[jira] [Commented] (WAGON-590) Maven 3.5.0+ doesn't seem to send credentials after 301/302 HTTP redirect
[ https://issues.apache.org/jira/browse/WAGON-590?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17244164#comment-17244164 ] Michael Osipov commented on WAGON-590: -- I believe it is time to get rid of that ancient browser-compatible cookie spec. Please create a JIRA issue to change the default. > Maven 3.5.0+ doesn't seem to send credentials after 301/302 HTTP redirect > - > > Key: WAGON-590 > URL: https://issues.apache.org/jira/browse/WAGON-590 > Project: Maven Wagon > Issue Type: Bug >Affects Versions: 3.4.0 >Reporter: Cintia DR >Assignee: Michael Osipov >Priority: Major > Fix For: waiting-for-feedback > > Attachments: 0001-conditonally-set-AuthScope-to-any.patch, Screen > Shot 2020-04-28 at 7.45.33 pm.png, any-auth.log, > expect-continue-done-right-any-auth.log, master_osx.log, master_ubuntu.log, > maven_x.log, mvn-master-batch.log, mvn-wagon590branch-debug-osx.log, > mvn-wagon590branch-osx.log, mvn339_osx.log, mvn339_ubuntu.log, scoped-auth.log > > > Since maven 3.5.0 (including 3.6.3), maven seems to not send server > credentials if distributionManagement server response was a 301 or 302 HTTP > redirect. Note that the redirect is followed, but I receive unauthorised code. > Maven 3.2.5 and 3.3.9 work as expected. I could reproduce it on ubuntu and > OSX. Both are JDK 8, not sure if it could make any difference. > > All maven versions (including 3.2.5 and 3.3.9) are using the same version of > the deploy plugin (2.7), and upgrading it made no difference whatsoever. > > If I use '[https://openmrs.jfrog.io/artifactory/snapshots/'] as my > 'distributionManagement', credentials are sent. > If I use > '[https://mavenrepo.openmrs.org/proxy/snapshots/|https://mavenrepo.openmrs.org/snapshots/']' > (a reverse proxy to > '[https://openmrs.jfrog.io/artifactory/snapshots/|https://openmrs.jfrog.io/artifactory/snapshots/']') > credentials are sent. > If I use '[https://mavenrepo.openmrs.org/snapshots/'] (a 301 redirect to > [https://openmrs.jfrog.io/artifactory/snapshots/|https://openmrs.jfrog.io/artifactory/snapshots/']) > as my distributionManagement, credentials are _not_ sent and the request > fails as it's unauthenticated. > > You can see the configuration of 'mavenrepo.openmrs.org' server here: > [https://github.com/openmrs/openmrs-contrib-itsmresources/blob/master/ansible/host_vars/campo.openmrs.org/vars#L33] > > All my artefacts are public to download, so I don't have a way to testing > downloading artefacts with server credentials. > > > This is how the output looks like in maven 3.6.3: > {code:java} > > [INFO] --- maven-deploy-plugin:2.7:deploy (default-deploy) @ > releasetestmodule --- > Downloading from openmrs-repo-snapshots: > https://mavenrepo.openmrs.org/nexus/content/repositories/snapshots/org/openmrs/module/releasetestmodule/2.1.22-SNAPSHOT/maven-metadata.xml > Downloaded from openmrs-repo-snapshots: > https://mavenrepo.openmrs.org/nexus/content/repositories/snapshots/org/openmrs/module/releasetestmodule/2.1.22-SNAPSHOT/maven-metadata.xml > (616 B at 132 B/s) > Uploading to openmrs-repo-snapshots: > https://mavenrepo.openmrs.org/nexus/content/repositories/snapshots/org/openmrs/module/releasetestmodule/2.1.22-SNAPSHOT/releasetestmodule-2.1.22-20200427.091851-13.pom > ... > [ERROR] Failed to execute goal > org.apache.maven.plugins:maven-deploy-plugin:2.7:deploy (default-deploy) on > project releasetestmodule: Failed to deploy artifacts: Could not transfer > artifact org.openmrs.module:releasetestmodule:pom:2.1.22-20200427.091851-13 > from/to openmrs-repo-snapshots > (https://mavenrepo.openmrs.org/nexus/content/repositories/snapshots): > Transfer failed for > https://openmrs.jfrog.io/artifactory/snapshots/org/openmrs/module/releasetestmodule/2.1.22-SNAPSHOT/releasetestmodule-2.1.22-20200427.091851-13.pom > 401 Unauthorized -> [Help 1]{code} -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (WAGON-590) Maven 3.5.0+ doesn't seem to send credentials after 301/302 HTTP redirect
[ https://issues.apache.org/jira/browse/WAGON-590?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17243912#comment-17243912 ] IG commented on WAGON-590: -- Done. https://github.com/apache/maven-site/pull/217 > Maven 3.5.0+ doesn't seem to send credentials after 301/302 HTTP redirect > - > > Key: WAGON-590 > URL: https://issues.apache.org/jira/browse/WAGON-590 > Project: Maven Wagon > Issue Type: Bug >Affects Versions: 3.4.0 >Reporter: Cintia DR >Priority: Major > Fix For: waiting-for-feedback > > Attachments: 0001-conditonally-set-AuthScope-to-any.patch, Screen > Shot 2020-04-28 at 7.45.33 pm.png, any-auth.log, > expect-continue-done-right-any-auth.log, master_osx.log, master_ubuntu.log, > maven_x.log, mvn-master-batch.log, mvn-wagon590branch-debug-osx.log, > mvn-wagon590branch-osx.log, mvn339_osx.log, mvn339_ubuntu.log, scoped-auth.log > > > Since maven 3.5.0 (including 3.6.3), maven seems to not send server > credentials if distributionManagement server response was a 301 or 302 HTTP > redirect. Note that the redirect is followed, but I receive unauthorised code. > Maven 3.2.5 and 3.3.9 work as expected. I could reproduce it on ubuntu and > OSX. Both are JDK 8, not sure if it could make any difference. > > All maven versions (including 3.2.5 and 3.3.9) are using the same version of > the deploy plugin (2.7), and upgrading it made no difference whatsoever. > > If I use '[https://openmrs.jfrog.io/artifactory/snapshots/'] as my > 'distributionManagement', credentials are sent. > If I use > '[https://mavenrepo.openmrs.org/proxy/snapshots/|https://mavenrepo.openmrs.org/snapshots/']' > (a reverse proxy to > '[https://openmrs.jfrog.io/artifactory/snapshots/|https://openmrs.jfrog.io/artifactory/snapshots/']') > credentials are sent. > If I use '[https://mavenrepo.openmrs.org/snapshots/'] (a 301 redirect to > [https://openmrs.jfrog.io/artifactory/snapshots/|https://openmrs.jfrog.io/artifactory/snapshots/']) > as my distributionManagement, credentials are _not_ sent and the request > fails as it's unauthenticated. > > You can see the configuration of 'mavenrepo.openmrs.org' server here: > [https://github.com/openmrs/openmrs-contrib-itsmresources/blob/master/ansible/host_vars/campo.openmrs.org/vars#L33] > > All my artefacts are public to download, so I don't have a way to testing > downloading artefacts with server credentials. > > > This is how the output looks like in maven 3.6.3: > {code:java} > > [INFO] --- maven-deploy-plugin:2.7:deploy (default-deploy) @ > releasetestmodule --- > Downloading from openmrs-repo-snapshots: > https://mavenrepo.openmrs.org/nexus/content/repositories/snapshots/org/openmrs/module/releasetestmodule/2.1.22-SNAPSHOT/maven-metadata.xml > Downloaded from openmrs-repo-snapshots: > https://mavenrepo.openmrs.org/nexus/content/repositories/snapshots/org/openmrs/module/releasetestmodule/2.1.22-SNAPSHOT/maven-metadata.xml > (616 B at 132 B/s) > Uploading to openmrs-repo-snapshots: > https://mavenrepo.openmrs.org/nexus/content/repositories/snapshots/org/openmrs/module/releasetestmodule/2.1.22-SNAPSHOT/releasetestmodule-2.1.22-20200427.091851-13.pom > ... > [ERROR] Failed to execute goal > org.apache.maven.plugins:maven-deploy-plugin:2.7:deploy (default-deploy) on > project releasetestmodule: Failed to deploy artifacts: Could not transfer > artifact org.openmrs.module:releasetestmodule:pom:2.1.22-20200427.091851-13 > from/to openmrs-repo-snapshots > (https://mavenrepo.openmrs.org/nexus/content/repositories/snapshots): > Transfer failed for > https://openmrs.jfrog.io/artifactory/snapshots/org/openmrs/module/releasetestmodule/2.1.22-SNAPSHOT/releasetestmodule-2.1.22-20200427.091851-13.pom > 401 Unauthorized -> [Help 1]{code} -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (WAGON-590) Maven 3.5.0+ doesn't seem to send credentials after 301/302 HTTP redirect
[ https://issues.apache.org/jira/browse/WAGON-590?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17243512#comment-17243512 ] Michael Osipov commented on WAGON-590: -- Great, would you mind to add the BasicAuthScope documentation to https://maven.apache.org/guides/mini/guide-http-settings.html? > Maven 3.5.0+ doesn't seem to send credentials after 301/302 HTTP redirect > - > > Key: WAGON-590 > URL: https://issues.apache.org/jira/browse/WAGON-590 > Project: Maven Wagon > Issue Type: Bug >Affects Versions: 3.4.0 >Reporter: Cintia DR >Priority: Major > Fix For: waiting-for-feedback > > Attachments: 0001-conditonally-set-AuthScope-to-any.patch, Screen > Shot 2020-04-28 at 7.45.33 pm.png, any-auth.log, > expect-continue-done-right-any-auth.log, master_osx.log, master_ubuntu.log, > maven_x.log, mvn-master-batch.log, mvn-wagon590branch-debug-osx.log, > mvn-wagon590branch-osx.log, mvn339_osx.log, mvn339_ubuntu.log, scoped-auth.log > > > Since maven 3.5.0 (including 3.6.3), maven seems to not send server > credentials if distributionManagement server response was a 301 or 302 HTTP > redirect. Note that the redirect is followed, but I receive unauthorised code. > Maven 3.2.5 and 3.3.9 work as expected. I could reproduce it on ubuntu and > OSX. Both are JDK 8, not sure if it could make any difference. > > All maven versions (including 3.2.5 and 3.3.9) are using the same version of > the deploy plugin (2.7), and upgrading it made no difference whatsoever. > > If I use '[https://openmrs.jfrog.io/artifactory/snapshots/'] as my > 'distributionManagement', credentials are sent. > If I use > '[https://mavenrepo.openmrs.org/proxy/snapshots/|https://mavenrepo.openmrs.org/snapshots/']' > (a reverse proxy to > '[https://openmrs.jfrog.io/artifactory/snapshots/|https://openmrs.jfrog.io/artifactory/snapshots/']') > credentials are sent. > If I use '[https://mavenrepo.openmrs.org/snapshots/'] (a 301 redirect to > [https://openmrs.jfrog.io/artifactory/snapshots/|https://openmrs.jfrog.io/artifactory/snapshots/']) > as my distributionManagement, credentials are _not_ sent and the request > fails as it's unauthenticated. > > You can see the configuration of 'mavenrepo.openmrs.org' server here: > [https://github.com/openmrs/openmrs-contrib-itsmresources/blob/master/ansible/host_vars/campo.openmrs.org/vars#L33] > > All my artefacts are public to download, so I don't have a way to testing > downloading artefacts with server credentials. > > > This is how the output looks like in maven 3.6.3: > {code:java} > > [INFO] --- maven-deploy-plugin:2.7:deploy (default-deploy) @ > releasetestmodule --- > Downloading from openmrs-repo-snapshots: > https://mavenrepo.openmrs.org/nexus/content/repositories/snapshots/org/openmrs/module/releasetestmodule/2.1.22-SNAPSHOT/maven-metadata.xml > Downloaded from openmrs-repo-snapshots: > https://mavenrepo.openmrs.org/nexus/content/repositories/snapshots/org/openmrs/module/releasetestmodule/2.1.22-SNAPSHOT/maven-metadata.xml > (616 B at 132 B/s) > Uploading to openmrs-repo-snapshots: > https://mavenrepo.openmrs.org/nexus/content/repositories/snapshots/org/openmrs/module/releasetestmodule/2.1.22-SNAPSHOT/releasetestmodule-2.1.22-20200427.091851-13.pom > ... > [ERROR] Failed to execute goal > org.apache.maven.plugins:maven-deploy-plugin:2.7:deploy (default-deploy) on > project releasetestmodule: Failed to deploy artifacts: Could not transfer > artifact org.openmrs.module:releasetestmodule:pom:2.1.22-20200427.091851-13 > from/to openmrs-repo-snapshots > (https://mavenrepo.openmrs.org/nexus/content/repositories/snapshots): > Transfer failed for > https://openmrs.jfrog.io/artifactory/snapshots/org/openmrs/module/releasetestmodule/2.1.22-SNAPSHOT/releasetestmodule-2.1.22-20200427.091851-13.pom > 401 Unauthorized -> [Help 1]{code} -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (WAGON-590) Maven 3.5.0+ doesn't seem to send credentials after 301/302 HTTP redirect
[ https://issues.apache.org/jira/browse/WAGON-590?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17243053#comment-17243053 ] IG commented on WAGON-590: -- Made it work with the following settings and wagon-3.4.2 inside maven 3.6.3 : {code:java} ANY ANY http.protocol.cookie-policy standard {code} cookie-policy was still required for correct cookie handling. > Maven 3.5.0+ doesn't seem to send credentials after 301/302 HTTP redirect > - > > Key: WAGON-590 > URL: https://issues.apache.org/jira/browse/WAGON-590 > Project: Maven Wagon > Issue Type: Bug >Affects Versions: 3.4.0 >Reporter: Cintia DR >Priority: Major > Fix For: waiting-for-feedback > > Attachments: 0001-conditonally-set-AuthScope-to-any.patch, Screen > Shot 2020-04-28 at 7.45.33 pm.png, any-auth.log, > expect-continue-done-right-any-auth.log, master_osx.log, master_ubuntu.log, > maven_x.log, mvn-master-batch.log, mvn-wagon590branch-debug-osx.log, > mvn-wagon590branch-osx.log, mvn339_osx.log, mvn339_ubuntu.log, scoped-auth.log > > > Since maven 3.5.0 (including 3.6.3), maven seems to not send server > credentials if distributionManagement server response was a 301 or 302 HTTP > redirect. Note that the redirect is followed, but I receive unauthorised code. > Maven 3.2.5 and 3.3.9 work as expected. I could reproduce it on ubuntu and > OSX. Both are JDK 8, not sure if it could make any difference. > > All maven versions (including 3.2.5 and 3.3.9) are using the same version of > the deploy plugin (2.7), and upgrading it made no difference whatsoever. > > If I use '[https://openmrs.jfrog.io/artifactory/snapshots/'] as my > 'distributionManagement', credentials are sent. > If I use > '[https://mavenrepo.openmrs.org/proxy/snapshots/|https://mavenrepo.openmrs.org/snapshots/']' > (a reverse proxy to > '[https://openmrs.jfrog.io/artifactory/snapshots/|https://openmrs.jfrog.io/artifactory/snapshots/']') > credentials are sent. > If I use '[https://mavenrepo.openmrs.org/snapshots/'] (a 301 redirect to > [https://openmrs.jfrog.io/artifactory/snapshots/|https://openmrs.jfrog.io/artifactory/snapshots/']) > as my distributionManagement, credentials are _not_ sent and the request > fails as it's unauthenticated. > > You can see the configuration of 'mavenrepo.openmrs.org' server here: > [https://github.com/openmrs/openmrs-contrib-itsmresources/blob/master/ansible/host_vars/campo.openmrs.org/vars#L33] > > All my artefacts are public to download, so I don't have a way to testing > downloading artefacts with server credentials. > > > This is how the output looks like in maven 3.6.3: > {code:java} > > [INFO] --- maven-deploy-plugin:2.7:deploy (default-deploy) @ > releasetestmodule --- > Downloading from openmrs-repo-snapshots: > https://mavenrepo.openmrs.org/nexus/content/repositories/snapshots/org/openmrs/module/releasetestmodule/2.1.22-SNAPSHOT/maven-metadata.xml > Downloaded from openmrs-repo-snapshots: > https://mavenrepo.openmrs.org/nexus/content/repositories/snapshots/org/openmrs/module/releasetestmodule/2.1.22-SNAPSHOT/maven-metadata.xml > (616 B at 132 B/s) > Uploading to openmrs-repo-snapshots: > https://mavenrepo.openmrs.org/nexus/content/repositories/snapshots/org/openmrs/module/releasetestmodule/2.1.22-SNAPSHOT/releasetestmodule-2.1.22-20200427.091851-13.pom > ... > [ERROR] Failed to execute goal > org.apache.maven.plugins:maven-deploy-plugin:2.7:deploy (default-deploy) on > project releasetestmodule: Failed to deploy artifacts: Could not transfer > artifact org.openmrs.module:releasetestmodule:pom:2.1.22-20200427.091851-13 > from/to openmrs-repo-snapshots > (https://mavenrepo.openmrs.org/nexus/content/repositories/snapshots): > Transfer failed for > https://openmrs.jfrog.io/artifactory/snapshots/org/openmrs/module/releasetestmodule/2.1.22-SNAPSHOT/releasetestmodule-2.1.22-20200427.091851-13.pom > 401 Unauthorized -> [Help 1]{code} -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (WAGON-590) Maven 3.5.0+ doesn't seem to send credentials after 301/302 HTTP redirect
[ https://issues.apache.org/jira/browse/WAGON-590?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17242750#comment-17242750 ] Michael Osipov commented on WAGON-590: -- I think except the cookie spec no further modification is necessary. Please try the following in your {{settings.xml}} with Wagon 3.4.2: {code:xml} my-server ANY ANY {code} A note on the patch: I am not a huge fan of the system property because this should be on a per-server basis and not blanket config. > Maven 3.5.0+ doesn't seem to send credentials after 301/302 HTTP redirect > - > > Key: WAGON-590 > URL: https://issues.apache.org/jira/browse/WAGON-590 > Project: Maven Wagon > Issue Type: Bug >Affects Versions: 3.4.0 >Reporter: Cintia DR >Priority: Major > Attachments: 0001-conditonally-set-AuthScope-to-any.patch, Screen > Shot 2020-04-28 at 7.45.33 pm.png, any-auth.log, > expect-continue-done-right-any-auth.log, master_osx.log, master_ubuntu.log, > maven_x.log, mvn-master-batch.log, mvn-wagon590branch-debug-osx.log, > mvn-wagon590branch-osx.log, mvn339_osx.log, mvn339_ubuntu.log, scoped-auth.log > > > Since maven 3.5.0 (including 3.6.3), maven seems to not send server > credentials if distributionManagement server response was a 301 or 302 HTTP > redirect. Note that the redirect is followed, but I receive unauthorised code. > Maven 3.2.5 and 3.3.9 work as expected. I could reproduce it on ubuntu and > OSX. Both are JDK 8, not sure if it could make any difference. > > All maven versions (including 3.2.5 and 3.3.9) are using the same version of > the deploy plugin (2.7), and upgrading it made no difference whatsoever. > > If I use '[https://openmrs.jfrog.io/artifactory/snapshots/'] as my > 'distributionManagement', credentials are sent. > If I use > '[https://mavenrepo.openmrs.org/proxy/snapshots/|https://mavenrepo.openmrs.org/snapshots/']' > (a reverse proxy to > '[https://openmrs.jfrog.io/artifactory/snapshots/|https://openmrs.jfrog.io/artifactory/snapshots/']') > credentials are sent. > If I use '[https://mavenrepo.openmrs.org/snapshots/'] (a 301 redirect to > [https://openmrs.jfrog.io/artifactory/snapshots/|https://openmrs.jfrog.io/artifactory/snapshots/']) > as my distributionManagement, credentials are _not_ sent and the request > fails as it's unauthenticated. > > You can see the configuration of 'mavenrepo.openmrs.org' server here: > [https://github.com/openmrs/openmrs-contrib-itsmresources/blob/master/ansible/host_vars/campo.openmrs.org/vars#L33] > > All my artefacts are public to download, so I don't have a way to testing > downloading artefacts with server credentials. > > > This is how the output looks like in maven 3.6.3: > {code:java} > > [INFO] --- maven-deploy-plugin:2.7:deploy (default-deploy) @ > releasetestmodule --- > Downloading from openmrs-repo-snapshots: > https://mavenrepo.openmrs.org/nexus/content/repositories/snapshots/org/openmrs/module/releasetestmodule/2.1.22-SNAPSHOT/maven-metadata.xml > Downloaded from openmrs-repo-snapshots: > https://mavenrepo.openmrs.org/nexus/content/repositories/snapshots/org/openmrs/module/releasetestmodule/2.1.22-SNAPSHOT/maven-metadata.xml > (616 B at 132 B/s) > Uploading to openmrs-repo-snapshots: > https://mavenrepo.openmrs.org/nexus/content/repositories/snapshots/org/openmrs/module/releasetestmodule/2.1.22-SNAPSHOT/releasetestmodule-2.1.22-20200427.091851-13.pom > ... > [ERROR] Failed to execute goal > org.apache.maven.plugins:maven-deploy-plugin:2.7:deploy (default-deploy) on > project releasetestmodule: Failed to deploy artifacts: Could not transfer > artifact org.openmrs.module:releasetestmodule:pom:2.1.22-20200427.091851-13 > from/to openmrs-repo-snapshots > (https://mavenrepo.openmrs.org/nexus/content/repositories/snapshots): > Transfer failed for > https://openmrs.jfrog.io/artifactory/snapshots/org/openmrs/module/releasetestmodule/2.1.22-SNAPSHOT/releasetestmodule-2.1.22-20200427.091851-13.pom > 401 Unauthorized -> [Help 1]{code} -- This message was sent by Atlassian Jira (v8.3.4#803005)