Preemptive authentication doesn't work

Having hit the same problem as you I've come to the conclusion that there are multiple layers of problems here that hinders preemptive authentication from working:

1) The configuration listed in [1] is never injected into the HttpMethodConfiguration-objects created by Plexus during configuration of HttpWagon. This is caused by the fact that the params-field in HttpMethodConfiguration is of type Properties and PropertiesConverter does not recognize the param-element. Replacing param with property fixes this part of the problem:

<configuration>
  <wagonProvider>httpclient</wagonProvider>
  <httpConfiguration>
    <put>
      <params>
        <property>
          <name>http.authentication.preemptive</name>
          <value>%b,true</value>
        </property>
      </params>
    </put>
  </httpConfiguration>
</configuration>

2) Once properly configured Http Client ignores the preemptive-parameter completely. This is caused by the fact that the check for preemptive authentication in HTTP Client's HttpMethodDirector (line 158) is not performed on the PutMethod-object. The check is done one the HttpClientParams-object and this one has not been configured by HttpWagon to include any information about preemptive-auth.

I'm also experiencing this issue with maven 2.2.1 with a Nexus server on the back. I have sniffed the http communications and the preemptive authentication configuration is indeed being ignored.

Furthermore it appears that the expect 100-continue functionality isn't working properly either. Protocol inspection reveals that even when 100-continue is sent in the header the payload is still sent. Naturally this leads to a bad checksum computation on the server since the first request is denied with 401 since preemptive authentication doesn't work.

Note: We are using a username and maven encrypted password in the server section of settings.xml.

Here is an excerpt with the password altered of course.

<server>
<id>nexus-server</id>
<!-- configure windows domain username and encrypted password here
Don't forget you need to setup a settings-security.xml file too in the same
directory for password decryption purposes.
-->
<username>ctanger</username>
<!-- This may not be a valid base64 string since it was altered -->
<password>

</password>

<configuration>
<wagonProvider>httpclient</wagonProvider>
<httpConfiguration>
<put>
<params>
<param>
<name>http.authentication.preemptive</name>
<value>%b,true</value>
</param>
</params>
</put>
</httpConfiguration>
</configuration>
</server>

will be fixed with a new default wagon http client in core

We hit the problem that Maven does not download files from a public Artifactory with partially private repositories as well. It turns out that disabling the option "Hide Existence of Unauthorized Resources" in the Security General Configuration of Artifactory also resolves the problem. Maven will send username and password AFTER Artifactory has first denied access.

I was just wondering if there is a fix available for Maven 2.2.1. I'm facing the same issue when connecting to Archiva repository, and credentials are not passed by Maven. Thanks.

Lukasz - we frequently use Maven 2.2.1 to connect to private Archiva repos - feel free to ask for help on users@archiva.apache.org.

With regard to specifically enabling pre-emptive authentication on Maven 2.2.1, I believe it is possible to use the newer httpclient wagon with Maven 2.2.1 through an <extension> element, but I haven't confirmed that.

Brett, the only way for me to have Maven 2.2.1 and Archiva 1.3.5 work together, is to grant the Archiva guest user read access to my repositories. Can you provide an example showing how to configure httpclient? Thanks.

Lukasz, can you open an Archiva ticket with more details on that? It's certainly possible, but I don't want to fill this ticket with troubleshooting on a different project.