Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-13126

When "Require user tokens for repository authentication" is set nexus does not send an authorization header

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Blocker
    • Resolution: Fixed
    • Affects Version/s: 3.3.1
    • Fix Version/s: 3.4.0
    • Component/s: User Token
    • Labels:
    • Story Points:
      1
    • Release Note:
      Yes
    • Sprint:
      Core Team - Sprint 95

      Description

      Configure user token access in the server, and enable "Require user tokens for repository authentication".  Then run a Maven build against the server.  Artifact downloads will fail with 401 even if a valid token is used.

      The reason for this is that Maven by default sends requests with non-preemptive authentication, and will only send credentials in response to a 401 response with a challenge header.  The challenge header is missing in the response.  Nexus should be setting something like:

       

      WWW-Authenticate: BASIC realm="Sonatype Nexus Repository Manager"

        Attachments

          Issue Links

          relates

          Bug - A problem which impairs or prevents the functions of the product. NEXUS-13127 Anonymous access to repositories does not work when "Require user tokens for repository authentication" is set

          • Blocker - Blocks development and/or testing work, production could not run.
          • Closed

            Activity

              People

              Assignee:
              ecobb Eric Cobb
              Reporter:
              rseddon Rich Seddon
              Last Updated By:
              Peter Lynch
              Votes:
              1 Vote for this issue
              Watchers:
              8 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Date of First Response:

                  tigCommentSecurity.panel-title