Hi everyone, I’m running into an issue with Maven repository authentication in Grails after a change on our GitLab instance. We are running Grails 2.5.6 in a legacy project and now we have issues with our Repo. Previously, I used the following configuration in my BuildConfig.groovy and it worked fine until GitLab switched to requiring preemptive authentication:

repositories {
    inherits true
    grailsCentral()
    mavenCentral()
    mavenRepo("<https://gitlab.company.net/api/v4/groups/dev/-/packages/maven>") {
        auth([
            username: "oauth",
            password: props.get("gitlabMavenPassword") as String ?: System.getenv("CI_JOB_TOKEN")
        ])
    }
}

Since the change, Grails only sends the authentication header after receiving a 401 response, but GitLab now expects the authentication header on the very first request (preemptive authentication). I tried something like this (hoping to force preemptive authentication):

repositories {
    inherits true
    grailsCentral()
    mavenCentral()
    mavenRepo("<https://gitlab.company.net/api/v4/groups/dev/-/packages/maven>") {
        auth([
            username: "oauth",
            password: props.get("gitlabMavenPassword") as String ?: System.getenv("CI_JOB_TOKEN"),
            type    : "basic"
        ])
    }
}

But it doesn’t seem to help—Grails still only sends the header after the 401 response. Question: Is there a way to configure Grails (in BuildConfig.groovy or elsewhere) to force sending the authentication header on the first request (i.e., enable preemptive HTTP Basic Auth for Maven repositories)? Or is there another workaround for this situation? Thanks in advance for your help!

So the issue you are hitting is actually a gradle issue (the build tool used by grails), and according to the docs you should be able to do it by explicitly setting the authentication block for your repository.

Thanks for your answer, that is indeed the solution which worked for our gradle projects 🙂 The sad thing is Grails 2 isn't using a build.gradle file. We are stuck with a BuildConfig.groovy file. It has a very similar syntax, but slightly different. We configure it to use maven as repo:

grails.project.dependency.resolver = "maven"

So my hope is that you are right and we just need to activate preemptive authentication with a flag, but I wasn't able to find a documentation for that

Ah completely missed that you are using V2. That hasn't been supported for some time. I'm not sure that there will have been the necessary updates here. From memory, it's been nearly a decade since I used V2, I think Grails 2 used Aether for it's Maven integration which was deprecated and discontinued a while back. My guess is your only hope will be if you can use the "replacement", which google tells me is the https://maven.apache.org/resolver/ Hope you manage to sort it, but the age and fact that everything is now unsupported may mean you are out of luck on this one.

I'll have a look into the resolver, thanks for the hint. In parallel we try to adjust our gitlab and hope for one of them to work. Working with legacy projects while updating build systems is way more tricky than I expected...

Yeah it wouldn't have been easy that's for sure. I hadn't realised that turning off authentication on your repository was an option, otherwise I could have suggested this. Glad you sorted your issue though.