fix: Make the HTTP-Client use pre-emptive authentication #7255
Conversation
boring-cyborg
bot
added
core
…rd authentication scenario
|
Marked draft pending inclusion of improvements from #7268 (adding configurability for hosted suppressions and support for Bearer Authentication + exposure of credential configuration for hostedSuppressions) |
|
Might be better to do the remainder in a separate PR, marking this one as ready for review/merge. PR for extending auth to various integrations and enabling bearer auth to follow in a separate PR. |
| final String artifactId = xpath.evaluate( | ||
| "/org.sonatype.nexus.rest.model.NexusArtifact/artifactId", | ||
| try { | ||
| // JSON would be more elegant, but there's not currently a dependency |
There was a problem hiding this comment.
Not that you have to change this - but we do have this dependency:
Lines 1231 to 1235 in 486ca94
There was a problem hiding this comment.
Yeah, it was very tempting to change its behavior while sifting through the code, but thought it would be better to first cleanly fix authentication and leave the TODO-ish comment in as is for another time.
|
@aikebah see my one comment - but you don't have to change anything. I'm fine if you just want to merge the PR. |
Make the HTTP-Client use pre-emptive authentication for configured server credentials and extend HTTPClient usage to Nexus search
Fixes #7108
Fixes #7253
Description of Change
Use pre-emptive authentication for the servers for which credentials are configured.
And add usage of the Apache HTTPClient for the web requests from Nexus search.
Related issues
Fixes #7108
Fixes #7253
Have test cases been added to cover the new functionality?
no;
Nexus search locally manually tested against private instances of Nexus v2 and Nexus v3 including access via a local squid proxy container.