spring-boot-thin-launcher icon indicating copy to clipboard operation
spring-boot-thin-launcher copied to clipboard

Published 20 hours ago verified publisher icon spring-projects-experimental

Remote repository credentials not used

Open xtro8 opened this issue 4 years ago • 3 comments

When I attempt to run my application after creating my thin jar (using 1.0.27-RELEASE), it appears as though it is not using the credentials for my remote repository. Based on the output when I trace it, it is reading my settings.xml but it doesn't send the request to the server using the username and password.

Here's a snippet from the output I received indicating it is reading settings.xml and reporting 'unauthorized' when trying to reach my repository (I replaced info I wish to obfuscate with dashes, just to avoid confusion):

Nov 17, 2021 7:54:40 AM org.springframework.boot.loader.thin.MavenSettingsReader loadSettings
INFO: Reading settings from: C:\Users\--------\.m2\settings.xml
Exception in thread "main" java.lang.reflect.InvocationTargetException
        at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.base/java.lang.reflect.Method.invoke(Method.java:566)
        at org.springframework.boot.loader.wrapper.ThinJarWrapper.launch(ThinJarWrapper.java:139)
        at org.springframework.boot.loader.wrapper.ThinJarWrapper.main(ThinJarWrapper.java:107)
Caused by: java.lang.IllegalStateException: hidden.org.eclipse.aether.resolution.ArtifactResolutionException: The following artifacts could not be resolved: --------------------- from/to nexus (http://------------:----/repository/maven-public/): status code: 401, reason phrase: Unauthorized (401)
        at org.springframework.boot.loader.thin.DependencyResolver.collectNonTransitive(DependencyResolver.java:567)
        at org.springframework.boot.loader.thin.DependencyResolver.aetherDependencies(DependencyResolver.java:247)
        at org.springframework.boot.loader.thin.DependencyResolver.dependencies(DependencyResolver.java:199)
        at org.springframework.boot.loader.thin.PathResolver.extract(PathResolver.java:259)
        at org.springframework.boot.loader.thin.PathResolver.resolve(PathResolver.java:105)
        at org.springframework.boot.loader.thin.ThinJarLauncher.getClassPathArchives(ThinJarLauncher.java:369)
        at org.springframework.boot.loader.thin.ThinJarLauncher.getClassPathArchives(ThinJarLauncher.java:352)
        at org.springframework.boot.loader.thin.ThinJarLauncher.getClassPathArchivesIterator(ThinJarLauncher.java:200)
        at org.springframework.boot.loader.Launcher.launch(Launcher.java:55)
        at org.springframework.boot.loader.thin.ThinJarLauncher.launch(ThinJarLauncher.java:195)
        at org.springframework.boot.loader.thin.ThinJarLauncher.main(ThinJarLauncher.java:141)
        ... 6 more

Here is my settings.xml i am using:

<settings>
  <mirrors>
    <mirror>
      <id>nexus</id>
      <mirrorOf>*</mirrorOf>
      <url>http://--------:----/repository/maven-public/</url>
    </mirror>
  </mirrors>
  <activeProfiles>
   <activeProfile>nexus</activeProfile>
  </activeProfiles>
  <profiles>
      <profile>
        <id>nexus</id>
        <activation>
          <activeByDefault>true</activeByDefault>
        </activation>
        <repositories>
          <repository>
            <id>nexus</id>
            <name>maven</name>
            <url>http://--------:----/repository/maven-public/</url>
            <releases>
              <enabled>true</enabled>
            </releases>
            <snapshots>
              <enabled>true</enabled>
            </snapshots>
          </repository>
        </repositories>
      </profile>
  </profiles>
  <servers>
    <server>
      <id>nexus</id>
      <username>user</username>
      <password>password</password>
    </server>
  </servers>
</settings>

It goes without saying that if i also try to encrypt the password using the settings-security.xml as well, it doesn't work either. I tried capturing the packets using Wireshark as well and saw the requests to Nexus are being sent over without the Authentication info contained within the settings.xml.

Any thoughts on why it would be reading the settings but not using the credentials when reaching out to the repositories to download the dependencies?

xtro8 avatar Nov 17 '21 15:11 xtro8

Let me know if you ever figured this out. I had the same issue and gave up. This project seems like a really great idea, and I'm hoping they take it seriously and move it out of the "experimental" soon.

ChozenToguchi avatar Nov 30 '21 21:11 ChozenToguchi

Maybe because it's declared as a mirror? Is it for all dependencies, or just specific ones?

dsyer avatar May 03 '22 17:05 dsyer

I think mirrors are being discarded (up to 1.0.28). Can you try with a snapshot? It's a bit hard to test, but you obviously have an environment where it will work if we fix it right.

dsyer avatar May 04 '22 07:05 dsyer

No response. Assume the fix worked.

dsyer avatar Dec 16 '22 16:12 dsyer