In short: it looks like that gradle does not do pre-emptive basic authentication if it is doing get requests (see HttpClientConfigurer.java)
Artifactory does not challenge the client, if a directory listing is requested (prolly for security reasons). Instead it reports an empty directory if you are not properly authenticate. If I would request a fixed version number, I get a challenge and resolving does work. Because of this, dynamic versions cannot be resolved using gradle and a protected artifactory repository!
Here is my build file for testing this:
group = ‘de.enterprise.project’
def artifactoryRepoBase = ‘http://aisrepo.enterprise.com/artifactory’
repositories {
ivy {
credentials {
username “myUser”
password “password”
}
url artifactoryRepoBase + ‘/b2b-gradle-internal’
layout “pattern”, {
artifact ‘[organization]/[module]/[revision]/[module]-revision.[ext]’
ivy ‘[organization]/[module]/ivy-[revision].xml’
}
}
}
apply plugin: ‘java’
dependencies {
compile group: ‘de.enterprise.project.info’, name: ‘info’, version: “3.5.+” // does not work, gets empty dir
// compile group: ‘de.enterprise.project.info’, name: ‘info’, version: “3.5.0-20131127155348” // does work, but is fixed
}
(sorry, couldn’t figure out how the heck you are creating these code blocks). A simple help button at the editor would be nice…
This is a serious problem for us. We absolutely have to protect our internal artifactory repository (company has over 300.000 employees that can access the intranet). And we really need the dynamic versions for our multi-project platform.
Is there a way to enforce pre-emptive authentication for all kind of requests for repositories where credentials are available? Or can I configure artifactory to always challenge for certain repositories? I haven’t found this option yet.
I am on gradle 1.9 and artifactory 3.0.4
Any help will be appreciated
Andreas