Eyjafjallajokull-Roman opened a new issue, #1768: URL: https://github.com/apache/maven-resolver/issues/1768
### Affected version 3.9.0+ ### Bug description **Summary** When using Maven 3.9.x behind an HTTP proxy requiring Basic authentication (Squid), Maven intermittently sends CONNECT requests without Proxy-Authorization when running with default artifact resolution threads. This results in intermittent 407 Proxy Authentication Required errors. Limiting resolution to a single thread (-Dmaven.artifact.threads=1) makes the problem disappear. Title: Maven 3.9.x intermittently sends unauthenticated CONNECT to proxy when using multiple artifact threads (407 from Squid) **Summary:** When using Maven 3.9.x behind an HTTP proxy requiring Basic authentication (Squid), Maven intermittently sends CONNECT requests without Proxy-Authorization when running with default artifact resolution threads. This results in intermittent 407 Proxy Authentication Required errors. Limiting resolution to a single thread (-Dmaven.artifact.threads=1) makes the problem disappear. The same setup works reliably with older Maven versions (3.8. and lower / Wagon-based resolver). **Environment:** 1. Maven: 3.9.11 2. Java: 17 3. OS: Windows 11 (Docker Desktop, Linux containers) 4. Proxy: Squid 6.x with Basic auth required 5. Transport: Maven Resolver HttpTransporter (default in 3.9.x) **Expected behavior:** All HTTP CONNECT requests sent through the proxy should include valid Proxy-Authorization headers once credentials are configured in settings.xml. No unauthenticated CONNECT attempts should occur after proxy auth is configured. **Actual behavior:** When resolving artifacts in parallel (default behavior), Maven sometimes: Sends CONNECT without Proxy-Authorization Receives 407 Proxy Authentication Required Fails the build Squid logs show requests like: `"CONNECT repo.maven.apache.org:443 HTTP/1.1" 407 ProxyAuth:- UA:Apache-Maven/3.9.11` Followed later by authenticated requests that succeed. This does not occur when limiting resolver threads to 1. Reproducer: Full reproducer with Docker + Squid is available here: https://github.com/Eyjafjallajokull-Roman/maven-proxy-auth-repro It includes: 1. Squid proxy requiring Basic auth 2. Maven 3.9.11 container 3. settings.xml with proxy auth 4. Exact commands to reproduce How to reproduce: Ensure Maven local repository is clean so artifacts are downloaded through the proxy (no cached artifacts in ~/.m2/repository). Configure Maven to use an authenticated HTTP proxy (see provided settings.xml and Squid setup). Run with default resolver threads: `mvn -U -X -s settings.xml clean verify` **Observed:** Intermittent 407 Proxy Authentication Required errors. Run with a single resolver thread: `mvn -U -X -Dmaven.artifact.threads=1 -s settings.xml clean verify` **Observed:** Build succeeds and proxy authentication errors disappear. Possible root cause: It appears that concurrent artifact resolution in HttpTransporter causes some proxy connections to be established before authentication headers are attached, leading to unauthenticated CONNECT attempts. Could you please advise: Whether this is expected behavior with the new transport? Whether proxy authentication is expected to be preemptive for CONNECT? And whether this might be a known issue or regression in Maven 3.9.x / Resolver? I am happy to test patches or provide further diagnostics. (All logs included in repro repo.) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
