I recently activated security on my Artifactory instance which cause several
issue. One remains and seems a bit strange. This might be more a Maven use
than an Artifactory issue but I am strongly interessted if you had previous
experience with this case:
Maven use HTTP HEAD to check if a new SNAPSHOT has been deployed. However,
when security is enabled, the first call is done without authentication
header, resulting in a 401 Response from Artifactory.
Maven is then supposed to perform the same call with an authentication
header. This is the case for maven-metadata.xml files.
But for .pom and .jar files, the request is not re-attempted as shown in the
log below:
20150303104244|3|REQUEST|xxx.xxx.xxx.xxx|non_authenticated_user|GET|/libs-snapshot-local/mycompany/common/common-config/1.0.4-SNAPSHOT/maven-metadata.xml|HTTP/1.1|401|0
20150303104244|12|REQUEST|xxx.xxx.xxx.xxx|user|GET|/libs-snapshot-local/mycompany/common/common-config/1.0.4-SNAPSHOT/maven-metadata.xml|HTTP/1.1|200|322
20150303104244|40|REQUEST|xxx.xxx.xxx.xxx|user|GET|/libs-snapshot-local/mycompany/common/common-config/1.0.4-SNAPSHOT/maven-metadata.xml.sha1|HTTP/1.1|200|40
20150303104244|4|REQUEST|xxx.xxx.xxx.xxx|user|GET|/libs-snapshot-local/mycompany/common/common-config/1.0.4-SNAPSHOT/maven-metadata.xml.md5|HTTP/1.1|200|32
20150303104245|2|REQUEST|xxx.xxx.xxx.xxx|non_authenticated_user|HEAD|/libs-snapshot-local/mycompany/myproject/myproject-interface/2.0.0-SNAPSHOT/myproject-interface-2.0.0-SNAPSHOT.jar|HTTP/1.1|401|0
20150303104245|2|REQUEST|xxx.xxx.xxx.xxx|non_authenticated_user|HEAD|/libs-snapshot-local/mycompany/myproject/myproject-interface/2.0.0-SNAPSHOT/myproject-interface-2.0.0-SNAPSHOT.jar|HTTP/1.1|401|0
As explained the maven-metadata.xml file download is reattempted with user
credentials but the myproject-interface-2.0.0-SNAPSHOT.jar is not.
I tried to enable the preemtive authentication for that server but I could
not find any change in Maven behaviour :
<server>
<id>snapshot</id>
<username>user</username>
<password>xxx</password>
<configuration>
<httpConfiguration>
<all>
<usePreemptive>true</usePreemptive>
<params>
<property>
<name>http.authentication.preemptive</name>
<value>%b,true</value>
</property>
</params>
</all>
</httpConfiguration>
</configuration>
</server>
This only concerns the update of existing SNAPSHOT as downloading new
artifacts is done with HTTP GET with contains the autentication header (at
least with a retry).
This still prevents a correct usage of SNAPSHOT artifacts.
--
View this message in context:
http://forums.jfrog.org/Authenticated-HEAD-call-from-Maven-to-Artifactory-tp7580229.html
Sent from the Artifactory - Users mailing list archive at Nabble.com.
------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the
conversation now. http://goparallel.sourceforge.net/
_______________________________________________
Artifactory-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/artifactory-users
