Details
-
Bug
-
Resolution: Won't Do
-
Major
-
None
-
2.0.0-beta-4, 2.0.0
-
None
-
None
Description
This problem is caused by SHRINKRES-38 "Support encrypted passwords for password protected repositories".
As soon MavenSettingsBuilder finds passwords in the settings file, it apprently assumes that they are encrypted with the master password which is defined in settings-security.xml. When the file cannot be found an exception is thrown:
org.jboss.shrinkwrap.resolver.api.InvalidConfigurationFileException: Unable to get security configuration from C:\Users\U115417\.m2\settings-security.xml. Please define path to the settings-security.xml file via -Dorg.apache.maven.security-settings, or put it the the default location defined by Maven.
at org.jboss.shrinkwrap.resolver.impl.maven.internal.decrypt.MavenSecurityDispatcher.getMaster(MavenSecurityDispatcher.java:171)
at org.jboss.shrinkwrap.resolver.impl.maven.internal.decrypt.MavenSecurityDispatcher.decrypt(MavenSecurityDispatcher.java:96)
at org.jboss.shrinkwrap.resolver.impl.maven.internal.decrypt.MavenSettingsDecrypter.decrypt(MavenSettingsDecrypter.java:92)
at org.jboss.shrinkwrap.resolver.impl.maven.internal.decrypt.MavenSettingsDecrypter.decrypt(MavenSettingsDecrypter.java:60)
at org.jboss.shrinkwrap.resolver.impl.maven.bootstrap.MavenSettingsBuilder.decryptPasswords(MavenSettingsBuilder.java:223)
at org.jboss.shrinkwrap.resolver.impl.maven.bootstrap.MavenSettingsBuilder.buildSettings(MavenSettingsBuilder.java:186)
at org.jboss.shrinkwrap.resolver.impl.maven.bootstrap.MavenSettingsBuilder.buildDefaultSettings(MavenSettingsBuilder.java:113)
at org.jboss.shrinkwrap.resolver.impl.maven.MavenWorkingSessionImpl.<init>(MavenWorkingSessionImpl.java:123)
at org.jboss.shrinkwrap.resolver.impl.maven.MavenResolverSystemImpl.<init>(MavenResolverSystemImpl.java:43)
... 80 more
This is not correct as passwords can be defined without encryption and in this case no settings-security.xml file is needed.
As we use server-side hashed passwords (without client-side encryption), this is a deal breaker for our project as you cannot work around this problem by just creating an empty file or a dummy password.
