Details
-
Bug
-
Resolution: Invalid
-
Medium
Description
hi,
a few days ago I started to use Bitbucket.org; my bitbucket account is "nimblebit".
So I have tried to use Bitbucket.org as repository SCM and as remote repository to hold custom Maven artifacts and dependencies.
I noticed a bug ... I have created a repository PRIVATE "m2_repo" and filled with a test library dependency "test-api" and I run my pom.xml (see below).
**
I am able to download the contents of my private repository without authentication ... also my colleague, who NOT has an account on bitbucket, he is also able to download the contents of my private repository without authentication!!
**
Below pom.xml I use!
#!xml <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd"> <modelVersion>4.0.0</modelVersion> <groupId>it.fastbookspa.test</groupId> <artifactId>test-app</artifactId> <version>1.0-SNAPSHOT</version> <packaging>war</packaging> <name>test-app Maven Webapp</name> <url>http://maven.apache.org</url> <properties> <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> <!-- SAME PROBLEM: ANONYMOUS ACCESS <m2_repo.path>https://bitbucket.org/nimblebit/m2_repo/raw/master</m2_repo.path> --> <m2_repo.path>https://bitbucket.org/nimblebit/m2_repo/raw</m2_repo.path> </properties> <dependencies> <dependency> <groupId>junit</groupId> <artifactId>junit</artifactId> <version>3.8.1</version> <scope>test</scope> </dependency> <dependency> <groupId>it.fastbookspa.test</groupId> <artifactId>test-api</artifactId> <version>1.0-SNAPSHOT</version> </dependency> </dependencies> <repositories> <repository> <id>m2_repo_snapshots</id> <name>m2_repo snapshots</name> <url>${m2_repo.path}/snapshots</url> <releases> <enabled>false</enabled> <updatePolicy>always</updatePolicy> <!-- <checksumPolicy>warn</checksumPolicy> --> </releases> <snapshots> <enabled>true</enabled> <updatePolicy>never</updatePolicy> <!-- <checksumPolicy>fail</checksumPolicy> --> </snapshots> <layout>default</layout> </repository> <repository> <id>m2_repo_releases</id> <name>m2_repo releases</name> <url>${m2_repo.path}/releases</url> <releases> <enabled>true</enabled> <updatePolicy>always</updatePolicy> <!-- <checksumPolicy>fail</checksumPolicy> --> </releases> <snapshots> <enabled>false</enabled> <updatePolicy>always</updatePolicy> <!-- <checksumPolicy>warn</checksumPolicy> --> </snapshots> <layout>default</layout> </repository> </repositories> <build> <finalName>test-app</finalName> </build> </project>
Best regards
Orazio
Message 1 of 2