Maven credentials cached by daemon?


(Jay Berkenbilt) #1

I was trying to write a little code in my build.gradle to read an encrypted nexus password out of a file for use in uploadArchives but to make sure that it was done in such a way that, if the file couldn’t be found or there was some other error, everything else would work except for uploadArchives. So I did the following:

  • Create the file with the password * Run uploadArchives – see the deployment succeed * Remove the file with the password * Run test, see that succeed * Run uploadArchives, expect failure but see success!

Looking at a little more, I realized that if I ran all of the above with --daemon, the deployment succeeded even though I was no longer supplying credentials, but if I ran without --daemon, then the credentials were being saved.

Perhaps this is as intended, but it was a little surprising to me for my deployment to succeed after I removed the credentials. I was explicitly calling

‘’’ uploadArchives {

repositories {

mavenDeployer {

repository(url: “https://xxxx/nexus/content/repositories/snapshots”) {

authentication(auth)

}

}

} } ‘’’

In one case, auth was a map containing userName and password keys. In the second case, it was null. Is there a rational explanation for this? Maybe when auth is not provided or is null, previously used credentials are tried in daemon mode? That seems surprising.


(Peter Niederwieser) #2

As far as I know, the daemon only caches class loaders and such, but doesn’t currently cache any parts of the build model. It certainly doesn’t have any specific knowledge of credentials. Perhaps you are misinterpreting your results? Does the second build really upload a new version? Did you save the edited build script in between?


(Stig Kleppe-Jørgensen) #3

Another reason might be that the repository does not need any auth.


(Jay Berkenbilt) #4

The repository definitely needs auth.

I haven’t reproduced this yet, but it’s possible that what was cached was actually the artifact, not the credentials. I should be able to rule this in or out next time I have a chance to look at this.