[jira] Commented: (GERONIMO-3969) maven2 module goals should use standard server definitions.

Sat, 19 Apr 2008 22:55:42 -0700 

    [ 
https://issues.apache.org/jira/browse/GERONIMO-3969?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12590742#action_12590742
 ] 

David Jencks commented on GERONIMO-3969:
----------------------------------------

Could you explain how this is relevant to the car-maven-plugin?

I'm not entirely clear on what configuration you are objecting to, an example 
would have clarified substantially.
For the geronimo-maven-plugin, I haven't looked at the configuration recently, 
but imagine it has something like
<configuration>
<userName>system</userName>
<password>manager</password>
</configuration>

(an example where the values are hardcoded)

Normally, maven doesn't provide any automatic way of setting these values from 
elsewhere, but the normal way to set up configuration with such settings is 
like this:
<configuration>
<userName>${geronimo.user}</userName>
<password>${geronimo.password}</password>
</configuration>

and you can then define the substitution variables in your settings.xml file in 
an appropriate profile.

Does this not work here?  If so, can you provide more details of what goes 
wrong?



> maven2 module goals should use standard server definitions.
> -----------------------------------------------------------
>
>                 Key: GERONIMO-3969
>                 URL: https://issues.apache.org/jira/browse/GERONIMO-3969
>             Project: Geronimo
>          Issue Type: Improvement
>      Security Level: public(Regular issues) 
>          Components: car-maven-plugin, geronimo-maven-plugin
>    Affects Versions: 2.1
>         Environment: Geronimo 2.1
>            Reporter: Brill Pappin
>   Original Estimate: 1h
>  Remaining Estimate: 1h
>
> The maven 2 geronimo plugins should be using the server definitions that are 
> usually entered in the settings.xml file.
> However it appears that I have to add the administrators username and 
> password to the plugin definition, which in turn means that some highly 
> secured information will get checked into source control.
> If it does userthe server definitions, then that fact is not documented on 
> the plugin site (that I could find). located at: 
> http://geronimo.apache.org/maven/server/maven-plugins/geronimo-maven-plugin/plugin-info.html
> I hesitate to call this a bug because it may still work, but its darn close 
> because of the security implications (in my case it makes it unusable).

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to