Repository configuration option to not make repeated requests to a repository after recieving a 401 during dependency resolution #11939
Labels
a:feature
A new functionality
in:dependency-resolution
engine metadata
in:repository-declarations
declaring repositories and filtering
Expected Behavior
If a remote repository returns a 401 (not authorized) when requesting a dependency, we should not try to resolve any further dependencies from that repository for the duration of the current build. This would allow the user to mitigate an incorrect password without potentially locking their account.
Current Behavior
We continue to try to retrieve dependencies from a remote repository despite previous HTTP return codes.
Context
We are using a Maven2 repository that requires basic auth. If the password is incorrect we and there are multiple dependencies,the repository receives multiple invalid access attempts from the provided username and responds by locking the account mid build before the user can mitigate the error. This situation is common enough with the password update requirements on the accounts.
An alternative would be better authentication methods to the repository, but in the environment I work in this is not possible.
The text was updated successfully, but these errors were encountered: