Gradle unable to properly authenticate against Artifactory

StFS · September 30, 2019, 4:09pm

Not quite sure if I should start a new thread about this but I’ve boiled the problem down to an absolute minimal setup.

I ran the official Artifactory docker container locally:
docker run --rm --name artifactory -d -p 8081:8081 docker.bintray.io/jfrog/artifactory-oss:latest

Open up a web broswer on http://localhost:8081 and log in with admin:password (default admin account in Artifactory).

Then I went through the “Welcome Wizard”. Skipped the proxy step but in the second step I selected to create the default “Maven” repositories. This will create the following repositories:

libs-snapshot-local (local repository type)
libs-release-local (local repository type)
jcenter (distribution repository type)
libs-snapshot (virtual repository type)
libs-release (virtual repository type).

The two virtual repositories (libs-snapshot and libs-release) are configured to “point to” the respective local repositories as well as the jcenter distribution repository.

Next I run a mitmproxy in “reverse proxy” mode to intercept all requests so that I can take a look at them:
sudo mitmproxy --mode reverse:http://localhost:8081

By default, mitmproxy uses port 8080 so now I have an “Artifactory server” running on port 8080 on my machine.

Next I created a dead simple Gradle project that set up a connection to this local Artifactory server via my mitmproxy (localhost:8080). You can see the build file here:

gist.github.com

https://gist.github.com/StFS/41e7eb4acedd5f28893912b1d326d3f6

build.gradle

// Configure the build script repositories and dependencies, must be defined in the top level gradle file.
apply plugin: "java"

repositories {
    maven {
        url "http://localhost:8080/artifactory/libs-release"
        credentials {
            username "admin"
            password "password"
        }

This file has been truncated. show original

So now… if I run a rm -rf ~/.gradle/caches/ && ./gradlew -Dorg.gradle.daemon=false clean assemble I can see all the requests that Gradle makes to my artifactory server.

And lo and behold… the first few requests get a 401 response. Looking at the content of the requests, I can see that there is no autorization header being sent with them!

As you can see, after a while the responses change to 200 and looking into those responses, I see that the authorization header is included.

So I’m a bit confused… should Gradle be sending any requests that do not contain auth headers to the artifactory repository? Both of them (libs-snapshot and libs-release) are defined in my Gradle project with a credentials block so it really doesn’t make any sense that any requests are sent without the auth header right?

Topic		Replies	Views
Authentication against artifactory Bugs	4	5804	January 25, 2016
Gradle 1.9 cannot access artifactory repository that is protected by Basic Authentication Old Forum Archive	4	2313	November 28, 2013
Gradle 7.1 fails to download artifacts Help/Discuss	6	1929	February 4, 2022
Gradle 2.0 - POM relocation against authenticated server requests Jar Old Forum Archive	3	1448	July 22, 2014
Can I get plugins from an Artifactory which requires HTTP basic auth? Help/Discuss	3	2401	July 28, 2017

Gradle unable to properly authenticate against Artifactory

Related topics