Skip to content

[MNG-8425] Fix mvnenc init saving invalid master source configuration#12418

Open
Hiteshsai007 wants to merge 1 commit into
apache:masterfrom
Hiteshsai007:mng-8425-fix
Open

[MNG-8425] Fix mvnenc init saving invalid master source configuration#12418
Hiteshsai007 wants to merge 1 commit into
apache:masterfrom
Hiteshsai007:mng-8425-fix

Conversation

@Hiteshsai007

@Hiteshsai007 Hiteshsai007 commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

[MNG-8425] Fix mvnenc init saving invalid master source configuration

Fixes #10202

Description

This PR fixes MNG-8425 (#10202) where mvn --enc init generates an invalid settings-security4.xml, causing mvn --enc encrypt to fail with "Maven Encryption is not configured."

Root Cause

When the encryption wizard prompts the user to customize an editable value, the template is presented as env:$VARIABLE_NAME. The user is expected to replace only the $VARIABLE_NAME portion (e.g., typing MVN_PASSWORD), but the Init goal saves the raw user input directly — resulting in <value>MVN_PASSWORD</value> instead of the correct <value>env:MVN_PASSWORD</value>.

The MasterDispatcher in plexus-sec-dispatcher then fails validation because no MasterSource recognizes a config string without its required prefix (env:, sys-property:, etc.), producing the error: Configured Source configuration not handled.

Fix

In Init.java, after the user provides their input for an editable field, the code now:

  1. Extracts the prefix from the template (everything before the $ placeholder).
  2. Checks if the user's input already includes the prefix.
  3. Prepends the prefix automatically if missing.

This ensures the generated settings-security4.xml always contains well-formed source values like env:MVN_PASSWORD.

Testing

  • All 468 tests in maven-cli pass.
  • Manually verified that mvn --enc init now writes the correct env: prefix and mvn --enc encrypt succeeds afterward.

  • Your pull request should address just one issue, without pulling in other changes.

  • Write a pull request description that is detailed enough to understand what the pull request does, how, and why.

  • Each commit in the pull request should have a meaningful subject line and body.

  • Write unit tests that match behavioral changes, where the tests fail if the changes to the runtime are not applied.

  • Run mvn verify to make sure basic checks pass.

  • You have run the Core IT successfully.

  • I hereby declare this contribution to be licenced under the Apache License Version 2.0, January 2004

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[MNG-8425] creating maven encryption settings creates invalid settings

1 participant