Username for accessing servers via Maven must not be encrypted #1389

ohecker · 2024-10-10T08:26:03Z

Expected behavior

As a user of Maven within the devonFW IDE, I want to use the given settings.xml template (https://github.com/devonfw/ide-settings/blob/main/templates/conf/mvn/settings.xml) to generate my local configuration when setting up the IDE.

Actual behavior

The templating mechanism uses the maven password encryption mechanism for every encountered variable $[...] to be replaced. Within the given default template this results in also the username (not just the password) to be encrypted:
https://github.com/devonfw/ide-settings/blob/b1d63fbc7849e9585d52595d786c30362212c34e/templates/conf/mvn/settings.xml#L20-L26.

Using the generated settings.xml results in HTTP 401 Unauthorized.

Steps to reproduce (bug) / Use Case of feature request (enhancement)

See above.

Related/Dependent Issues

Support placeholders in settings.xml template #542

Comments/Hints:

Using encryption on all variables to be replaced was a design decision documented in #542 . This decision was obviously based on the assumption that encrypting variables is a universal feature and can be used throughout the whole settings.xml. This is not correct: The option to use encryption in the settings.xml is only available for server passwords.

Possible quick fix/workaround: If the user name to be used is the name of the current OS user then

<servers>
   <server>
     <id>repository</id>
     <username>${env.USERNAME}</username>
     <password>$[mavenRepoPassword]</password>
   </server>
 </servers>

or

  <servers>
    <server>
      <id>repository</id>
      <username>${user.name}</username>
      <password>$[mavenRepoPassword]</password>
    </server>
  </servers>

will do the job.

If this is not the required user name, then probably the templating mechanism need to be extended to allow choosing if a variable should be encrypted or not.

Affected version:

OS: all
Browser: N/A

The text was updated successfully, but these errors were encountered:

hohwille · 2024-10-11T14:27:38Z

Note:

for devonfw-ide fix here: https://github.com/devonfw/ide-settings/blob/dev-ide-settings/templates/conf/mvn/settings.xml#L23
for IDEasy fix here: https://github.com/devonfw/ide-settings/blob/main/templates/conf/mvn/settings.xml#L23

…e encrypted (#62)

hohwille · 2024-10-25T22:52:12Z

was auto-closed by github.
Reopening since only fixed for IDEasy but not for devonfw-ide.

ohecker added the bug Something isn't working label Oct 10, 2024

hohwille added the good-first-issue Good for newcomers label Oct 11, 2024

hohwille added this to IDEasy board Oct 11, 2024

github-project-automation bot moved this to 🆕 New in IDEasy board Oct 11, 2024

KianRolf self-assigned this Oct 15, 2024

KianRolf moved this from 🆕 New to 🏗 In progress in IDEasy board Oct 16, 2024

KianRolf assigned leonrohne27 Oct 16, 2024

This was referenced Oct 17, 2024

#1389:Username for accessing servers via Maven no longer encrypted devonfw/ide-settings#62

Merged

#704: fix settings-security.xml not found devonfw/IDEasy#705

Merged

hohwille pushed a commit to devonfw/ide-settings that referenced this issue Oct 25, 2024

devonfw/ide#1389: Username for accessing servers via Maven must not b…

69f418e

…e encrypted (#62)

hohwille closed this as completed in devonfw/ide-settings#62 Oct 25, 2024

github-project-automation bot moved this from 🏗 In progress to ✅ Done in IDEasy board Oct 25, 2024

hohwille reopened this Oct 25, 2024

hohwille added this to the settings milestone Oct 25, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Username for accessing servers via Maven must not be encrypted #1389

Username for accessing servers via Maven must not be encrypted #1389

ohecker commented Oct 10, 2024

hohwille commented Oct 11, 2024

hohwille commented Oct 25, 2024