maven-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Aleksander Gjermundsen (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (WAGON-538) Basic authentication fails if the password contains non-ascii characters
Date Mon, 12 Nov 2018 19:22:00 GMT

    [ https://issues.apache.org/jira/browse/WAGON-538?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16684272#comment-16684272
] 

Aleksander Gjermundsen commented on WAGON-538:
----------------------------------------------

I tried to enable more logging (https://support.sonatype.com/hc/en-us/articles/213464088-Configuring-Maven-HTTP-Wagon-Detailed-Logging)
and this is an extract of the output (used Apache HttpClient as an example project):
{code}
1740 [main] [DEBUG] org.apache.maven.wagon.providers.http.httpclient.impl.auth.HttpAuthenticator
- Authentication required
1740 [main] [DEBUG] org.apache.maven.wagon.providers.http.httpclient.impl.auth.HttpAuthenticator
- localhost:8081 requested authentication
1740 [main] [DEBUG] org.apache.maven.wagon.providers.http.httpclient.impl.client.TargetAuthenticationStrategy
- Authentication schemes in the order of preference: [Negotiate, Kerberos, NTLM, CredSSP,
Digest, Basic]
1741 [main] [DEBUG] org.apache.maven.wagon.providers.http.httpclient.impl.client.TargetAuthenticationStrategy
- Challenge for Negotiate authentication scheme not available
1741 [main] [DEBUG] org.apache.maven.wagon.providers.http.httpclient.impl.client.TargetAuthenticationStrategy
- Challenge for Kerberos authentication scheme not available
1741 [main] [DEBUG] org.apache.maven.wagon.providers.http.httpclient.impl.client.TargetAuthenticationStrategy
- Challenge for NTLM authentication scheme not available
1742 [main] [DEBUG] org.apache.maven.wagon.providers.http.httpclient.impl.client.TargetAuthenticationStrategy
- Challenge for CredSSP authentication scheme not available
1742 [main] [DEBUG] org.apache.maven.wagon.providers.http.httpclient.impl.client.TargetAuthenticationStrategy
- Challenge for Digest authentication scheme not available
1748 [main] [DEBUG] org.apache.maven.wagon.providers.http.httpclient.impl.auth.HttpAuthenticator
- Selected authentication options: [BASIC [complete=true]]
1749 [main] [DEBUG] org.apache.maven.wagon.providers.http.httpclient.impl.conn.DefaultManagedHttpClientConnection
- http-outgoing-0: set socket timeout to 1800000
1749 [main] [DEBUG] org.apache.maven.wagon.providers.http.httpclient.impl.execchain.MainClientExec
- Executing request HEAD /repository/maven-public/org/apache/httpcomponents/httpcomponents-parent/11/httpcomponents-parent-11.pom
HTTP/1.1
1750 [main] [DEBUG] org.apache.maven.wagon.providers.http.httpclient.impl.execchain.MainClientExec
- Target auth state: CHALLENGED
1750 [main] [DEBUG] org.apache.maven.wagon.providers.http.httpclient.impl.auth.HttpAuthenticator
- Generating response to an authentication challenge using basic scheme
1754 [main] [DEBUG] org.apache.maven.wagon.providers.http.httpclient.impl.execchain.MainClientExec
- Proxy auth state: UNCHALLENGED
1755 [main] [DEBUG] org.apache.maven.wagon.providers.http.httpclient.headers - http-outgoing-0
>> HEAD /repository/maven-public/org/apache/httpcomponents/httpcomponents-parent/11/httpcomponents-parent-11.pom
HTTP/1.1
1756 [main] [DEBUG] org.apache.maven.wagon.providers.http.httpclient.headers - http-outgoing-0
>> Cache-control: no-cache
1756 [main] [DEBUG] org.apache.maven.wagon.providers.http.httpclient.headers - http-outgoing-0
>> Cache-store: no-store
1757 [main] [DEBUG] org.apache.maven.wagon.providers.http.httpclient.headers - http-outgoing-0
>> Pragma: no-cache
1757 [main] [DEBUG] org.apache.maven.wagon.providers.http.httpclient.headers - http-outgoing-0
>> User-Agent: Apache-Maven/3.6.1-SNAPSHOT (Java 1.8.0_192; Linux 4.19.1-1-MANJARO)
1758 [main] [DEBUG] org.apache.maven.wagon.providers.http.httpclient.headers - http-outgoing-0
>> Host: localhost:8081
1759 [main] [DEBUG] org.apache.maven.wagon.providers.http.httpclient.headers - http-outgoing-0
>> Connection: Keep-Alive
1759 [main] [DEBUG] org.apache.maven.wagon.providers.http.httpclient.headers - http-outgoing-0
>> Accept-Encoding: gzip,deflate
1760 [main] [DEBUG] org.apache.maven.wagon.providers.http.httpclient.headers - http-outgoing-0
>> Authorization: Basic dXNlcj86dXNlcj8=
1760 [main] [DEBUG] org.apache.maven.wagon.providers.http.httpclient.wire - http-outgoing-0
>> "HEAD /repository/maven-public/org/apache/httpcomponents/httpcomponents-parent/11/httpcomponents-parent-11.pom
HTTP/1.1[\r][\n]"
1761 [main] [DEBUG] org.apache.maven.wagon.providers.http.httpclient.wire - http-outgoing-0
>> "Cache-control: no-cache[\r][\n]"
1761 [main] [DEBUG] org.apache.maven.wagon.providers.http.httpclient.wire - http-outgoing-0
>> "Cache-store: no-store[\r][\n]"
1762 [main] [DEBUG] org.apache.maven.wagon.providers.http.httpclient.wire - http-outgoing-0
>> "Pragma: no-cache[\r][\n]"
1762 [main] [DEBUG] org.apache.maven.wagon.providers.http.httpclient.wire - http-outgoing-0
>> "User-Agent: Apache-Maven/3.6.1-SNAPSHOT (Java 1.8.0_192; Linux 4.19.1-1-MANJARO)[\r][\n]"
1763 [main] [DEBUG] org.apache.maven.wagon.providers.http.httpclient.wire - http-outgoing-0
>> "Host: localhost:8081[\r][\n]"
1763 [main] [DEBUG] org.apache.maven.wagon.providers.http.httpclient.wire - http-outgoing-0
>> "Connection: Keep-Alive[\r][\n]"
1763 [main] [DEBUG] org.apache.maven.wagon.providers.http.httpclient.wire - http-outgoing-0
>> "Accept-Encoding: gzip,deflate[\r][\n]"
1764 [main] [DEBUG] org.apache.maven.wagon.providers.http.httpclient.wire - http-outgoing-0
>> "Authorization: Basic dXNlcj86dXNlcj8=[\r][\n]"
1764 [main] [DEBUG] org.apache.maven.wagon.providers.http.httpclient.wire - http-outgoing-0
>> "[\r][\n]"
1769 [main] [DEBUG] org.apache.maven.wagon.providers.http.httpclient.wire - http-outgoing-0
<< "HTTP/1.1 401 Unauthorized[\r][\n]"
1770 [main] [DEBUG] org.apache.maven.wagon.providers.http.httpclient.wire - http-outgoing-0
<< "Date: Mon, 12 Nov 2018 19:07:00 GMT[\r][\n]"
1770 [main] [DEBUG] org.apache.maven.wagon.providers.http.httpclient.wire - http-outgoing-0
<< "Server: Nexus/3.14.0-04 (OSS)[\r][\n]"
1770 [main] [DEBUG] org.apache.maven.wagon.providers.http.httpclient.wire - http-outgoing-0
<< "X-Content-Type-Options: nosniff[\r][\n]"
1770 [main] [DEBUG] org.apache.maven.wagon.providers.http.httpclient.wire - http-outgoing-0
<< "WWW-Authenticate: BASIC realm="Sonatype Nexus Repository Manager"[\r][\n]"
1771 [main] [DEBUG] org.apache.maven.wagon.providers.http.httpclient.wire - http-outgoing-0
<< "Content-Length: 0[\r][\n]"
1771 [main] [DEBUG] org.apache.maven.wagon.providers.http.httpclient.wire - http-outgoing-0
<< "[\r][\n]"
1771 [main] [DEBUG] org.apache.maven.wagon.providers.http.httpclient.headers - http-outgoing-0
<< HTTP/1.1 401 Unauthorized
1772 [main] [DEBUG] org.apache.maven.wagon.providers.http.httpclient.headers - http-outgoing-0
<< Date: Mon, 12 Nov 2018 19:07:00 GMT
1772 [main] [DEBUG] org.apache.maven.wagon.providers.http.httpclient.headers - http-outgoing-0
<< Server: Nexus/3.14.0-04 (OSS)
1772 [main] [DEBUG] org.apache.maven.wagon.providers.http.httpclient.headers - http-outgoing-0
<< X-Content-Type-Options: nosniff
1773 [main] [DEBUG] org.apache.maven.wagon.providers.http.httpclient.headers - http-outgoing-0
<< WWW-Authenticate: BASIC realm="Sonatype Nexus Repository Manager"
1773 [main] [DEBUG] org.apache.maven.wagon.providers.http.httpclient.headers - http-outgoing-0
<< Content-Length: 0
1773 [main] [DEBUG] org.apache.maven.wagon.providers.http.httpclient.impl.execchain.MainClientExec
- Connection can be kept alive indefinitely
1774 [main] [DEBUG] org.apache.maven.wagon.providers.http.httpclient.impl.auth.HttpAuthenticator
- Authentication required
1774 [main] [DEBUG] org.apache.maven.wagon.providers.http.httpclient.impl.auth.HttpAuthenticator
- localhost:8081 requested authentication
1774 [main] [DEBUG] org.apache.maven.wagon.providers.http.httpclient.impl.auth.HttpAuthenticator
- Authorization challenge processed
1774 [main] [DEBUG] org.apache.maven.wagon.providers.http.httpclient.impl.auth.HttpAuthenticator
- Authentication failed
1775 [main] [DEBUG] org.apache.maven.wagon.providers.http.httpclient.impl.client.TargetAuthenticationStrategy
- Clearing cached auth scheme for http://localhost:8081
1775 [main] [DEBUG] org.apache.maven.wagon.providers.http.httpclient.impl.conn.PoolingHttpClientConnectionManager
- Connection [id: 0][route: {}->http://localhost:8081] can be kept alive indefinitely
1776 [main] [DEBUG] org.apache.maven.wagon.providers.http.httpclient.impl.conn.DefaultManagedHttpClientConnection
- http-outgoing-0: set socket timeout to 0
1776 [main] [DEBUG] org.apache.maven.wagon.providers.http.httpclient.impl.conn.PoolingHttpClientConnectionManager
- Connection released: [id: 0][route: {}->http://localhost:8081][total kept alive: 1; route
allocated: 1 of 20; total allocated: 1 of 40]
...
1787 [main] [ERROR] org.apache.maven.DefaultMaven - [ERROR] Some problems were encountered
while processing the POMs:
[FATAL] Non-resolvable parent POM for org.apache.httpcomponents:httpcomponents-client:4.5.7-SNAPSHOT:
Could not transfer artifact org.apache.httpcomponents:httpcomponents-parent:pom:11 from/to
nexus (http://localhost:8081/repository/maven-public): Not authorized and 'parent.relativePath'
points at wrong local POM @ line 27, column 11
{code}

The value of the authorization header: "Basic dXNlcj86dXNlcj8=". This decodes to "user?:user?".
I tried to setup remote debugging in IntelliJ against mvnDebug, but was not able to get it
to stop at the breakpoints in the Wagon project. Will try again later in the week.

> Basic authentication fails if the password contains non-ascii characters
> ------------------------------------------------------------------------
>
>                 Key: WAGON-538
>                 URL: https://issues.apache.org/jira/browse/WAGON-538
>             Project: Maven Wagon
>          Issue Type: Bug
>            Reporter: Aleksander Gjermundsen
>            Priority: Major
>
> If the username and/or password used to authenticate to Nexus contains non-ascii characters,
the authentication fails with an access denied error. After using Wireshark to investigate
the headers being sent (in my case "Ø", any non-ascii characters are replaced with "?".
> To test, I have used the following configuration:
> {code:java}
> <settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
>  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>  xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 http://maven.apache.org/xsd/settings-1.0.0.xsd">
> ...
>     <servers>
>         <server>
>             <id>artifactory</id>
>             <username>userØ</username>
>             <password>userØ</password>
>         </server>
>     </servers>
>     ...
>     <mirrors>
>         <mirror>
>             <id>nexus</id>
>             <mirrorOf>*</mirrorOf>
>             <name>Local Nexus</name>
>             <url>http://localhost:8081/repository/maven-public</url>
>         </mirror>
>     </mirrors>
> ...
> </settings>{code}
> The settings.xml file is saved using UTF-8 encoding and it appears that Maven reads the
username and passwords correctly into strings, but Apache HttpClient do not encode the UTF-8
characters when encoding them into base64.
> I did a quick patch of Wagon to make it work for my use case, where HttpClient is configured
to encode as UTF-8. As is mentioned in MNG-5917, it is not completely clear from the standards
how these characters are supposed to be handled, but on my system both wget and the Chrome
web browser encode the characters the same way as after my patch and are able to download
files from Nexus.
> Since Artifactory was used in MNG-5917, I also tested against that, but in contrast to
Maven it was not able to decode the username and password correctly, however it would be broken
without the patch anyway.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message