maven-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Aleksander Gjermundsen (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (WAGON-538) Basic authentication fails if the password contains non-ASCII characters
Date Thu, 15 Nov 2018 08:01:00 GMT

    [ https://issues.apache.org/jira/browse/WAGON-538?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16687617#comment-16687617
] 

Aleksander Gjermundsen commented on WAGON-538:
----------------------------------------------

[~michael-o]: The WAGON-540 branch works for me. It downloads files from Nexus and the log
now says:

{code}
8441 [main] [DEBUG] org.apache.maven.wagon.providers.http.httpclient.headers - http-outgoing-0
>> HEAD /repository/maven-public/org/codehaus/plexus/plexus/1.0.11/plexus-1.0.11.pom
HTTP/1.1
8441 [main] [DEBUG] org.apache.maven.wagon.providers.http.httpclient.headers - http-outgoing-0
>> Cache-control: no-cache
8441 [main] [DEBUG] org.apache.maven.wagon.providers.http.httpclient.headers - http-outgoing-0
>> Cache-store: no-store
8442 [main] [DEBUG] org.apache.maven.wagon.providers.http.httpclient.headers - http-outgoing-0
>> Pragma: no-cache
8442 [main] [DEBUG] org.apache.maven.wagon.providers.http.httpclient.headers - http-outgoing-0
>> User-Agent: Apache-Maven/3.6.1-SNAPSHOT (Java 1.8.0_192; Linux 4.19.1-1-MANJARO)
8442 [main] [DEBUG] org.apache.maven.wagon.providers.http.httpclient.headers - http-outgoing-0
>> Host: localhost:8081
8442 [main] [DEBUG] org.apache.maven.wagon.providers.http.httpclient.headers - http-outgoing-0
>> Connection: Keep-Alive
8443 [main] [DEBUG] org.apache.maven.wagon.providers.http.httpclient.headers - http-outgoing-0
>> Accept-Encoding: gzip,deflate
8443 [main] [DEBUG] org.apache.maven.wagon.providers.http.httpclient.headers - http-outgoing-0
>> Authorization: Basic dXNlcsOYOnVzZXLDmA==
{code}

This was without http.auth.credential-charset defined in settings.xml, so simply:
{code}
<server>
    <id>nexus</id>
    <username>userØ</username>
    <password>userØ</password>
</server>
{code}

> Basic authentication fails if the password contains non-ASCII characters
> ------------------------------------------------------------------------
>
>                 Key: WAGON-538
>                 URL: https://issues.apache.org/jira/browse/WAGON-538
>             Project: Maven Wagon
>          Issue Type: Bug
>          Components: wagon-http
>    Affects Versions: 3.2.0
>            Reporter: Aleksander Gjermundsen
>            Assignee: Michael Osipov
>            Priority: Major
>             Fix For: 3.3.0
>
>
> If the username and/or password used to authenticate to Nexus contains non-ascii characters,
the authentication fails with an access denied error. After using Wireshark to investigate
the headers being sent (in my case "Ø", any non-ascii characters are replaced with "?".
> To test, I have used the following configuration:
> {code:java}
> <settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
>  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>  xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 http://maven.apache.org/xsd/settings-1.0.0.xsd">
> ...
>     <servers>
>         <server>
>             <id>artifactory</id>
>             <username>userØ</username>
>             <password>userØ</password>
>         </server>
>     </servers>
>     ...
>     <mirrors>
>         <mirror>
>             <id>nexus</id>
>             <mirrorOf>*</mirrorOf>
>             <name>Local Nexus</name>
>             <url>http://localhost:8081/repository/maven-public</url>
>         </mirror>
>     </mirrors>
> ...
> </settings>{code}
> The settings.xml file is saved using UTF-8 encoding and it appears that Maven reads the
username and passwords correctly into strings, but Apache HttpClient do not encode the UTF-8
characters when encoding them into base64.
> I did a quick patch of Wagon to make it work for my use case, where HttpClient is configured
to encode as UTF-8. As is mentioned in MNG-5917, it is not completely clear from the standards
how these characters are supposed to be handled, but on my system both wget and the Chrome
web browser encode the characters the same way as after my patch and are able to download
files from Nexus.
> Since Artifactory was used in MNG-5917, I also tested against that, but in contrast to
Maven it was not able to decode the username and password correctly, however it would be broken
without the patch anyway.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message