maven - Hide HTTP password when downloading maven artifacts

Question

We have a password protected Maven repository. When downloading the http password is shown on the console:

Downloading: https://arved:passw0rd@maven.arved.at/content/groups/arved/org/apache/xbean/xbean-naming/3.7/xbean-naming-3.7.jar

Is it possible to hide the password somehow?

Answer 1

您的存储库配置（URL）可能是错误的，请查看此页面： http ://maven.apache.org/guides/mini/guide-encryption.html （加密是可选的）

您只需将密码输入$HOME/.m2/settings.xml

<settings>
...
  <servers>
...
    <server>
      <id>arved-repository</id>
      <username>arved</username>
      <password>passw0rd</password>
    </server>
...
  </servers>
...
</settings>

并使用之前定义的 server.id在pom.xml中配置存储库：

<project>
...
  <repositories>
    <repository>
      <id>arved-repository</id>
      <name>Arved Repository</name>
      <url>https://maven.arved.at/content/groups/arved</url>
    </repository>
...
</project>

Answer 2

一种方法是猴子补丁 URI::HTTP。以下代码可以改进，但显示了总体思路。

# Patch HTTP.to_s so it does not reveal passwords
module URI
  class HTTP
    def to_s
      url = ''
      if @scheme
        url << @scheme
        url << ':'
      end
      if @host
        url << '//'
      end
      if self.userinfo
        url << @user
        if @password
          url << ':***'
        end
        url << '@'
      end
      if @host
        url << @host
      end
      if @port
        url << ':'
        url << @port.to_s
      end
      url << path_query
      if @fragment
        url << '#'
        url << @fragment
      end
      url
    end
  end
end