Use of credentials for resolving dynamic versions

I am encountering a problem when trying to use dynamic version numbers along with an Artifactory repository which is configured to not allow anonymous read access.

Given this build script:

configurations {
    blah
}
  repositories.ivy {
    credentials {
        username "username"
        password "password"
    }
    url "http://artifactory_server/artifactory/my-repo/"
}
  dependencies {
    blah group: 'org', name: 'Foo', version: '1.1.0.+'
}

if I run ‘gw dep --refresh-dependencies’ I get an error such as:

Could not find any version that matches group:org, module:Foo, version:1.1.0.+.

However, if I change the build script to refer to a specific version number then ‘gw dep --refresh-dependencies’ would be successful e.g.

blah
\--- org:Foo:1.1.0.37

From my investigation the problem has nothing to do with the local dependency cache. Rather it seems to be an authentication problem. In the error case the Artifactory logs contain lines such as:

2012-12-10 14:47:05,671 [DENIED DOWNLOAD] my-repo:org/Foo for anonymous/11.22.33.44.

In the successful case, the Artifactory logs contains:

2012-12-10 15:16:20,549 [ACCEPTED DOWNLOAD] my-repo:org/Foo/1.1.0.37/ivy-1.1.0.37.xml for neil/11.22.33.44.

Do you have any idea why Gradle isn’t using my credentials for resolving dynamic versions?

What version of Gradle are you using? GRADLE-2318 was fixed in v1.1.

I’m using 1.3.

Strange. Can you please post your debug logs (via Gist).

I forgot about this issue, but it’s still happening and I’m using Gradle 1.4 now. Here’s the gist: https://gist.github.com/anonymous/5264592. I’ll try it on Gradle 1.5.

And here’s the gist for Gradle 1.5: https://gist.github.com/anonymous/5264663

Looking at the Gradle 1.5 logs, the attempt to list available versions of “org:my_module:+” is not failing, but no results are returned by Artifactory. The url being requested is ‘http://myartifactoryserver/artifactory/libs-release-local/org/my_module/’. The server does not request authentication, so we do not provide it.

My suspicion is that Artifactory is somehow configured to be accessible to anonymous access, but it provides an empty directory listing in this case.

Here is a selection of the log output that makes it apparent what’s going on:

16:28:13.850 [DEBUG] [org.gradle.api.internal.artifacts.repositories.resolver.ResourceVersionLister] Listing all in http://myartifactoryserver/artifactory/libs-release-local/org/my_module/[revision]/ivy-[revision].xml
16:28:13.852 [DEBUG] [org.gradle.api.internal.externalresource.transport.http.HttpClientHelper] Performing HTTP GET: http://myartifactoryserver/artifactory/libs-release-local/org/my_module/
16:28:13.862 [DEBUG] [org.apache.http.client.protocol.RequestTargetAuthentication] Target auth state: UNCHALLENGED
16:28:13.862 [DEBUG] [org.apache.http.client.protocol.RequestProxyAuthentication] Proxy auth state: UNCHALLENGED
16:28:13.864 [DEBUG] [org.apache.http.impl.conn.DefaultClientConnection] Sending request: GET /artifactory/libs-release-local/org/my_module/ HTTP/1.1
16:28:13.864 [DEBUG] [org.apache.http.headers] >> GET /artifactory/libs-release-local/org/my_module/ HTTP/1.1
16:28:13.865 [DEBUG] [org.apache.http.headers] >> Accept-Encoding: gzip,deflate
16:28:13.866 [DEBUG] [org.apache.http.headers] >> Host: myartifactoryserver
16:28:13.878 [DEBUG] [org.apache.http.impl.conn.DefaultClientConnection] Receiving response: HTTP/1.1 200 OK
16:28:13.878 [DEBUG] [org.apache.http.headers] << HTTP/1.1 200 OK
16:28:13.879 [DEBUG] [org.apache.http.headers] << Server: Artifactory/2.6.4
16:28:13.886 [DEBUG] [org.gradle.api.internal.externalresource.transport.http.HttpResponseResource] Attempting to download resource http://myartifactoryserver/artifactory/libs-release-local/org/my_module/.
16:28:13.889 [DEBUG] [org.gradle.api.internal.artifacts.repositories.resolver.ResourceVersionLister] found 0 resources

Can you see what happens when you try to access ‘http://myartifactoryserver/artifactory/libs-release-local/org/my_module/’ ensuring that your browser (or ‘curl’) is not providing credentials?

If I visit a valid location on the server then I see a directory listing with no files. If I intentionally visit an invalid location then I get an HTTP ERROR 404. This confirms your hypothesis.

I’ve tried a new installation of Artifactory 2.6.7 and the same thing happens. It looks like it’s a problem with Artifactory.

What should the HTTP status code actually be in order for Gradle to retry supplying credentials?

It should return a 401.