploy) @ test ---
Downloading from github:
https://maven.pkg.github.com/slawekjaranowski/test/test/test/1.6-SNAPSHOT/maven-metadata.xml
Downloaded from github:
https://maven.pkg.github.com/slawekjaranowski/test/test/test/1.6-SNAPSHOT/maven-metadata.xml
(3.5 kB at 3.2 kB/s)
Uploading to github:
https://maven.pkg.github.com/slawekjaranowski/test/test/test/1.6-SNAPSHOT/test-1.6-20230304.215214-5.pom
Uploaded to github:
https://maven.pkg.github.com/slawekjaranowski/test/test/test/1.6-SNAPSHOT/test-1.6-20230304.215214-5.pom
(2.1 kB at 753 B/s)
{noformat}
For release version:
{noformat}
[INFO] --- deploy:3.1.0:deploy (default-deploy) @ test ---
Uploading to github:
https://maven.pkg.github.com/slawekjaranowski/test/test/test/1.6/test-1.6.pom
Uploading to github:
https://maven.pkg.github.com/slawekjaranowski/test/test/test/1.6/test-1.6.jar
Uploaded to github:
https://maven.pkg.github.com/slawekjaranowski/test/test/test/1.6/test-1.6.jar
(1.9 kB at 630 B/s)
{noformat}
So we see that for snapshot the first request is downloading a metadata - and
auth challenge is done in this step, next step with PUT will have authorisation.
For release version first request is for PUT and in this step auth challenge
failed for some reason
> Maven 3.9.0 native http transport ignores username/password for basic auth
> --
>
> Key: MNG-7719
> URL: https://issues.apache.org/jira/browse/MNG-7719
> Project: Maven
> Issue Type: Improvement
> Components: Core, Deployment
>Affects Versions: 3.9.0
>Reporter: Adam Gent
>Priority: Major
> Fix For: waiting-for-feedback
>
>
> In 3.9.0 the default maven http transport switched from wagon to native.
> It appears that the native transport does not respect:
> {code:xml}
>
> some-repo
> some-username
> basic-auth-password
>
> {code}
> Now when you do a mvn deploy to some-repo the basic auth headers are missing.
> This is probably causing github package problems:
> https://github.com/orgs/community/discussions/49001
> -
> The issue appears to be that the native client respects Basic Auth Challenges
> and our server did not do that (it never sends the WWW-Authenticate) as the
> original Wagon HTTP transport did not need it.
> The wagon version will always send the credentials on PUT and POST but no
> credentials on GET of maven metadata.
> The wagon version basically is like a header API key when doing basic auth
> instead of the true basic auth workflow.
> For whatever reason I removed the WWW-Authenticate header probably for
> security reasons.
> Since the native client is doing technically the right thing this is not a
> bug however it would be nice if there was some option to revert to the old
> behavior as it does save a round trip on PUT (a 401 needs to happen with the
> header before native will send credentials).
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Commented] (MNG-7719) Maven 3.9.0 native http transport ignores username/password for basic auth
[
https://issues.apache.org/jira/browse/MNG-7719?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17696428#comment-17696428
]
Slawomir Jaranowski commented on MNG-7719:
--
It is working for me https://github.com/slawekjaranowski/test
Please show us your GitHub action and use settings if you use a special one.
> Maven 3.9.0 native http transport ignores username/password for basic auth
> --
>
> Key: MNG-7719
> URL: https://issues.apache.org/jira/browse/MNG-7719
> Project: Maven
> Issue Type: Improvement
> Components: Core, Deployment
>Affects Versions: 3.9.0
>Reporter: Adam Gent
>Priority: Major
> Fix For: waiting-for-feedback
>
>
> In 3.9.0 the default maven http transport switched from wagon to native.
> It appears that the native transport does not respect:
> {code:xml}
>
> some-repo
> some-username
> basic-auth-password
>
> {code}
> Now when you do a mvn deploy to some-repo the basic auth headers are missing.
> This is probably causing github package problems:
> https://github.com/orgs/community/discussions/49001
> -
> The issue appears to be that the native client respects Basic Auth Challenges
> and our server did not do that (it never sends the WWW-Authenticate) as the
> original Wagon HTTP transport did not need it.
> The wagon version will always send the credentials on PUT and POST but no
> credentials on GET of maven metadata.
> The wagon version basically is like a header API key when doing basic auth
> instead of the true basic auth workflow.
> For whatever reason I removed the WWW-Authenticate header probably for
> security reasons.
> Since the native client is doing technically the right thing this is not a
> bug however it would be nice if there was some option to revert to the old
> behavior as it does save a round trip on PUT (a 401 needs to happen with the
> header before native will send credentials).
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Commented] (MNG-7719) Maven 3.9.0 native http transport ignores username/password for basic auth
[
https://issues.apache.org/jira/browse/MNG-7719?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17696352#comment-17696352
]
Adam Gent commented on MNG-7719:
Per github it appears that the native client respects Basic Auth Challenges and
our server did not do that (it never sends the WWW-Authenticate).
The wagon version will always send the credentials on PUT an POST.
The wagon version basically is like a header API key when doing basic auth
instead of the true basic auth workflow.
Consequently I suppose this is not a bug.
> Maven 3.9.0 native http transport ignores username/password for basic auth
> --
>
> Key: MNG-7719
> URL: https://issues.apache.org/jira/browse/MNG-7719
> Project: Maven
> Issue Type: Improvement
> Components: Core, Deployment
>Affects Versions: 3.9.0
>Reporter: Adam Gent
>Priority: Major
> Fix For: waiting-for-feedback
>
>
> In 3.9.0 the default maven http transport switched from wagon to native.
> It appears that the native transport does not respect:
> {code:xml}
>
> some-repo
> some-username
> basic-auth-password
>
> {code}
> Now when you do a mvn deploy to some-repo the basic auth headers are missing.
> This is probably causing github package problems:
> https://github.com/orgs/community/discussions/49001
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Commented] (MNG-7719) Maven 3.9.0 native http transport ignores username/password for basic auth
[
https://issues.apache.org/jira/browse/MNG-7719?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17696270#comment-17696270
]
Tamas Cservenak commented on MNG-7719:
--
My counter example:
[https://gist.github.com/cstamas/2cbd651498c707f1863c717469520424]
My guess for GH issues is that folks who used Plexus XML to configure Wagon are
suddenly loosing their config, for them fallback
{{-Dmaven.resolver.transport=wagon}} is way to go, and once they fix/update
their config, then they can join the party.
> Maven 3.9.0 native http transport ignores username/password for basic auth
> --
>
> Key: MNG-7719
> URL: https://issues.apache.org/jira/browse/MNG-7719
> Project: Maven
> Issue Type: Improvement
> Components: Core, Deployment
>Affects Versions: 3.9.0
>Reporter: Adam Gent
>Priority: Major
>
> In 3.9.0 the default maven http transport switched from wagon to native.
> It appears that the native transport does not respect:
> {code:xml}
>
> some-repo
> some-username
> basic-auth-password
>
> {code}
> Now when you do a mvn deploy to some-repo the basic auth headers are missing.
> This is probably causing github package problems:
> https://github.com/orgs/community/discussions/49001
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Commented] (MNG-7719) Maven 3.9.0 native http transport ignores username/password for basic auth
[
https://issues.apache.org/jira/browse/MNG-7719?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17696262#comment-17696262
]
Tamas Cservenak commented on MNG-7719:
--
Can you provide a reproducer?
> Maven 3.9.0 native http transport ignores username/password for basic auth
> --
>
> Key: MNG-7719
> URL: https://issues.apache.org/jira/browse/MNG-7719
> Project: Maven
> Issue Type: Improvement
> Components: Core, Deployment
>Affects Versions: 3.9.0
>Reporter: Adam Gent
>Priority: Major
>
> In 3.9.0 the default maven http transport switched from wagon to native.
> It appears that the native transport does not respect:
> {code:xml}
>
> some-repo
> some-username
> basic-auth-password
>
> {code}
> Now when you do a mvn deploy to some-repo the basic auth headers are missing.
> This is probably causing github package problems:
> https://github.com/orgs/community/discussions/49001
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
