Maven uses artifact download credentials during deployment in some circumstances
--------------------------------------------------------------------------------
Key: MNG-4435
URL: http://jira.codehaus.org/browse/MNG-4435
Project: Maven 2
Issue Type: Bug
Components: Deployment
Affects Versions: 2.2.1
Reporter: Rich Seddon
If Maven downloads an artifact using authorization, this authorization seems to be cached,
which can cause a subsequent deployment to succeed where it should have failed.
Steps to reproduce:
# Set up a build which will require downloading an artifact from a Nexus server which requires
authentication, and configure your settings.xml appropriately.
# Create a project with a distribution management section which points to a repository in
the above server. Make sure the repository id doesn't exist in your settings.xml
# Run "mvn deploy"
What happens:
If the credentials used to download artifacts from Nexus have deployment privileges in the
Nexus repository the deployment will succeed.
Now run "mvn deploy" again. This time the deployment will fail with a 401 code.
This bug exists in both Maven 2.2.1 and the latest Maven 3.0 snapshots.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
|