pom.xml included in generated jar

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

pom.xml included in generated jar

Andreas Lundblad
I'm using webstart-1.0-beta-4.pom to generate jars and jnlp-file for my project.

I discovered that the resulting .jar-file included (in the META-INF directory) the project pom.xml file. Kind of bad since it contains my keystore password.

Is this the intended behavior? If so, how should I avoid leaking the password?

best regards,
Andreas Lundblad
Reply | Threaded
Open this post in threaded view
|

Re: pom.xml included in generated jar

Anders Hammar
Yes, that is intended.

You should not have any passwords in your pom. Keep them in your settings.xml or as environment variables.

/Anders


On Fri, Dec 6, 2013 at 3:49 PM, Andreas Lundblad <[hidden email]> wrote:
I'm using webstart-1.0-beta-4.pom to generate jars and jnlp-file for my project.

I discovered that the resulting .jar-file included (in the META-INF directory) the project pom.xml file. Kind of bad since it contains my keystore password.

Is this the intended behavior? If so, how should I avoid leaking the password?

best regards,
Andreas Lundblad

Reply | Threaded
Open this post in threaded view
|

Re: pom.xml included in generated jar

Andreas Lundblad
Thanks for your quick reply Anders,


On Fri, Dec 6, 2013 at 3:52 PM, Anders Hammar <[hidden email]> wrote:
Yes, that is intended.

You should not have any passwords in your pom. Keep them in your settings.xml or as environment variables.

/Anders


On Fri, Dec 6, 2013 at 3:49 PM, Andreas Lundblad <[hidden email]> wrote:
I'm using webstart-1.0-beta-4.pom to generate jars and jnlp-file for my project.

I discovered that the resulting .jar-file included (in the META-INF directory) the project pom.xml file. Kind of bad since it contains my keystore password.

Is this the intended behavior? If so, how should I avoid leaking the password?

best regards,
Andreas Lundblad