Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-8306

Pre-emptive authentication for remote proxy HTTP requests

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Won't Fix
    • Affects Version/s: 2.11.2
    • Fix Version/s: None
    • Component/s: Proxy Repository
    • Labels:
      None
    • Environment:
      Linux (Ubuntu 12.04)

      Description

      If a Maven Proxy Repository is configured with authentication credentials, it still attempts to make each request to the remote repository without authentication headers and, if the remote proxy responds with 401, then the request will be made again with the appropriate headers.

      So the logs on the remote proxy look something like this:

      XX.XX.XX.XX - - [19/03/2015:19:38:43 +0000] "GET artifact_1" 401 0 "-" "Nexus/2.11.2-06 (PRO-OSS; Linux; 3.2.0-77-virtual; amd64; 1.7.0_72) apacheHttpClient4x/2.11.2-06"
      XX.XX.XX.XX - - [19/03/2015:19:38:43 +0000] "GET artifact_1" 200 40 "-" "Nexus/2.11.2-06 (PRO-OSS; Linux; 3.2.0-77-virtual; amd64; 1.7.0_72) apacheHttpClient4x/2.11.2-06"
      XX.XX.XX.XX - - [19/03/2015:19:38:43 +0000] "GET artifact_2" 401 0 "-" "Nexus/2.11.2-06 (PRO-OSS; Linux; 3.2.0-77-virtual; amd64; 1.7.0_72) apacheHttpClient4x/2.11.2-06"
      XX.XX.XX.XX - - [19/03/2015:19:38:43 +0000] "GET artifact_2" 200 5071 "-" "Nexus/2.11.2-06 (PRO-OSS; Linux; 3.2.0-77-virtual; amd64; 1.7.0_72) apacheHttpClient4x/2.11.2-06"
      XX.XX.XX.XX - - [19/03/2015:19:38:43 +0000] "GET artifact_3" 401 0 "-" "Nexus/2.11.2-06 (PRO-OSS; Linux; 3.2.0-77-virtual; amd64; 1.7.0_72) apacheHttpClient4x/2.11.2-06"
      XX.XX.XX.XX - - [19/03/2015:19:38:43 +0000] "GET artifact_3" 200 40 "-" "Nexus/2.11.2-06 (PRO-OSS; Linux; 3.2.0-77-virtual; amd64; 1.7.0_72) apacheHttpClient4x/2.11.2-06"
      

      Preemptive auth would allow us to cut down on:

      1. Load (network, disk, CPU)
      2. Log noise
      3. Latency

      This isn't new to recent versions of Nexus. We have a WireMock config that mocks a remote repository for Nexus to proxy, and we have had to mimic this behaviour the whole time.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              tcinel Tim Cinel
              Last Updated By:
              Peter Lynch Peter Lynch
              Votes:
              1 Vote for this issue
              Watchers:
              9 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Date of First Response:

                  tigCommentSecurity.panel-title