[
https://issues.apache.org/jira/browse/GERONIMO-3969?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12590743#action_12590743
]
Brill Pappin commented on GERONIMO-3969:
----------------------------------------
Actually, that's not quite correct. Although using substitution properties
might actually work and resolve the problem in the short run, it is definitely
*not* the "maven" way of doing it (and the point of maven is repeatable build
after all).
See: http://maven.apache.org/settings.html#Servers
See: http://maven.apache.org/ref/2.0.8/maven-settings/settings.html#class_server
See: http://mojo.codehaus.org/tomcat-maven-plugin/configuration.html
The servers element of the settings file is supposed to provide server<->user
dependent information to the build. An example of this would be when you run
the mvn deploy goal and your artifact is deployed to an Archiva repository.
Another example would be the tomcat deploy (from the tomcat plugin) goal, which
properly uses the server configurations to deploy a war artifact to a Tomcat
server.
As for specific relevance to the car plugin, I though I'd seen the same pattern
but I may be mistaken.... if so, the car plugin component can be removed from
the issue.
> maven2 module goals should use standard server definitions.
> -----------------------------------------------------------
>
> Key: GERONIMO-3969
> URL: https://issues.apache.org/jira/browse/GERONIMO-3969
> Project: Geronimo
> Issue Type: Improvement
> Security Level: public(Regular issues)
> Components: car-maven-plugin, geronimo-maven-plugin
> Affects Versions: 2.1
> Environment: Geronimo 2.1
> Reporter: Brill Pappin
> Original Estimate: 1h
> Remaining Estimate: 1h
>
> The maven 2 geronimo plugins should be using the server definitions that are
> usually entered in the settings.xml file.
> However it appears that I have to add the administrators username and
> password to the plugin definition, which in turn means that some highly
> secured information will get checked into source control.
> If it does userthe server definitions, then that fact is not documented on
> the plugin site (that I could find). located at:
> http://geronimo.apache.org/maven/server/maven-plugins/geronimo-maven-plugin/plugin-info.html
> I hesitate to call this a bug because it may still work, but its darn close
> because of the security implications (in my case it makes it unusable).
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
