Alix Lourme created MRM-1845:
--------------------------------
Summary: Virtual repository not accessible behind https reverse
proxy
Key: MRM-1845
URL: https://jira.codehaus.org/browse/MRM-1845
Project: Archiva
Issue Type: Bug
Components: repository interface
Affects Versions: 2.0.1, 1.4-M4
Environment: Archiva in intranet company, accessed from internet with
a https reverse proxy
Reporter: Alix Lourme
+Context+ :
* Company with multiple repositories (internet/proxied ... snapshot/release) =>
a virtual repository is configured to provide central access.
* No credentials configured to access to Archiva (except admin).
* This _virtual_ repository is used from internet (suppliers, personal dev,
etc) in *https*, a IT reverse proxy bind https internet url to intranet Archiva
url.
+Use case+ :
|| Url || Result ||
|
http://repository.company-intranet.com/repository/company-releases/groupId/artifactId
| works |
| http://repository.company-intranet.com/repository/virtual/groupId/artifactId
| works |
|
https://repository.company-internet.com/repository/company-releases/groupId/artifactId
| works (with proxy credentials ... browser or maven) |
| https://repository.company-internet.com/repository/virtual/groupId/artifactId
| *don't works : HTTP 401* |
_Virtual_ respository from https wan't credentials, with domain : *Repository
Archiva Managed virtual Repository* (Powered by _Jetty_).
After some tests and http call analysis, _virtual_ repository has inconvenience
with the header :
{code}
Authorization: Basic Zm9vOm5pY2VUcnkh
{code}
This header is filled by reverse proxy.
_virtual_ repository has no reason to have a different security strategy
compared to _classic_ repository => whence this bug.
----
+Workaround+ : If an Apache is in front of Archiva, you could cancel this
problem with this configuration rule in _VirtualHost_ context (prerequisite :
_headers_module_):
{code}
RequestHeader unset Authorization
{code}
--
This message was sent by Atlassian JIRA
(v6.1.6#6162)
