Use of credentials for resolving dynamic versions

Neil1 · December 10, 2012, 4:47pm

I am encountering a problem when trying to use dynamic version numbers along with an Artifactory repository which is configured to not allow anonymous read access.

Given this build script:

configurations {
    blah
}
  repositories.ivy {
    credentials {
        username "username"
        password "password"
    }
    url "http://artifactory_server/artifactory/my-repo/"
}
  dependencies {
    blah group: 'org', name: 'Foo', version: '1.1.0.+'
}

if I run ‘gw dep --refresh-dependencies’ I get an error such as:

Could not find any version that matches group:org, module:Foo, version:1.1.0.+.

However, if I change the build script to refer to a specific version number then ‘gw dep --refresh-dependencies’ would be successful e.g.

blah
\--- org:Foo:1.1.0.37

From my investigation the problem has nothing to do with the local dependency cache. Rather it seems to be an authentication problem. In the error case the Artifactory logs contain lines such as:

2012-12-10 14:47:05,671 [DENIED DOWNLOAD] my-repo:org/Foo for anonymous/11.22.33.44.

In the successful case, the Artifactory logs contains:

2012-12-10 15:16:20,549 [ACCEPTED DOWNLOAD] my-repo:org/Foo/1.1.0.37/ivy-1.1.0.37.xml for neil/11.22.33.44.

Do you have any idea why Gradle isn’t using my credentials for resolving dynamic versions?

daz · December 10, 2012, 6:15pm

What version of Gradle are you using? GRADLE-2318 was fixed in v1.1.

Neil1 · December 11, 2012, 9:15am

I’m using 1.3.

daz · December 11, 2012, 6:01pm

Strange. Can you please post your debug logs (via Gist).

Neil1 · March 28, 2013, 4:24pm

I forgot about this issue, but it’s still happening and I’m using Gradle 1.4 now. Here’s the gist: https://gist.github.com/anonymous/5264592. I’ll try it on Gradle 1.5.

Neil1 · March 28, 2013, 4:30pm

And here’s the gist for Gradle 1.5: https://gist.github.com/anonymous/5264663

daz · March 28, 2013, 7:08pm

Looking at the Gradle 1.5 logs, the attempt to list available versions of “org:my_module:+” is not failing, but no results are returned by Artifactory. The url being requested is ‘http://myartifactoryserver/artifactory/libs-release-local/org/my_module/’. The server does not request authentication, so we do not provide it.

My suspicion is that Artifactory is somehow configured to be accessible to anonymous access, but it provides an empty directory listing in this case.

Here is a selection of the log output that makes it apparent what’s going on:

16:28:13.850 [DEBUG] [org.gradle.api.internal.artifacts.repositories.resolver.ResourceVersionLister] Listing all in http://myartifactoryserver/artifactory/libs-release-local/org/my_module/[revision]/ivy-[revision].xml
16:28:13.852 [DEBUG] [org.gradle.api.internal.externalresource.transport.http.HttpClientHelper] Performing HTTP GET: http://myartifactoryserver/artifactory/libs-release-local/org/my_module/
16:28:13.862 [DEBUG] [org.apache.http.client.protocol.RequestTargetAuthentication] Target auth state: UNCHALLENGED
16:28:13.862 [DEBUG] [org.apache.http.client.protocol.RequestProxyAuthentication] Proxy auth state: UNCHALLENGED
16:28:13.864 [DEBUG] [org.apache.http.impl.conn.DefaultClientConnection] Sending request: GET /artifactory/libs-release-local/org/my_module/ HTTP/1.1
16:28:13.864 [DEBUG] [org.apache.http.headers] >> GET /artifactory/libs-release-local/org/my_module/ HTTP/1.1
16:28:13.865 [DEBUG] [org.apache.http.headers] >> Accept-Encoding: gzip,deflate
16:28:13.866 [DEBUG] [org.apache.http.headers] >> Host: myartifactoryserver
16:28:13.878 [DEBUG] [org.apache.http.impl.conn.DefaultClientConnection] Receiving response: HTTP/1.1 200 OK
16:28:13.878 [DEBUG] [org.apache.http.headers] << HTTP/1.1 200 OK
16:28:13.879 [DEBUG] [org.apache.http.headers] << Server: Artifactory/2.6.4
16:28:13.886 [DEBUG] [org.gradle.api.internal.externalresource.transport.http.HttpResponseResource] Attempting to download resource http://myartifactoryserver/artifactory/libs-release-local/org/my_module/.
16:28:13.889 [DEBUG] [org.gradle.api.internal.artifacts.repositories.resolver.ResourceVersionLister] found 0 resources

Can you see what happens when you try to access ‘http://myartifactoryserver/artifactory/libs-release-local/org/my_module/’ ensuring that your browser (or ‘curl’) is not providing credentials?

Neil1 · March 29, 2013, 10:50am

If I visit a valid location on the server then I see a directory listing with no files. If I intentionally visit an invalid location then I get an HTTP ERROR 404. This confirms your hypothesis.

I’ve tried a new installation of Artifactory 2.6.7 and the same thing happens. It looks like it’s a problem with Artifactory.

What should the HTTP status code actually be in order for Gradle to retry supplying credentials?

luke_daley · April 2, 2013, 8:01am

It should return a 401.

Topic		Replies	Views
Use of credentials for resolving dynamic versions from Artifactory Bugs	2	1092	February 10, 2016
Gradle 1.9 cannot access artifactory repository that is protected by Basic Authentication Old Forum Archive	4	2290	November 28, 2013
RC1 - IVY - org.gradle.api.artifacts.ResolveException when using dynamic revisions (version) Old Forum Archive	4	1563	April 30, 2012
Latest status resolution not working properly since Gradle 1.1 Old Forum Archive	8	1048	October 24, 2012
Gradle versioning regex syntax Help/Discuss not-a-bug	0	719	March 22, 2019

Use of credentials for resolving dynamic versions

Related topics