You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@ant.apache.org by "ASF GitHub Bot (JIRA)" <ji...@apache.org> on 2018/03/15 18:59:00 UTC
[jira] [Commented] (IVY-1280) Ivy does not keep track of HTTP
session when BASIC authentication is used
[ https://issues.apache.org/jira/browse/IVY-1280?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16400962#comment-16400962 ]
ASF GitHub Bot commented on IVY-1280:
-------------------------------------
Github user twogee commented on the issue:
https://github.com/apache/ant-ivy/pull/64
I would like to add the preemptive authentication flag to the newly minted `TimeoutConstrainedURLHandler` to avoid BWC issues. Any objections, @jaikiran ?
> Ivy does not keep track of HTTP session when BASIC authentication is used
> -------------------------------------------------------------------------
>
> Key: IVY-1280
> URL: https://issues.apache.org/jira/browse/IVY-1280
> Project: Ivy
> Issue Type: Improvement
> Components: Core
> Affects Versions: 2.2.0
> Environment: Any
> Reporter: Anders Jacobsson
> Priority: Minor
>
> When publishing through <ant:publish>, each PUT request towards the URL resolver (Artifactory, protected with BASIC authentication) seems to be duplicated, the first request without any authorization header and the second one with. This creates unnecessary network traffic and increases build time. Ivy should keep track of any established HTTP session and reuse that one, i.e. only the very first request is duplicated.
> I am using Commons HttpClient.
> An alternative would be to expose preemptive authentication so that it is configurable. It is less secure but still useful as it would probably mostly be used for internal resolvers.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)