Hi Stanley,

This is a very useful extension. Thank you!

We successfully used it for a multi-module project where we need username/password for tests calling a web service and we do not want to store them in source control in plaintext in the pom.xml.

It all works well in pure Maven builds (on CI build server) and also with the Intellij IDE (we use Community Edition) and its Maven integration.

But in Eclipse (tested in Oxygen and Mars) the extension does not seem to have any effect. None of the property expressions of the form ${settings.servers.*} are substituted.

Is this a known limitation? Do you know if we need to install or configure something in Eclipse to make the extension work within the Eclipse Maven life-cycle integration?

Thanks
Oliver

I've bound a command to the deploy lifecycle that needs the server username and password, but it doesn't interpret them correctly. When I run mvn with -X I get the below output, showing that it's just using the literal values.

<location>scp://${settings.servers.server.eApp.username}:${settings.servers.server.eApp.password}

I have the extension installed in my pom.xml as shown below.

    <build>
    <extensions>
        <!--Lets us access the server variables from settings.xml with the following syntax ${settings.servers.server.<server id>.<property>}-->
        <extension>
            <groupId>com.github.shyiko.servers-maven-extension</groupId>
            <artifactId>servers-maven-extension</artifactId>
            <version>1.0.0</version>
        </extension>
    </extensions>

Assume you have a settings.xml with this content:

        <server>
            <id>generic-snapshot-local</id>
            <username>SRNME</username>
            <password>PSSWRD</password>
        </server>

Further assume Maven is running at the DEBUG log level.
In that case, you can expect the following to appear in the log output:

[DEBUG] properties used {..., settings.servers.server.generic-release-local.username=SRNME, ..., settings.servers.server.generic-release-local.password=PSSWRD, ...}

Now cleartext passwords are NOT what you want to see in a build log: Developers will forget to delete them because they are occupied with whatever other problem they are trying to solve, usually under pressure from a deadline.
(Background: I'm in the Fintech industry. Having logs with passwords is not just a no-no and a slap on the fingers, it's the kind of stuff that can get you fired. As it stands, I cannot use the plugin.)

I can see two alternatives how to deal with this:
a) Somehow suppress the output in the logs. This affects not just the outputs from Maven itselfs but also that of plugins, though one could arguably maintain the position that plugins have no business printing all properties willy-nilly (in my build, that's just install4j-maven-plugin, but more may exist).
b) Clearly document the security implications in the documentation of server-maven-extension.

I guess (b) is necessary to do first, because doing (a) is going to be pretty difficult, and if Maven internally does not have a way to mark properties as "secret, do not print", (b) will have to stay even if (a) is implemented.

Hi,

your plugin is great, but i cannot use an encrypted password :(

http://maven.apache.org/guides/mini/guide-encryption.html

it seems possible to do so, for example the maven-gae-plugin can do it.

Can you add this support in some next version ?

Regards,

I am receiving this error when using encrypted passwords in my settings.xml file:

[ERROR] Failed to expose settings.servers.*: Illegal group reference -> [Help 1]
org.apache.maven.MavenExecutionException: Failed to expose settings.servers.*
        at com.github.shyiko.sme.ServersExtension.afterProjectsRead(ServersExtension.java:97)
        at org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:266)
        at org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:193)
        at org.apache.maven.DefaultMaven.execute(DefaultMaven.java:106)
        at org.apache.maven.cli.MavenCli.execute(MavenCli.java:863)
        at org.apache.maven.cli.MavenCli.doMain(MavenCli.java:288)
        at org.apache.maven.cli.MavenCli.main(MavenCli.java:199)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced(Launcher.java:289)
        at org.codehaus.plexus.classworlds.launcher.Launcher.launch(Launcher.java:229)
        at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode(Launcher.java:415)
        at org.codehaus.plexus.classworlds.launcher.Launcher.main(Launcher.java:356)
Caused by: java.lang.IllegalArgumentException: Illegal group reference
        at java.util.regex.Matcher.appendReplacement(Matcher.java:857)
        at com.github.shyiko.sme.ServersExtension.decryptInlinePasswords(ServersExtension.java:106)
        at com.github.shyiko.sme.ServersExtension.afterProjectsRead(ServersExtension.java:74)
        ... 14 more

Contents of POM:

<build>
        <extensions>
            <extension>
                <groupId>com.github.shyiko.servers-maven-extension</groupId>
                <artifactId>servers-maven-extension</artifactId>
                <version>1.3.0</version>
            </extension>
        </extensions>
...

If I escape the curly braces with an '', the error goes away, but then the strings are not recognized as encrypted passwords.

Any help would be appreciated.