Uploaded image for project: 'Artifactory Binary Repository'
  1. Artifactory Binary Repository
  2. RTFACT-13797

Artifactory return 403 instead of 404 for non-existing artifacts in virtual repositories.

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Done
    • Resolution: Done
    • Affects Version/s: None
    • Fix Version/s: 7.21.2
    • Component/s: Maven
    • Labels:
      None

      Description

      We have same issue on artifactory (licensed) 4.16.0

      Our libs-release, aggregates all local release repositories instead libs-snapshot aggregates all local snapshot repositories.
      In my company we have one local repository for each client so that developer needs to setup only one entry point (settings.xml):

      • libs-release
      • libs-snapshot
      • plugins-release
      • plugins-snapshot
        and according to user authorizations, he can only access the artifacts of which has access.

      Anyway based on current behaviour of Maven central, it respondes 404 if an artifact does not exists instead artifactory in this case responde with 403 because user credential has no access to at least a repository so buil process stop immediatly.

      Follow an example of a simple project that depends from a artifact that does not exists.

      <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
      	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
      	<modelVersion>4.0.0</modelVersion>
      	<groupId>test</groupId>
      	<artifactId>test</artifactId>
      	<version>0.0.1-SNAPSHOT</version>
      	<dependencies>
      		<dependency>
      			<groupId>test</groupId>
      			<artifactId>test</artifactId>
      			<version>1.0</version>
      		</dependency>
      	</dependencies>
      </project>
      

      Normal maven behaviour:

      [INFO] Scanning for projects...
      [INFO]
      [INFO] ------------------------------------------------------------------------
      [INFO] Building test 0.0.1-SNAPSHOT
      [INFO] ------------------------------------------------------------------------
      Downloading: https://repo.maven.apache.org/maven2/test/test/1.0/test-1.0.pom
      [WARNING] The POM for test:test:jar:1.0 is missing, no dependency information available
      Downloading: https://repo.maven.apache.org/maven2/test/test/1.0/test-1.0.jar
      [INFO] ------------------------------------------------------------------------
      [INFO] BUILD FAILURE
      [INFO] ------------------------------------------------------------------------
      [INFO] Total time: 1.463 s
      [INFO] Finished at: 2017-02-27T18:25:57+01:00
      [INFO] Final Memory: 10M/150M
      [INFO] ------------------------------------------------------------------------
      [ERROR] Failed to execute goal on project test: Could not resolve dependencies for project test:test:jar:0.0.1-SNAPSHOT: Could not find artifact test:test:jar:1.0 in central (https://repo.maven.apache.org/maven2) -> [Help 1]
      [ERROR]
      [ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
      [ERROR] Re-run Maven using the -X switch to enable full debug logging.
      [ERROR]
      [ERROR] For more information about the errors and possible solutions, please read the following articles:
      [ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/DependencyResolutionException
      

      Here maven download pom and than try to download jar. Only at the end it fails because artifact is not found.

      With our internal artifactory:

      [INFO] Scanning for projects...
      [INFO]
      [INFO] ------------------------------------------------------------------------
      [INFO] Building test 0.0.1-SNAPSHOT
      [INFO] ------------------------------------------------------------------------
      Downloading: https://artifactory.acme.com/artifactory/libs-release/test/test/1.0/test-1.0.pom
      Downloading: https://artifactory.acme.com/artifactory/libs-snapshot/test/test/1.0/test-1.0.pom
      [INFO] ------------------------------------------------------------------------
      [INFO] BUILD FAILURE
      [INFO] ------------------------------------------------------------------------
      [INFO] Total time: 1.992 s
      [INFO] Finished at: 2017-02-27T18:26:37+01:00
      [INFO] Final Memory: 10M/150M
      [INFO] ------------------------------------------------------------------------
      [ERROR] Failed to execute goal on project test: Could not resolve dependencies for project test:test:jar:0.0.1-SNAPSHOT: Failed to collect dependencies at test:test:jar:1.0: Failed to read artifact descriptor for test:test:jar:1.0: Could not transfer artifact test:test:pom:1.0 from/to central (https://artifactory.acme.com/artifactory/libs-release): Access denied to: https://artifactory.acme.com/artifactory/libs-release/test/test/1.0/test-1.0.pom , ReasonPhrase:Forbidden. -> [Help 1]
      [ERROR]
      [ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
      [ERROR] Re-run Maven using the -X switch to enable full debug logging.
      [ERROR]
      [ERROR] For more information about the errors and possible solutions, please read the following articles:
      [ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/DependencyResolutionException
      

      Here only pom is downloaded, jar is not try because artifactory returns 403 instead of expected 404.

      Our maven (tycho) build fails because if maven server returns 404 than it resolve missing artifact against module in reactor build instead with 403

        Attachments

          Issue Links

            Activity

                People

                Assignee:
                michaelak Michael Akushsky [X] (Inactive)
                Reporter:
                nfalco79 Nikolas Falco (Inactive)
                Votes:
                27 Vote for this issue
                Watchers:
                24 Start watching this issue

                  Dates

                  Created:
                  Updated:
                  Resolved: