[
https://issues.apache.org/jira/browse/IVY-1280?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18088846#comment-18088846
]
Stefan Bodewig commented on IVY-1280:
-------------------------------------
> And while I am in wish-land it would be great if I could also set that
> credentials must not be sent with unencrypted requests (which would be a
> separate issue), pre-emptive or not.
This could be achieved by adding "scheme" to the credentials configuration.
HttpClient support scheme as part of the `AuthScope`. I'll open a separate
issue for this.
> Ivy does not keep track of HTTP session when BASIC authentication is used
> -------------------------------------------------------------------------
>
> Key: IVY-1280
> URL: https://issues.apache.org/jira/browse/IVY-1280
> Project: Ivy
> Issue Type: Improvement
> Components: Core
> Affects Versions: 2.2.0
> Environment: Any
> Reporter: Anders Jacobsson
> Priority: Minor
>
> When publishing through <ant:publish>, each PUT request towards the URL
> resolver (Artifactory, protected with BASIC authentication) seems to be
> duplicated, the first request without any authorization header and the second
> one with. This creates unnecessary network traffic and increases build time.
> Ivy should keep track of any established HTTP session and reuse that one,
> i.e. only the very first request is duplicated.
> I am using Commons HttpClient.
> An alternative would be to expose preemptive authentication so that it is
> configurable. It is less secure but still useful as it would probably mostly
> be used for internal resolvers.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
