[
https://issues.apache.org/jira/browse/WAGON-627?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Michael Osipov moved MDEPLOY-293 to WAGON-627:
----------------------------------------------
Fix Version/s: (was: waiting-for-feedback)
Key: WAGON-627 (was: MDEPLOY-293)
Project: Maven Wagon (was: Maven Deploy Plugin)
> Maven deploy fails with 401 Unauthorized when using £ in password
> -----------------------------------------------------------------
>
> Key: WAGON-627
> URL: https://issues.apache.org/jira/browse/WAGON-627
> Project: Maven Wagon
> Issue Type: Bug
> Reporter: Nélson Cunha
> Assignee: Michael Osipov
> Priority: Major
> Attachments: image-2022-06-08-20-06-39-388.png,
> image-2022-06-08-20-09-57-536.png, image-2022-06-09-16-52-04-876.png,
> image-2022-06-09-16-52-19-905.png, image-2022-06-09-17-01-18-568.png
>
>
> Hello.
> I'm using Apache Maven 3.6.3 and maven-deploy-plugin 2.8.2 on Oracle's Java
> version 1.8.0_321 and I'm currently receiving the 401 Unauthorized error
> when deploying an artifact to Sonatype Nexus:
> {noformat}
> [ERROR] Failed to execute goal
> org.apache.maven.plugins:maven-deploy-plugin:2.8.2:deploy (default-deploy) on
> project XXX: Failed to deploy artifacts: Could not transfer artifact
> XXX:XXX:pom:4.0.0-20220608.184337-1 from/to nexus-snapshots
> (http://.../repository/maven-snapshots/): Transfer failed for
> http://...-4.0.0-20220608.184337-1.pom 401 Unauthorized -> [Help 1]{noformat}
>
> This error showed up after I changed my password with a leading {{£}}
> character.
>
> Using Wireshark to capture the HTTP packages exchanged between the maven
> client and the nexus repository, I see 3 interactions:
> # unauthenticated GET request for a maven-metadata.xml file, followed by a
> 401 response
> # authenticated GET request for the same maven-metadata.xml file, followed
> by a 404 response
> # authenticated PUT request for the pom file, followed by a 401 response
>
> Now, analyzing the headers for the second and third request I noticed the
> base64 on the Authentication header is not the same.
> * 2nd request: GET metadata
> !image-2022-06-08-20-06-39-388.png!
>
> * 3rd request PUT pom
> !image-2022-06-08-20-09-57-536.png!
>
> The decoded base64 with the username:password, shows that, as expected, the
> request that received a 404 holds the right password, but on the other hand,
> the PUT request that got a 401 has a password with a {{?}} for the {{{}£{}}}.
>
> All the servers on my {{settings.xml}} hold the same user/password and I have
> tried with the passwords encoded and in plain text.
>
>
> Further tests with base64 encoding and decoding showed that the "wrong"
> password is the actual password but encoded from an ANSI code page where the
> password accepted by Nexus is encoded from utf8.
>
> I noticed the 401 responses don't specify the encoding on the
> {{WWW-Authenticate}} header, which should clear up which encoding to use, but
> still for some reason the two requests are apparently using different
> encodings.
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
