Hi,
I'm experiencing this problem for a long time when using anonymous access
from Gradle with a non-anonymous repository in a group. I will try to
explain the scenario.
- I have 1 secret repository with non-anonymous access that is included in
the libs-release group
- Anonymous user can access(read, deploy to all remote) all repositories but
secret
- When building with Gradle 1.0 it tries to resolve JAR artifacts even for
POM modules. The problem is that when JAR does not exists it expects 404 but
receives 401 instead.
- The same behavior when using both maven or artifactory plugin
Here is an example:
* What went wrong:
Could not resolve all dependencies for configuration ':testRuntime'.
> Could not resolve group:org.apache.commons, module:commons-compress,
> version:1.3.
Required by:
com.example:gradle-test:1.0-SNAPSHOT
> Could not resolve group:org.apache.commons, module:commons-parent,
version:22.
> Could not resolve group:org.apache, module:apache, version:9.
> Could not HEAD
'http://localhost:8081/artifactory/libs-release/org/apache/apache/9/apache-9.jar'.
Received status code 401 from server: Download request for repo:path
'secret-repo:org/apache/apache/9/apache-9.jar' is forbidden for user
'anonymous'.
Build script:
apply plugin: 'java'
apply plugin: 'maven'
group = 'com.example'
version = '1.0-SNAPSHOT'
repositories {
maven {
url "http://localhost:8081/artifactory/libs-release";
/*
credentials {
username "developer"
password "mysecretpass"
}*/
}
}
dependencies {
compile "org.apache.commons:commons-compress:1.3" // shouldn't fail
//compile "test:secret-artifact:1.0" // should fail
}
If the user does not have privileges to read from a repository that is in
group shouldn't it be excluded from the resolving logic and return 404 if
the artifact is not found? And return 401 only if the artifact is found in
the secret repo?
I can send you a quick guide how to set up a vanilla Artifactory
installation (2.6.1) to reproduce this. Any comments are welcome.
Thanks,
Michal
http://forums.jfrog.org/file/n7578040/any-but-secret.PNG any-but-secret.PNG
http://forums.jfrog.org/file/n7578040/any-remote.PNG any-remote.PNG
http://forums.jfrog.org/file/n7578040/secret.PNG secret.PNG
--
View this message in context:
http://forums.jfrog.org/401-when-using-Gradle-and-anonymous-access-tp7578040.html
Sent from the Artifactory - Users mailing list archive at Nabble.com.
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Artifactory-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/artifactory-users
