maven-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Fox <>
Subject Re: [VOTE] Maven 2.2.0 (Second Attempt)
Date Fri, 19 Jun 2009 16:29:32 GMT
Ok John and I looked into this further and here's what we found:

Maven 2.2.0 (with the new wagon) is sending preemptive authentication.
The reason it failed for me is I had a server entry for Nexus that
matched my mirror setting. The auth in there was for another Nexus and
not for my personal one. In previous versions of Maven, the
authentication was only sent if the server sent a 401. In this
version, the client is sending the incorrect auth before getting a 401
and the server nacks it.

This is probably a rare situation but does present itself like a
regression. On the flip side, I would love to be able to enable
pre-emptive authentication but I would want to do it per server. This
would have the effect of halving the requests and upload data for
authenticated servers, but we shouldn't do it by default.

On Fri, Jun 19, 2009 at 11:31 AM, John Casey<> wrote:
> Can you elaborate on the errors? Do we need to file a JIRA for it?
> Brian Fox wrote:
>> I'm having trouble getting this version to work against my Nexus
>> instance. I keep getting authorization errors even though it's setup
>> for anonymous. Switching back to 2.1.0 works immediately.
>> On Fri, Jun 19, 2009 at 10:36 AM, Jörg Schaible<>
>> wrote:
>>> Hi John,
>>> John Casey wrote:
>>>> This would be because of the recent addition of log4j, which is now
>>>> shaded into the Maven binary (bundled with a changed package structure
>>>> to keep it out of the way of plugins' own log4j dependencies).
>>>> httpclient is using log4j because it's available, but log4j doesn't have
>>>> a configuration included...resulting in this error.
>>>> I suppose one easy fix would be to again retract this vote in order to
>>>> add a log4j config file. I'm really not inclined to do this, unless
>>>> others have stronger feelings about it. I'm not sure what impact this
>>>> will have on debug output coming from the http wagon (where httpclient
>>>> is used), but unless it's completely hiding all output I'd say we should
>>>> fix it in 2.2.1.
>>>> What do others think?
>>> why don't you simply set the system property
>>> org.apache.commons.logging.Log
>>> to initialize CL statically or add a to the
>>> resources
>>> (
>>> That should avoid the discovery mechanism of CL at all that is blamed in
>>> MNG-4207 for the problem.
>>> - Jörg
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail:
>>> For additional commands, e-mail:
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail:
>> For additional commands, e-mail:
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message