Hi,
I use for artifactory configuration like it:
<server>
<id>xxx</id>
<username>xxx</username>
<password>xxx</password>
<configuration>
<httpConfiguration>
<all>
<usePreemptive>true</usePreemptive>
</all>
</httpConfiguration>
</configuration>
</server>
pt., 20 sie 2021 o 23:12 Bernd Eckenfels <e...@zusammenkunft.net>
napisał(a):
> Hello,
>
> This is, for some reason intentional, the client is supposed to only sent
> auth when challenged. Since this is not done in a smart way it can slow
> transfers down.
>
> There used to be ways to configure it pre-emptively, but not sure if the
> doc is still valid:
> http://maven.apache.org/guides/mini/guide-http-settings.html#Example:_Using_Preemptive_Authentication
>
> Greetings
> Bernd
>
>
> --
> http://bernd.eckenfels.net<http://bernd.eckenfels.networks>
> ________________________________
> Von: Francois Marot <francois.ma...@gmail.com>
> Gesendet: Friday, August 20, 2021 4:12:33 PM
> An: Maven Users List <users@maven.apache.org>
> Betreff: Maven tries to download twice, first one without auth
>
> Hello Maven users,
>
> I face a strange problem that I'd like to describe. I'm setting up a new
> artifact repository and this is JFrog's Artifactory.
> I have build freeze problems (which I still no have solved) so during my
> investigations I found this in Artifactory's logs:
>
> - - - - - - - - - - - - - - - - - - - - - - - - -
>
> 2021-08-19T16:07:55.729Z|339817580d4decc9|192.168.38.137|non_authenticated_user|GET|/maven-libs-release/org/apache/velocity/velocity/1.5/velocity-1.5.pom|
> *401*|-1|0|0|Apache-Maven/3.8.2 (Java 11.0.8; Linux
> 3.10.0-1160.25.1.el7.x86_64)
>
>
> 2021-08-19T16:07:55.734Z|123110ba8a2e7eb9|192.168.38.137|token:ci-fake-user|GET|/maven-libs-release/org/apache/velocity/velocity/1.5/velocity-1.5.pom|200|-1|7714|2|Apache-Maven/3.8.2
> (Java 11.0.8; Linux 3.10.0-1160.25.1.el7.x86_64)
>
> 2021-08-19T16:07:55.743Z|f0d9c80461c879fd|192.168.38.137|token:ci-fake-user|GET|/maven-libs-release/org/apache/velocity/velocity/1.5/velocity-1.5.pom.sha1|200|-1|40|3|Apache-Maven/3.8.2
> (Java 11.0.8; Linux 3.10.0-1160.25.1.el7.x86_64)
>
>
> 2021-08-19T16:07:55.752Z|6500587859c8a99c|192.168.38.137|non_authenticated_user|GET|/maven-libs-release/commons-collections/commons-collections/3.2.2/commons-collections-3.2.2.pom|
> *401*|-1|0|0|Apache-Maven/3.8.2 (Java 11.0.8; Linux
> 3.10.0-1160.25.1.el7.x86_64)
>
>
> 2021-08-19T16:07:55.758Z|32c027e38c5f6b49|192.168.38.137|token:ci-fake-user|GET|/maven-libs-release/commons-collections/commons-collections/3.2.2/commons-collections-3.2.2.pom|200|-1|12403|3|Apache-Maven/3.8.2
> (Java 11.0.8; Linux 3.10.0-1160.25.1.el7.x86_64)
>
> 2021-08-19T16:07:55.766Z|1dce46d14ae35ed3|192.168.38.137|token:ci-fake-user|GET|/maven-libs-release/commons-collections/commons-collections/3.2.2/commons-collections-3.2.2.pom.sha1|200|-1|40|2|Apache-Maven/3.8.2
> (Java 11.0.8; Linux 3.10.0-1160.25.1.el7.x86_64)
>
>
> 2021-08-19T16:07:55.774Z|a37b50bee467027a|192.168.38.137|non_authenticated_user|GET|/maven-libs-release/org/apache/commons/commons-parent/39/commons-parent-39.pom|
> *401*|-1|0|1|Apache-Maven/3.8.2 (Java 11.0.8; Linux
> 3.10.0-1160.25.1.el7.x86_64)
>
>
> 2021-08-19T16:07:55.779Z|8c4ca838bc43d3b2|192.168.38.137|token:ci-fake-user|GET|/maven-libs-release/org/apache/commons/commons-parent/39/commons-parent-39.pom|200|-1|61975|2|Apache-Maven/3.8.2
> (Java 11.0.8; Linux 3.10.0-1160.25.1.el7.x86_64)
>
> 2021-08-19T16:07:55.793Z|9d2ce78abf97f47e|192.168.38.137|token:ci-fake-user|GET|/maven-libs-release/org/apache/commons/commons-parent/39/commons-parent-39.pom.sha1|200|-1|40|3|Apache-Maven/3.8.2
> (Java 11.0.8; Linux 3.10.0-1160.25.1.el7.x86_64)
>
>
> 2021-08-19T16:07:55.801Z|8d5e469c8d929120|192.168.38.137|non_authenticated_user|GET|/maven-libs-release/org/apache/apache/16/apache-16.pom|
> *401*|-1|0|0|Apache-Maven/3.8.2 (Java 11.0.8; Linux
> 3.10.0-1160.25.1.el7.x86_64)
>
>
> 2021-08-19T16:07:55.807Z|2e1b208f4afeae52|192.168.38.137|token:ci-fake-user|GET|/maven-libs-release/org/apache/apache/16/apache-16.pom|200|-1|15507|2|Apache-Maven/3.8.2
> (Java 11.0.8; Linux 3.10.0-1160.25.1.el7.x86_64)
>
> 2021-08-19T16:07:55.815Z|b634f0399cad3c56|192.168.38.137|token:ci-fake-user|GET|/maven-libs-release/org/apache/apache/16/apache-16.pom.sha1|200|-1|40|2|Apache-Maven/3.8.2
> (Java 11.0.8; Linux 3.10.0-1160.25.1.el7.x86_64)
>
>
> 2021-08-19T16:07:55.825Z|befe40b044d34700|192.168.38.137|non_authenticated_user|GET|/maven-libs-release/commons-lang/commons-lang/2.1/commons-lang-2.1.pom|
> *401*|-1|0|1|Apache-Maven/3.8.2 (Java 11.0.8; Linux
> 3.10.0-1160.25.1.el7.x86_64)
> - - - - - - - - - - - - - - - - - - - - - - - - -
>
> as you can see, for each pom artifact, it seems like Maven does a first
> request not authenticated (hence the "|401|" in the logs) and then another
> one authenticated. This second one succeeds.
> I corrected this problem by adding a httpHeader property (see below) with
> the same value as the "password" field (that was previously the only place
> where I wrote the password) and now I have correct logs with only one
> request and no 401 anymore.
>
> - - - - - - - - - - - - - - - - - - - - - - - - -
> <servers>
> <server>
> <username>ci-fake-user</username>
> <password>XXXXXXX</password>
> <id>releases</id>
> <configuration>
> <httpHeaders>
> <property>
> <name>Authorization</name>
> <value>Bearer XXXXXXX</value>
> </property>
> </httpHeaders>
> </configuration>
> </server>
> <server>
> <username>ci-fake-user</username>
> <password>XXXXXXX</password>
> <id>snapshots</id>
> <configuration>
> <httpHeaders>
> <property>
> <name>Authorization</name>
> <value>Bearer XXXXXXX</value>
> </property>
> </httpHeaders>
> </configuration>
> </server>
> </servers>
> - - - - - - - - - - - - - - - - - - - - - - - - -
>
> I tested with Maven 3.6.3, 3.8.1 and 3.8.2
> Do you have an explanation to my strange problem ?
>
> Regards
>
> François
>
> PS: it seems Nabble forums are closed. I used to access the Maven mailing
> list through Nabble (I really don't like interracting in a forum-like place
> with email, I prefer good old web pages). So goodby Nabble, I'll miss you.
>
--
Sławomir Jaranowski
https://twitter.com/SlawekJaran
https://github.com/slawekjaranowski
https://linkedin.com/in/slawomirjaranowski
