1. Home
  2. Categories
  3. Support
  4. How do I correctly pass username / password to a security protected Maven feed?

Welcome to the Inedo Forums! Check out the Forums Guide for help getting started.

If you are experiencing any issues with the forum software, please visit the Contact Form on our website and let us know!

How do I correctly pass username / password to a security protected Maven feed?

  • ?

    I have Proget set up with a user called "Jenkins" which is in the group "Pushers" which has permissions for the default tasks of Publish Packages and Promote Packages. This succeeded once (at least I think so, I'm not 100% sure if it succeeded while it was just under password control), but then I wanted to change the password so I deleted and recreated the user and made sure everything was OK again. However, now all pushes fail with:

    Upload http://172.23.121.218:8080/maven2/internalmaven/com/couchbase/lite/couchbase-lite-android/2.0.0-SNAPSHOT/couchbase-lite-android-2.0.0-20170328.002044-1-javadoc.jar
    Could not transfer artifact com.couchbase.lite:couchbase-lite-android:jar:javadoc:2.0.0-20170328.002044-1 from/to remote (http://<user>:<pass>@172.23.121.218:8080/maven2/internalmaven): Could not write to resource 'com/couchbase/lite/couchbase-lite-android/2.0.0-SNAPSHOT/couchbase-lite-android-2.0.0-20170328.002044-1-javadoc.jar'

    I have recreated the group and user numerous times, as well as giving permission explicitly to the user. None of these has solved the problem. If I add anonymous access, then both the password URL and the non-password URL work for pushing. Is there a way to find more information about what went wrong? Is HTTP Basic Auth the incorrect way to do this?

    Product: ProGet
    Version: 4.7.4

    0
  • ?

    I'm not sure... the easiest way to debug this would be to attach a proxy server to ProGet; just configure ProGet to go through a Fiddler instance installed on the server.

    Maven only (generally) supports basic authentication, that is unless you want to do a custom "wheel", which we haven't heard of many folks having success with.

    If the anonymous user can access a feed, then there is no 401-challenge. In this case, the client is likely not sending any credentials (you should only send credentials when asked).

    So, my guess is that your authentication credentials are being cached. That would explain the behavior of working, and then not working.

    0
  • ?

    Ok I figured out what I was doing wrong. I was setting the URL in build.gradle to:

    http://<user>:<password>@proget-server

    But it should look like this instead

    publishing {
    repositories {
    maven {
    credentials {
    username "$mavenUser"
    password "$mavenPassword"
    }
    url "http://proget-server"
    }
    }
    }

    With the mavenUser and mavenPassword being defined in ~/.gradle/gradle.properties

    0
proget 1568 authentication 62 java 16
Log in to reply
 
Inedo Website HomeSupport HomeCode of ConductForums GuideDocumentation