archiva-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Stallard,David" <stall...@oclc.org>
Subject Re: 401 Unauthorized during upload to Archiva 2.0.1
Date Wed, 04 Jun 2014 19:45:00 GMT
We determined that the issue below was caused by the fact that the <id> in the settings.xml
and the <id> in the distributionManagement section of the pom.xml were mismatched. 
Once we made sure they had the same name, our build was able to upload successfully.   So
this is resolved, please disregard.

Thanks,
David

From: <Stallard>, "Stallard,David" <stallard@oclc.org<mailto:stallard@oclc.org>>
Date: Tuesday, June 3, 2014 at 10:41 AM
To: "users@archiva.apache.org<mailto:users@archiva.apache.org>" <users@archiva.apache.org<mailto:users@archiva.apache.org>>
Subject: 401 Unauthorized during upload to Archiva 2.0.1

When our test maven build tries to upload an artifact to our Archiva 2.0.1 instance, we are
getting a 401 as seen here:

09:51:56,991 ERROR - Failed to execute goal org.apache.maven.plugins:maven-deploy-plugin:2.5:deploy
(default-deploy) on project my-app: Failed to deploy artifacts: Could not transfer artifact
org.oclc.middleware:my-app:pom:1.85-20140603.135156-1 from/to snapshots (http://host:port/repository/snapshots):
Failed to transfer file: http://host:port/repository/snapshots/org/oclc/middleware/my-app/1.85-SNAPSHOT/my-app-1.85-20140603.135156-1.pom.
Return code is: 401 -> [Help 1]

If I look in archiva.log, I find the following corresponding message:


2014-06-03 09:51:56,915 [qtp96083163-25] INFO  org.apache.archiva.security.ArchivaServletAuthenticator
[] - Authorization Denied [ip=[ip address],permission=archiva-upload-repository,repo=snapshots]
: no matching permissions


But if I check the user which we have set up in our settings.xml file, it has the role "Repository
Manager - snapshots" which does include the archiva-upload-repository permission.


Thinking that perhaps this user is not actually the one doing the upload, I gave every available
role to the 'guest' user and tried again, but got the same result.


It appears that Archiva 2.0.1 does not generate an audit log in the way that 1.3.5 used to,
so I'm not sure how to verify which user is actually attempting the upload.  There is a new
log file, request-[timestmap].log which seems to serve a similar purpose to the old audit
log, but it doesn't show any user information.  Here is what I can find in the request log
which corresponds to the upload attempt:


[ip address] -  -  [03/Jun/2014:13:51:56 +0000] "PUT /repository/snapshots/org/oclc/middleware/my-app/1.85-SNAPSHOT/my-app-1.85-20140603.135156-1.pom
HTTP/1.1" 401 0 "-" "Apache-Maven/3.0.3 (Java 1.6.0_37; Linux 2.6.18-308.el5)"


Any idea why I am getting 401 on upload, or how I can get more information on which user is
actually doing the upload so I can see why its roles don't include archiva-upload-repository
permission?


Thanks,

David

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message