[jira] [Commented] (SCM-513) Empty password is not propagated to server

Wed, 11 Jun 2025 19:25:44 -0700 


    [ 
https://issues.apache.org/jira/browse/SCM-513?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17961879#comment-17961879
 ] 

ASF GitHub Bot commented on SCM-513:
------------------------------------

jira-importer opened a new issue, #730:
URL: https://github.com/apache/maven-scm/issues/730

   **[Benjamin 
Bentmann](https://issues.apache.org/jira/secure/ViewProfile.jspa?name=bentmann)**
 opened 
**[SCM-513](https://issues.apache.org/jira/browse/SCM-513?redirect=false)** and 
commented
   
   For instance, the command
   
   ```
   mvn org.apache.maven.plugins:maven-scm-plugin:1.2:checkout
     -D 
connectionUrl=scm:svn:https://svn.dev.java.net/svn/hudson/tags/build-timeout-1.5/
     -D checkoutDirectory=test
     -D username=guest -D "password="
   ```
   
   fails with
   
   ```
   authorization failed: Could not authenticate to server: rejected Basic 
challenge (https://svn.dev.java.net)
   ```
   
   because the issued cmd line is
   
   ```
   cmd.exe /X /C "svn --username guest --non-interactive checkout https://...
   ```
   
   instead of
   
   ```
   cmd.exe /X /C "svn --username guest --password "" --non-interactive checkout 
https://...
   ```
   
   i.e. the empty password is not propagated to the server, making the auth 
challenge fail.
   
   Note: To reproduce this issue, the svn client's auth cache in 
`auth/svn.simple` must be empty. Otherwise, a the cached auth data from a 
successful login will shadow the issue.
   
   
   ---
   
   **Affects:** 1.2
   
   **Attachments:**
   - 
[empty-password.patch](https://issues.apache.org/jira/secure/attachment/12718752/empty-password.patch)
 (_1.73 kB_)
   




> Empty password is not propagated to server
> ------------------------------------------
>
>                 Key: SCM-513
>                 URL: https://issues.apache.org/jira/browse/SCM-513
>             Project: Maven SCM (Moved to GitHub Issues)
>          Issue Type: Bug
>          Components: maven-plugin, maven-scm-provider-svn
>    Affects Versions: 1.2
>            Reporter: Benjamin Bentmann
>            Assignee: Olivier Lamy
>            Priority: Major
>         Attachments: empty-password.patch
>
>
> For instance, the command
> {noformat}
> mvn org.apache.maven.plugins:maven-scm-plugin:1.2:checkout
>   -D 
> connectionUrl=scm:svn:https://svn.dev.java.net/svn/hudson/tags/build-timeout-1.5/
>   -D checkoutDirectory=test
>   -D username=guest -D "password="
> {noformat}
> fails with
> {noformat}
> authorization failed: Could not authenticate to server: rejected Basic 
> challenge (https://svn.dev.java.net)
> {noformat}
> because the issued cmd line is
> {noformat}
> cmd.exe /X /C "svn --username guest --non-interactive checkout https://...
> {noformat}
> instead of
> {noformat}
> cmd.exe /X /C "svn --username guest --password "" --non-interactive checkout 
> https://...
> {noformat}
> i.e. the empty password is not propagated to the server, making the auth 
> challenge fail.
> Note: To reproduce this issue, the svn client's auth cache in 
> {{auth/svn.simple}} must be empty. Otherwise, a the cached auth data from a 
> successful login will shadow the issue.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to