[
https://issues.apache.org/jira/browse/IVY-1280?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16403338#comment-16403338
]
jaikiran pai commented on IVY-1280:
-----------------------------------
Personally, I don't think we should include this in its current form. As noted
by the OP, it's not clear how it behaves in different auth schemes.
Furthermore, this change doesn't have any test cases associated with it so it's
hard to verify the behavior of this feature, especially since this relates to
authentication. Finally, I don't have much knowledge on whether we expose these
underlying library (HttpClient in this case) specific features through the task
attributes - I haven't spent too much time looking for similar examples though,
so this last concern maybe irrelevant.
> Ivy does not keep track of HTTP session when BASIC authentication is used
> -------------------------------------------------------------------------
>
> Key: IVY-1280
> URL: https://issues.apache.org/jira/browse/IVY-1280
> Project: Ivy
> Issue Type: Improvement
> Components: Core
> Affects Versions: 2.2.0
> Environment: Any
> Reporter: Anders Jacobsson
> Priority: Minor
>
> When publishing through <ant:publish>, each PUT request towards the URL
> resolver (Artifactory, protected with BASIC authentication) seems to be
> duplicated, the first request without any authorization header and the second
> one with. This creates unnecessary network traffic and increases build time.
> Ivy should keep track of any established HTTP session and reuse that one,
> i.e. only the very first request is duplicated.
> I am using Commons HttpClient.
> An alternative would be to expose preemptive authentication so that it is
> configurable. It is less secure but still useful as it would probably mostly
> be used for internal resolvers.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
