Maven tries to download twice, first one without auth

Francois Marot Fri, 20 Aug 2021 07:13:22 -0700

Hello Maven users,

I face a strange problem that I'd like to describe. I'm setting up a new
artifact repository and this is JFrog's Artifactory.
I have build freeze problems (which I still no have solved) so during my
investigations I found this in Artifactory's logs:


- - - - - - - - - - - - - - - - - - - - - - - - -
2021-08-19T16:07:55.729Z|339817580d4decc9|192.168.38.137|non_authenticated_user|GET|/maven-libs-release/org/apache/velocity/velocity/1.5/velocity-1.5.pom|
*401*|-1|0|0|Apache-Maven/3.8.2 (Java 11.0.8; Linux
3.10.0-1160.25.1.el7.x86_64)

2021-08-19T16:07:55.734Z|123110ba8a2e7eb9|192.168.38.137|token:ci-fake-user|GET|/maven-libs-release/org/apache/velocity/velocity/1.5/velocity-1.5.pom|200|-1|7714|2|Apache-Maven/3.8.2
(Java 11.0.8; Linux 3.10.0-1160.25.1.el7.x86_64)
2021-08-19T16:07:55.743Z|f0d9c80461c879fd|192.168.38.137|token:ci-fake-user|GET|/maven-libs-release/org/apache/velocity/velocity/1.5/velocity-1.5.pom.sha1|200|-1|40|3|Apache-Maven/3.8.2
(Java 11.0.8; Linux 3.10.0-1160.25.1.el7.x86_64)

2021-08-19T16:07:55.752Z|6500587859c8a99c|192.168.38.137|non_authenticated_user|GET|/maven-libs-release/commons-collections/commons-collections/3.2.2/commons-collections-3.2.2.pom|
*401*|-1|0|0|Apache-Maven/3.8.2 (Java 11.0.8; Linux
3.10.0-1160.25.1.el7.x86_64)

2021-08-19T16:07:55.758Z|32c027e38c5f6b49|192.168.38.137|token:ci-fake-user|GET|/maven-libs-release/commons-collections/commons-collections/3.2.2/commons-collections-3.2.2.pom|200|-1|12403|3|Apache-Maven/3.8.2
(Java 11.0.8; Linux 3.10.0-1160.25.1.el7.x86_64)
2021-08-19T16:07:55.766Z|1dce46d14ae35ed3|192.168.38.137|token:ci-fake-user|GET|/maven-libs-release/commons-collections/commons-collections/3.2.2/commons-collections-3.2.2.pom.sha1|200|-1|40|2|Apache-Maven/3.8.2
(Java 11.0.8; Linux 3.10.0-1160.25.1.el7.x86_64)

2021-08-19T16:07:55.774Z|a37b50bee467027a|192.168.38.137|non_authenticated_user|GET|/maven-libs-release/org/apache/commons/commons-parent/39/commons-parent-39.pom|
*401*|-1|0|1|Apache-Maven/3.8.2 (Java 11.0.8; Linux
3.10.0-1160.25.1.el7.x86_64)

2021-08-19T16:07:55.779Z|8c4ca838bc43d3b2|192.168.38.137|token:ci-fake-user|GET|/maven-libs-release/org/apache/commons/commons-parent/39/commons-parent-39.pom|200|-1|61975|2|Apache-Maven/3.8.2
(Java 11.0.8; Linux 3.10.0-1160.25.1.el7.x86_64)
2021-08-19T16:07:55.793Z|9d2ce78abf97f47e|192.168.38.137|token:ci-fake-user|GET|/maven-libs-release/org/apache/commons/commons-parent/39/commons-parent-39.pom.sha1|200|-1|40|3|Apache-Maven/3.8.2
(Java 11.0.8; Linux 3.10.0-1160.25.1.el7.x86_64)

2021-08-19T16:07:55.801Z|8d5e469c8d929120|192.168.38.137|non_authenticated_user|GET|/maven-libs-release/org/apache/apache/16/apache-16.pom|
*401*|-1|0|0|Apache-Maven/3.8.2 (Java 11.0.8; Linux
3.10.0-1160.25.1.el7.x86_64)

2021-08-19T16:07:55.807Z|2e1b208f4afeae52|192.168.38.137|token:ci-fake-user|GET|/maven-libs-release/org/apache/apache/16/apache-16.pom|200|-1|15507|2|Apache-Maven/3.8.2
(Java 11.0.8; Linux 3.10.0-1160.25.1.el7.x86_64)
2021-08-19T16:07:55.815Z|b634f0399cad3c56|192.168.38.137|token:ci-fake-user|GET|/maven-libs-release/org/apache/apache/16/apache-16.pom.sha1|200|-1|40|2|Apache-Maven/3.8.2
(Java 11.0.8; Linux 3.10.0-1160.25.1.el7.x86_64)

2021-08-19T16:07:55.825Z|befe40b044d34700|192.168.38.137|non_authenticated_user|GET|/maven-libs-release/commons-lang/commons-lang/2.1/commons-lang-2.1.pom|
*401*|-1|0|1|Apache-Maven/3.8.2 (Java 11.0.8; Linux
3.10.0-1160.25.1.el7.x86_64)
- - - - - - - - - - - - - - - - - - - - - - - - -

as you can see, for each pom artifact, it seems like Maven does a first
request not authenticated (hence the "|401|" in the logs) and then another
one authenticated. This second one succeeds.
I corrected this problem by adding a httpHeader property (see below) with
the same value as the "password" field (that was previously the only place
where I wrote the password) and now I have correct logs with only one
request and no 401 anymore.

- - - - - - - - - - - - - - - - - - - - - - - - -
<servers>
    <server>
      <username>ci-fake-user</username>
      <password>XXXXXXX</password>
      <id>releases</id>
 <configuration>
        <httpHeaders>
          <property>
            <name>Authorization</name>
            <value>Bearer XXXXXXX</value>
          </property>
        </httpHeaders>
      </configuration>
    </server>
    <server>
      <username>ci-fake-user</username>
      <password>XXXXXXX</password>
      <id>snapshots</id>
 <configuration>
        <httpHeaders>
          <property>
            <name>Authorization</name>
            <value>Bearer XXXXXXX</value>
          </property>
        </httpHeaders>
      </configuration>
    </server>
  </servers>
- - - - - - - - - - - - - - - - - - - - - - - - -

I tested with Maven  3.6.3, 3.8.1 and 3.8.2
Do you have an explanation to my strange problem ?

Regards

François

PS: it seems Nabble forums are closed. I used to access the Maven mailing
list through Nabble (I really don't like interracting in a forum-like place
with email, I prefer good old web pages). So goodby Nabble, I'll miss you.

Maven tries to download twice, first one without auth

Reply via email to