I see what you mean. I think 403 Forbidden will be more appropriate in that
case because access to Artifactory is always authenticated (when anonymous
is enabled the authentication is implicit).
I can't remember if the 404 response is for historical reasons (old maven
bug), so I opened
an issue (http://issues.jfrog.org/jira/browse/RTFACT-3479) and will look
into it soon.
Back to your problem, your analysis explains why it fails:
You are implicitly logged in as anonymous to Artifactory. Anonymous doesn't
have read access
to the requested file and Artifactory sends 404. When maven receives 404 it
will never try to send
another request with credentials.
Responding with 401 Unauthorized (+the basic authentication header) will
probably solve it,
but again, I'm not sure this is the best solution.
In the mean time you can configure maven to use preemptive authentication,
which causes
it to send the credentials without being asked to.
Yossi
2010/8/31 Marcin Zajączkowski <[email protected]>
> Dnia 31-08-2010 o godz. 9:22 Yossi Shaul napisał(a):
> > Which version of maven you are using? If it's not the latest (2.2.1 or 3
> beta) please try with one of them.
> > Otherwise send your pom and settings to [email protected] and we'll try
> to figure out what's wrong.
>
> I'm using 2.2.1, but I have noticed one more thing. With disabled "allow
> anonymous access" artifactory return 401 Authorization Required in the
> first try and then Maven ask again using credentials [1]. Without
> anonymous access enabled Artifactory returns 404 Not Found (even if
> artifact is in repository and only anonymous doesn't have access to it -
> in access.log there is DOWNLOAD DENIED) and Maven doesn't try again,
> what could be a reason.
>
> Maybe Artifactory could return 401 for repository paths which requires
> for user to be authenticated?
>
>
> [1] - (with "allow anonymous access" disabled)
>
> 20100831113125|0|REQUEST|10.101.6.191|non_authenticated_user|GET|<<artifact>>|HTTP/1.1|401|0
>
> 20100831113127|1656|REQUEST|10.101.6.191|my_user|GET|<<artifact>>|HTTP/1.1|200|348
>
>
> Marcin
>
>
>
> > 2010/8/30 Marcin Zajączkowski <[email protected]>
> >
> > > Dnia 29-08-2010 o godz. 9:30 Yossi Shaul napisał(a):
> > >
> > > > Hi, maven does know how download artifacts from repositories that
> > > require authentication.
> > > > It just does it on the second request (non-preemptive).
> > > > Make sure that the repository ids (for both download and upload
> > > repositories) matches
> > > > the is of the servers in the settings.xml.
> > >
> > > I tried:
> > >
> > > <servers>
> > > <server>
> > > <id>repo-id</id>
> > > <username>user</username>
> > > <password>password</password>
> > > (...)
> > >
> > > <repositories>
> > > <repository>
> > > <snapshots>
> > > <enabled>true</enabled>
> > > </snapshots>
> > > <id>repo-id</id>
> > > <name>repo-id</name>
> > > <url>...</url>
> > > (...)
> > >
> > > Maven shows:
> > > [INFO] snapshot my-group-id:my-artifact-id:1.2.0-SNAPSHOT checking for
> > > updates from repo-id
> > > Downloading:
> > > http://url/.../1.2.0-SNAPSHOT/my-artifact-id-1.2.0-SNAPSHOT.jar
> > > [INFO] Unable to find resource
> > > 'my-group-id:my-artifact-id:1.2.0-SNAPSHOT' in repository repo-id
> (url)
> > >
> > > In Artifactory access.og I have:
> > > 2010-08-30 17:55:01,700 [DENIED DOWNLOAD]
> > > repo-id:url/.../1.2.0-SNAPSHOT/my-artifact-1.2.0-SNAPSHOT.jar for
> > > anonymous/192.168.0.10.
> > >
> > > There is no a second try.
> > > Is it required to define deploy repository to make read access work
> with
> > > password?
> > >
> > > I tried with repo-id being virtual repo name as well a local
> repository
> > > name. With no success. Do you have any suggestion what more can I do
> to
> > > get know why it doesn't work?
> > >
> > >
> > > > Currently the anonymous access is global and there's no way to
> activate
> > > authentication
> > > > for selected repositories.
> > >
> > > I see, if Maven should ask twice (the second one with user/password)
> > > there a global switch is enough.
> > >
> > >
> > > Regards
> > > Marcin
> > >
> > >
> > >
> > > > 2010/8/27 Marcin Zajączkowski <[email protected]>
> > > >
> > > > > Hi,
> > > > >
> > > > >
> > > > > Regarding situation mentioned in [1] I was able to download
> artifact
> > > > > from password protected repository only after "Allow Anonymous
> Access"
> > > > > is unchecked. But it's a global switch. When anonymous access in
> general
> > > > > is granted, nevertheless that repository is not accessible for
> anonymous
> > > > > users (they don't have permissions) Maven interprets reply as
> "not
> > > > > found" (not as "use password from config").
> > > > >
> > > > > Is it possible to switch only *selected* repositories into
> > > > > "authenticated-user-only-access"?
> > > > > (or maybe I can force Maven to use password for selected repos at
> a
> > > > > client side?)
> > > > >
> > > > >
> > > > > [1] -
> > > > >
> http://forums.jfrog.org/Working-with-password-protected-repositories-in-read-mode-with-Maven-client-td5457453.html
> > > > >
> > > > >
> > > > > Regards
> > > > > Marcin
>
>
>
>
> --
> Ad...
>
>
>
>
> ------------------------------------------------------------------------------
> This SF.net Dev2Dev email is sponsored by:
>
> Show off your parallel programming skills.
> Enter the Intel(R) Threading Challenge 2010.
> http://p.sf.net/sfu/intel-thread-sfd
> _______________________________________________
> Artifactory-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/artifactory-users
>
------------------------------------------------------------------------------
This SF.net Dev2Dev email is sponsored by:
Show off your parallel programming skills.
Enter the Intel(R) Threading Challenge 2010.
http://p.sf.net/sfu/intel-thread-sfd
_______________________________________________
Artifactory-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/artifactory-users
