You're right, my bad... I use: <usePreemptive>true</usePreemptive>
because 'false' is the default. Which makes me think Maven should change the default to true because we explicitly know the servers listed in settings.xml and trust them. Le lun. 30 août 2021 à 18:00, Bernd Eckenfels <e...@zusammenkunft.net> a écrit : > Hello, > > Hm… I thought preemptive=false is the default - but anyway, good that it > works now for you. > > Gruß > Bernd > > -- > https://Bernd.eckenfels.net > ________________________________ > From: Francois Marot <francois.ma...@gmail.com> > Sent: Monday, August 30, 2021 4:43:33 PM > To: Maven Users List <users@maven.apache.org> > Subject: Re: Maven tries to download twice, first one without auth > > Hello Bernd and Slawomir, > I want to thank you both for the advice. Using the preemptive auth works > like a charm. > In the end, the analysis showed that a network component was seeing all the > "401 Unauthorized" errors and was randomly deciding > to stop the requests. It must have been mistakenly associated to a network > attack or something. > > The setting to use is this one: > > <httpConfiguration> > <all> > <usePreemptive>false</usePreemptive> > </all> > </httpConfiguration> > > I would advise anyone in a corporate network to configure its settings.xml > with this setting to access his corporate repository. > I even believe it should be the default setting for predefined servers > located in settings.xml because Maven does not try to communicate with > random servers on the internet by itself (in which case disabling > preemptive auth may be worth it). > Should I create an issue ? > > > Le ven. 20 août 2021 à 23:12, Bernd Eckenfels <e...@zusammenkunft.net> a > écrit : > > > Hello, > > > > This is, for some reason intentional, the client is supposed to only sent > > auth when challenged. Since this is not done in a smart way it can slow > > transfers down. > > > > There used to be ways to configure it pre-emptively, but not sure if the > > doc is still valid: > > > http://maven.apache.org/guides/mini/guide-http-settings.html#Example:_Using_Preemptive_Authentication > > > > Greetings > > Bernd > > > > > > -- > > http://bernd.eckenfels.net<http://bernd.eckenfels.networks> > > ________________________________ > > Von: Francois Marot <francois.ma...@gmail.com> > > Gesendet: Friday, August 20, 2021 4:12:33 PM > > An: Maven Users List <users@maven.apache.org> > > Betreff: Maven tries to download twice, first one without auth > > > > Hello Maven users, > > > > I face a strange problem that I'd like to describe. I'm setting up a new > > artifact repository and this is JFrog's Artifactory. > > I have build freeze problems (which I still no have solved) so during my > > investigations I found this in Artifactory's logs: > > > > - - - - - - - - - - - - - - - - - - - - - - - - - > > > > > 2021-08-19T16:07:55.729Z|339817580d4decc9|192.168.38.137|non_authenticated_user|GET|/maven-libs-release/org/apache/velocity/velocity/1.5/velocity-1.5.pom| > > *401*|-1|0|0|Apache-Maven/3.8.2 (Java 11.0.8; Linux > > 3.10.0-1160.25.1.el7.x86_64) > > > > > > > 2021-08-19T16:07:55.734Z|123110ba8a2e7eb9|192.168.38.137|token:ci-fake-user|GET|/maven-libs-release/org/apache/velocity/velocity/1.5/velocity-1.5.pom|200|-1|7714|2|Apache-Maven/3.8.2 > > (Java 11.0.8; Linux 3.10.0-1160.25.1.el7.x86_64) > > > > > 2021-08-19T16:07:55.743Z|f0d9c80461c879fd|192.168.38.137|token:ci-fake-user|GET|/maven-libs-release/org/apache/velocity/velocity/1.5/velocity-1.5.pom.sha1|200|-1|40|3|Apache-Maven/3.8.2 > > (Java 11.0.8; Linux 3.10.0-1160.25.1.el7.x86_64) > > > > > > > 2021-08-19T16:07:55.752Z|6500587859c8a99c|192.168.38.137|non_authenticated_user|GET|/maven-libs-release/commons-collections/commons-collections/3.2.2/commons-collections-3.2.2.pom| > > *401*|-1|0|0|Apache-Maven/3.8.2 (Java 11.0.8; Linux > > 3.10.0-1160.25.1.el7.x86_64) > > > > > > > 2021-08-19T16:07:55.758Z|32c027e38c5f6b49|192.168.38.137|token:ci-fake-user|GET|/maven-libs-release/commons-collections/commons-collections/3.2.2/commons-collections-3.2.2.pom|200|-1|12403|3|Apache-Maven/3.8.2 > > (Java 11.0.8; Linux 3.10.0-1160.25.1.el7.x86_64) > > > > > 2021-08-19T16:07:55.766Z|1dce46d14ae35ed3|192.168.38.137|token:ci-fake-user|GET|/maven-libs-release/commons-collections/commons-collections/3.2.2/commons-collections-3.2.2.pom.sha1|200|-1|40|2|Apache-Maven/3.8.2 > > (Java 11.0.8; Linux 3.10.0-1160.25.1.el7.x86_64) > > > > > > > 2021-08-19T16:07:55.774Z|a37b50bee467027a|192.168.38.137|non_authenticated_user|GET|/maven-libs-release/org/apache/commons/commons-parent/39/commons-parent-39.pom| > > *401*|-1|0|1|Apache-Maven/3.8.2 (Java 11.0.8; Linux > > 3.10.0-1160.25.1.el7.x86_64) > > > > > > > 2021-08-19T16:07:55.779Z|8c4ca838bc43d3b2|192.168.38.137|token:ci-fake-user|GET|/maven-libs-release/org/apache/commons/commons-parent/39/commons-parent-39.pom|200|-1|61975|2|Apache-Maven/3.8.2 > > (Java 11.0.8; Linux 3.10.0-1160.25.1.el7.x86_64) > > > > > 2021-08-19T16:07:55.793Z|9d2ce78abf97f47e|192.168.38.137|token:ci-fake-user|GET|/maven-libs-release/org/apache/commons/commons-parent/39/commons-parent-39.pom.sha1|200|-1|40|3|Apache-Maven/3.8.2 > > (Java 11.0.8; Linux 3.10.0-1160.25.1.el7.x86_64) > > > > > > > 2021-08-19T16:07:55.801Z|8d5e469c8d929120|192.168.38.137|non_authenticated_user|GET|/maven-libs-release/org/apache/apache/16/apache-16.pom| > > *401*|-1|0|0|Apache-Maven/3.8.2 (Java 11.0.8; Linux > > 3.10.0-1160.25.1.el7.x86_64) > > > > > > > 2021-08-19T16:07:55.807Z|2e1b208f4afeae52|192.168.38.137|token:ci-fake-user|GET|/maven-libs-release/org/apache/apache/16/apache-16.pom|200|-1|15507|2|Apache-Maven/3.8.2 > > (Java 11.0.8; Linux 3.10.0-1160.25.1.el7.x86_64) > > > > > 2021-08-19T16:07:55.815Z|b634f0399cad3c56|192.168.38.137|token:ci-fake-user|GET|/maven-libs-release/org/apache/apache/16/apache-16.pom.sha1|200|-1|40|2|Apache-Maven/3.8.2 > > (Java 11.0.8; Linux 3.10.0-1160.25.1.el7.x86_64) > > > > > > > 2021-08-19T16:07:55.825Z|befe40b044d34700|192.168.38.137|non_authenticated_user|GET|/maven-libs-release/commons-lang/commons-lang/2.1/commons-lang-2.1.pom| > > *401*|-1|0|1|Apache-Maven/3.8.2 (Java 11.0.8; Linux > > 3.10.0-1160.25.1.el7.x86_64) > > - - - - - - - - - - - - - - - - - - - - - - - - - > > > > as you can see, for each pom artifact, it seems like Maven does a first > > request not authenticated (hence the "|401|" in the logs) and then > another > > one authenticated. This second one succeeds. > > I corrected this problem by adding a httpHeader property (see below) with > > the same value as the "password" field (that was previously the only > place > > where I wrote the password) and now I have correct logs with only one > > request and no 401 anymore. > > > > - - - - - - - - - - - - - - - - - - - - - - - - - > > <servers> > > <server> > > <username>ci-fake-user</username> > > <password>XXXXXXX</password> > > <id>releases</id> > > <configuration> > > <httpHeaders> > > <property> > > <name>Authorization</name> > > <value>Bearer XXXXXXX</value> > > </property> > > </httpHeaders> > > </configuration> > > </server> > > <server> > > <username>ci-fake-user</username> > > <password>XXXXXXX</password> > > <id>snapshots</id> > > <configuration> > > <httpHeaders> > > <property> > > <name>Authorization</name> > > <value>Bearer XXXXXXX</value> > > </property> > > </httpHeaders> > > </configuration> > > </server> > > </servers> > > - - - - - - - - - - - - - - - - - - - - - - - - - > > > > I tested with Maven 3.6.3, 3.8.1 and 3.8.2 > > Do you have an explanation to my strange problem ? > > > > Regards > > > > François > > > > PS: it seems Nabble forums are closed. I used to access the Maven mailing > > list through Nabble (I really don't like interracting in a forum-like > place > > with email, I prefer good old web pages). So goodby Nabble, I'll miss > you. > > >
