【问题标题】:Maven http.authentication.preemptive against ArtifactoryMaven http.authentication.preemptive 针对 Artifactory
【发布时间】:2016-02-01 10:38:57
【问题描述】:

我在从我的 Artifactory 服务器下载“受保护的”工件时遇到了巨大的困难。谁能确认下面的(maven)settings.xml 摘录足以导致 GET 请求抢先携带身份验证信息?

Maven 3.3.9。 Artifactory 4.4.2.

<servers>
<server>
  <id>myServerId</id>
  <username>myUserId</username> 
  <password>myPlainTextPassword</password>
  <configuration>
     <httpConfiguration>
        <all>
           <params>
              <property>
                 <name>http.authentication.preemptive</name>
                 <value>%b,true</value>
              </property>
           </params>
        </all>
     </httpConfiguration>
  </configuration>
</server>
</servers>

谢谢,
罗宾

Maven 输出:

C:\>mvn -U clean package
[INFO] Scanning for projects...
[INFO]
[INFO] ------------------------------------------------------------------------
[INFO] Building fc 1.0-SNAPSHOT
[INFO] ------------------------------------------------------------------------
Downloading: http://repo.myserver.co.uk/artifactory/libs-release/com/group/artifact/126/artifact-126.pom
Downloading: http://www.license4j.com/maven/com/group/artifact/126/artifact-126.pom
Downloading: http://repo.myserver.co.uk/artifactory/private-local/com/group/artifact/126/artifact-126.pom
Downloading: https://repo.maven.apache.org/maven2/com/group/artifact/126/artifact-126.pom
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 3.906 s
[INFO] Finished at: 2016-01-31T19:41:52+02:00
[INFO] Final Memory: 8M/245M
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal on project fc: Could not resolve dependencies for project uk.co.myserver:fc:jar:1.0-SNAPSHOT: Failed to collect dependencies at com.group:artifact:jar:126: Failed to read artifact descriptor for com.group:artifact:jar:126: Could not transfer artifact com.group:artifact:pom:126 from/to releases (http://repo.myserver.co.uk/artifactory/libs-release): Access denied to: http://repo.myserver.co.uk/artifactory/libs-release/com/group/artifact/126/artifact-126.pom , ReasonPhrase:Forbidden. -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/DependencyResolutionException

神器访问日志:

2016-02-01 11:14:33,562 [DENIED DOWNLOAD] libs-release:com/group/artifact/126/artifact-126.pom for anonymous/193.66.174.253.
2016-02-01 11:14:33,564 [DENIED DOWNLOAD] private-release-local:com/group/artifact/126/artifact-126.pom for anonymous/193.66.174.253.
2016-02-01 11:14:34,436 [ACCEPTED DELETE] libs-release:com/group/artifact/126/artifact-126.pom for anonymous/193.66.174.253.
2016-02-01 11:14:35,010 [DENIED DOWNLOAD] private-local:com/group/artifact/126/artifact-126.pom for anonymous/193.66.174.253.
2016-02-01 11:14:35,011 [DENIED DOWNLOAD] private-release-local:com/group/artifact/126/artifact-126.pom for anonymous/193.66.174.253.
2016-02-01 11:14:35,012 [ACCEPTED DELETE] private-local:com/group/artifact/126/artifact-126.pom for anonymous/193.66.174.253.

以下所有内容都存在于 pom.xml 和 settings.xml 中,并且由于它们都引用相同的 Artifactory 服务器,它们共享相同的用户名/密码/http.authentication.preemptive 参数:

<id>releases</id>
<id>snapshots</id>
<id>private-local</id>
<id>plugin-releases</id>
<id>plugin-snapshots</id>
<id>deploy-releases</id>
<id>deploy-snapshots</id>

settings.xml 中只有以下内容没有提及,因为访问应该是匿名的,并且它是其他人服务器上的单独存储库实例:

<id>license4j-runtime-library</id>

这是请求日志的相应输出:

20160202060102|58|REQUEST|193.66.174.253|admin|GET|/ui/systemlogs/logData|HTTP/1.1|200|0
20160202060102|1099|REQUEST|199.19.249.196|anonymous|GET|/libs-release/com/group/artifact/126/artifact-126.pom|HTTP/1.1|401|0
20160202060102|706|REQUEST|199.91.135.165|anonymous|GET|/libs-release/com/group/artifact/126/artifact-126.pom|HTTP/1.1|401|0
20160202060102|5|REQUEST|193.66.174.253|anonymous|GET|/libs-release/com/group/artifact/126/artifact-126.pom|HTTP/1.1|401|0
20160202060103|3|REQUEST|199.19.249.196|anonymous|GET|/private-local/com/group/artifact/126/artifact-126.pom|HTTP/1.1|401|0
20160202060103|3|REQUEST|193.66.174.253|anonymous|GET|/private-local/com/group/artifact/126/artifact-126.pom|HTTP/1.1|401|0
20160202060113|60|REQUEST|193.66.174.253|admin|GET|/ui/systemlogs/logData|HTTP/1.1|200|0

请注意,有两个对本地私有的请求,这两个请求都以“匿名”的形式出现。通过抢先式身份验证,我原以为所有这些都是“myUserId”。

【问题讨论】:

  • 提供日志输出。
  • 正在研究如何附加日志摘录....
  • 确保服务器 &lt;id/&gt;&lt;repositories/&gt;&lt;pluginRepositories/&gt;&lt;distributionManagement/&gt; 中用于两个存储库的服务器匹配。否则,您在上面指定的凭据将不会被使用。如果您的settings.xml 中有&lt;mirrors/&gt; 部分,则需要确保其中的&lt;id/&gt; 也匹配,以及其中定义为配置文件的任何&lt;repositories/&gt;&lt;pluginRepositories/&gt;
  • 以下所有内容在 pom.xml 和 settings.xml 中完全相同,并且由于它们都引用相同的 Artifactory 服务器,它们共享相同的用户名/密码/http.authentication.preemptive 参数:releasessnapshotsprivate-localplugin-releasesplugin-snapshotsdeploy-releases deploy-snapshots settings.xml 中只有以下内容未提及,因为访问应该是匿名的,并且它是其他人服务器上的单独存储库实例:license4j-runtime-library
  • 作为参考,我的 mvn 命令是从 AUTHENTICATED http 代理后面执行的。

标签: maven-3 artifactory


【解决方案1】:

您对 Artifactory 上的匿名用户拥有哪些权限?

在 Artifactory --> Admin --> Security --> General --> 是否选中了“隐藏未授权资源的存在”复选框?

除此之外,您还可以粘贴 request.log 中的相关部分吗?

【讨论】:

  • 我已经在这些房子周围转了一圈,但目前:AllowAnonymousAccess=TRUE, HideExistanceOfUnauthorizedResources=FALSE。
  • 就权限而言,ANONYMOUS 对 ANY REMOTE 具有 READ + DEPLOY/CACHE 权限。 ANONYMOUS 对包含大多数本地存储库但不包括存储库“private-release-local”的单独权限目标具有读取权限。
  • 本地仓库“private-release-local”是虚拟仓库“private-local”中唯一的仓库。
  • 请求日志摘录已附加到原始问题中。所有请求都显示为“匿名”。
  • 在 request.log 中,您可以看到响应为 401。这意味着 Maven 应该受到挑战并从 settings.xml 发送凭据。如果 Maven 不发送凭据,您应该检查您是否已为正在使用的配置文件定义凭据。
【解决方案2】:

在代理后面时,服务器的 httpConfiguration 必须是:

<server>
    <id>**********</id>
    <username>**********</username>
    <password>**********</password>
    <configuration>
        <httpConfiguration>
          <all>
            <usePreemptive>true</usePreemptive>
          </all>
        </httpConfiguration>
    </configuration>
</server>

【讨论】:

    猜你喜欢
    • 1970-01-01
    • 2014-05-30
    • 1970-01-01
    • 2014-04-21
    • 2017-03-12
    • 2012-12-21
    • 2012-05-08
    • 2015-09-19
    • 1970-01-01
    相关资源
    最近更新 更多