[
https://issues.apache.org/jira/browse/MNG-6679?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16866360#comment-16866360
]
Jörg Hohwiller commented on MNG-6679:
-------------------------------------
All I was saying was:
{code:java}
For some reasons I did not get a warning in my logs.{code}
And with just a regular maven call or even with just "-X" this is still true.
You should not expect users of maven to always manipulate their logging config
and adding magic logging configs and reading tons of log to take such notice.
{code:java}
You redirect hell system is just plain wrong giving a 200 instead of 401 and
then continue with the auth and redirect back to the original resouce, isn't
it?{code}
Yes. The "redirect hell system" of my company is doing that. Corporate
Single-Sign-On systems ofthen do such things as they redirect users to a login
page instead of failing with a 401 and telling the user that they are not
logged in.
That is also why I said in the initial description of this issue:
{code:java}
It seems as if the status code is valid then Maven ...{code}
So now I changed the repository config in my {{settings.xml}} by adding:
{code:java}
<checksumPolicy>fail</checksumPolicy>
{code}
But still I get
{code:java}
BUILD SUCCESS{code}
and also the invalid pom and sha1 files are recreated in my local repo even
though I delted the entire folder before running maven with the updated policy.
Maybe you could tell me if you agree that maven is somehow behaving wrong here
or is my expectation of how maven should behave wrong?
> HTML content in POM: Maven should validate content before storing in local
> repo
> -------------------------------------------------------------------------------
>
> Key: MNG-6679
> URL: https://issues.apache.org/jira/browse/MNG-6679
> Project: Maven
> Issue Type: Bug
> Environment: both with maven 3.6.0 in CMD or in Eclipse 4.9.0
> Reporter: Jörg Hohwiller
> Assignee: Michael Osipov
> Priority: Major
> Fix For: waiting-for-feedback
>
>
> For some odd reasons somethimes errors just happen and a maven repo delivers
> an HTML error or login page for a request of a POM or JAR file. It seems as
> if the status code is valid then Maven (might be anything under the hood,
> maybe even ether?) is saving the result without any sanity check or
> validation.
> Therefore I frequently end up with "POM" or "JAR" files in my local repo that
> are no XML but HTML nonsens.
>
> Example:
> {code:java}
> <!--
> DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
>
> Copyright (c) 2007 Sun Microsystems Inc. All Rights Reserved
>
> The contents of this file are subject to the terms
> of the Common Development and Distribution License
> (the License). You may not use this file except in
> compliance with the License.
> You can obtain a copy of the License at
> https://opensso.dev.java.net/public/CDDLv1.0.html or
> opensso/legal/CDDLv1.0.txt
> See the License for the specific language governing
> permission and limitations under the License.
> When distributing Covered Code, include this CDDL
> Header Notice in each file and include the License file
> at opensso/legal/CDDLv1.0.txt.
> If applicable, add the following below the CDDL Header,
> with the fields enclosed by brackets [] replaced by
> your own identifying information:
> "Portions Copyrighted [year] [name of copyright owner]"
> $Id: index.html,v 1.2 2008/06/25 05:48:51 qcheng Exp $
> -->
> <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
> <html>
> <head>
> <title>Please Wait While Redirecting to Login page</title>
> <script language="JavaScript"> <!--
> function redirectToAuth() {
> var params = getQueryParameters();
> var url = 'UI/Login';
> if (params != '') {
> url += params;
> }
> top.location.replace(url);
> }
> function getQueryParameters() {
> var loc = '' + location;
> var idx = loc.indexOf('?');
> if (idx != -1) {
> return loc.substring(idx);
> } else {
> return '';
> }
> }
> //-->
> </script>
> </head>
> <body bgcolor="#FFFFFF" onLoad="redirectToAuth();">
> </body>
> </html>
> {code}
> I would expect maven to verify the content before officially placing it in
> the correct location inside the local maven repository on my disc.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
