[
http://jira.codehaus.org/browse/MRM-967?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=150155#action_150155
]
Gwen Harold Autencio commented on MRM-967:
------------------------------------------
Using the 'mvn deploy:deploy-file'
[EMAIL PROTECTED]:~$ mvn deploy:deploy-file
-Dfile=NUnit.Framework.dll-2.4.8.0.dll -DgroupId=NUnit -Dversion=2.4.8.0
-Dpackaging=dll -DartifactId=NUnit.Framework.dll
-DrepositoryId=archiva-snapshots
-Durl=http://localhost:9091/repository/snapshots/ -DgeneratePom=true
[INFO] Scanning for projects...
[INFO] Searching repository for plugin with prefix: 'deploy'.
[INFO] ------------------------------------------------------------------------
[INFO] Building Maven Default Project
[INFO] task-segment: [deploy:deploy-file] (aggregator-style)
[INFO] ------------------------------------------------------------------------
[INFO] [deploy:deploy-file]
Uploading:
http://localhost:9091/repository/snapshots//NUnit/NUnit.Framework.dll/2.4.8.0/NUnit.Framework.dll-2.4.8.0.dll
31K uploaded
[INFO] ------------------------------------------------------------------------
[ERROR] BUILD ERROR
[INFO] ------------------------------------------------------------------------
[INFO] Error deploying artifact: Failed to transfer file:
http://localhost:9091/repository/snapshots//NUnit/NUnit.Framework.dll/2.4.8.0/NUnit.Framework.dll-2.4.8.0.dll.
Return code is: 401
[INFO] ------------------------------------------------------------------------
[INFO] For more information, run Maven with the -e switch
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 1 second
[INFO] Finished at: Mon Oct 06 18:29:15 GMT+08:00 2008
[INFO] Final Memory: 3M/5M
[INFO] ------------------------------------------------------------------------
> Security Issue: If repository observer role is enabled for the 'guest' user,
> an invalid user is able to deploy to that repository
> ---------------------------------------------------------------------------------------------------------------------------------
>
> Key: MRM-967
> URL: http://jira.codehaus.org/browse/MRM-967
> Project: Archiva
> Issue Type: Bug
> Components: Users/Security, WebDAV interface
> Affects Versions: 1.1.2
> Reporter: Maria Odea Ching
> Assignee: Maria Odea Ching
> Priority: Critical
> Fix For: 1.1.3
>
>
> Steps to reproduce (using repository 'snapshots'):
> 1. Configure the <distributionManagement> of your project's pom to deploy
> your project to 'snapshots' repository, as follows:
> <distributionManagement>
> <repository>
> <id>releases</id>
> <name>Releases Repository</name>
> <layout>default</layout>
> <url>dav:http://localhost:8080/archiva/repository/releases/</url>
> </repository>
> <snapshotRepository>
> <id>snapshots</id>
> <uniqueVersion>true</uniqueVersion>
> <name>Snapshots Repository</name>
> <layout>default</layout>
> <url>dav:http://localhost:8080/archiva/repository/snapshots/</url>
> </snapshotRepository>
> </distributionManagement>
> 2. Enable the 'snapshots' repository observer role for 'guest' user
> 3. Add an invalid user credentials in your settings.xml for 'snapshots'
> repository, as shown below:
> <server>
> <id>snapshots</id>
> <username>invalidusername</username>
> <password>password</password>
> </server>
> 4. Execute 'mvn clean deploy' in your project.
> Alternatively, you can also use the deploy-file goal to replicate the issue
> so you won't need to configure your pom (ex. 'mvn deploy:deploy-file
> -Dfile=nunit.framework.dll -DgroupId=NUnit -Dversion=2.4.8.0 -Dpackaging=dll
> -DartifactId=NUnit.Framework.dll -DrepositoryId=snapshots
> -Durl=http://localhost:8080/archiva/repository/snapshots -DgeneratePom=true')
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
