On 2023-03-20, Kamran Manzoor wrote:

> Thanks a lot for looking into this. I thought the issue was request related
> but it is in response handling. It means it does trigger the request which
> I have verified and it seems like the auth header is missing :(. I have
> tried with default URL handler and even with older ivy version 2.4.0 with
> older commons-httpclient. Nothing seems to send the auth header with
> credentials :(. You may simply run this example i.e., *ant -verbose
> retrieve* and see the request captured here:
> *https://beeceptor.com/console/ivytry
> <https://beeceptor.com/console/ivytry> *

I believe this is because your service there doesn't require any
authentcation at all. Apache HttpClient doesn't do preemptive
authentication, it only sends credentials when really necessary. This is
understandable from a security perspective. Why send credentials to
somebody who never wanted them in the first place.

So it performs an HTTP GET without any credentials and if this request
succeeds, that's it. And this happens with your beeceptor example.

You probably need to make beeceptor return 401 on the first request
answering with

WWW-Authenticate: Basic realm=Basic

or the configured credentials are not going to be ever used.


Reply via email to