Skip to main content


Eclipse Community Forums
Forum Search:

Search      Help    Register    Login    Home
Home » Eclipse Projects » EGit / JGit » [Feature Request] Method to explicitly set the auth method(Proposal of a change to reduce the rate of requests to git server)
[Feature Request] Method to explicitly set the auth method [message #1835395] Wed, 02 December 2020 11:22 Go to next message
Anatoly Cherenkov is currently offline Anatoly CherenkovFriend
Messages: 1
Registered: December 2020
Junior Member
When using HTTP to connect to the git server, there is always an unauthenticated request before authenticated one. Git server access log shows:
127.0.0.1 - - [27/Feb/2017:16:53:28 +0800] "GET /tac621git.git/info/refs?service=git-upload-pack HTTP/1.1" 401 401
127.0.0.1 - admin [27/Feb/2017:16:53:28 +0800] "GET /tac621git.git/info/refs?service=git-upload-pack HTTP/1.1" 200 320
127.0.0.1 - - [27/Feb/2017:16:55:33 +0800] "GET /tac621git.git/info/refs?service=git-receive-pack HTTP/1.1" 401 401
127.0.0.1 - admin [27/Feb/2017:16:55:33 +0800] "GET /tac621git.git/info/refs?service=git-receive-pack HTTP/1.1" 200 185


It seems org.eclipse.jgit.transport.TransportHttp::connect by default using HttpAuthMethod.Type.NONE. Only when authentication failed it update AuthMethod with the value from response.

The problem is some git server has a limit on denied requests per second. And when exceed that limit server will cut all request from the same IP for a period of time, causing all git related function unavailable.

I think there should be a way to eliminate unauthenticated request but found none in code. Please do tell me if there a way to achieve that. And if there is not, is there a chance for it to be implemented?
Re: [Feature Request] Method to explicitly set the auth method [message #1835412 is a reply to message #1835395] Wed, 02 December 2020 17:36 Go to previous messageGo to next message
Thomas Wolf is currently offline Thomas WolfFriend
Messages: 399
Registered: August 2016
Senior Member
Preemptive authentication is currently not possible with JGit. It would also only work for Basic auth.

But if a git server rate limits accesses without authorization header by number of requests per second and your JGit client gets into trouble because of that, that would mean that your client makes many fetches or pushes within a second. That's rather atypical.

You could perhaps hack it for Basic auth via git config http.extraHeaders, but if you want to implement it in TransportHttp feel free to push a change to Gerrit. See the Contributor's Guide for some help with that.
Re: [Feature Request] Method to explicitly set the auth method [message #1835430 is a reply to message #1835412] Thu, 03 December 2020 08:53 Go to previous messageGo to next message
Thomas Wolf is currently offline Thomas WolfFriend
Messages: 399
Registered: August 2016
Senior Member
I see we already have bug 541327. I've put it on my list of things to tackle in 5.11.
Re: [Feature Request] Method to explicitly set the auth method [message #1836925 is a reply to message #1835430] Mon, 18 January 2021 21:10 Go to previous message
Thomas Wolf is currently offline Thomas WolfFriend
Messages: 399
Registered: August 2016
Senior Member
Bug 541327 is fixed for JGit 5.11. Takes username/password from the URL (%-encode special characters!), or can be set in code via a new method TransportHttp.setPreemptiveBasicAuthentication(String username, String password) which could be used in a TransportConfigCallback. Setting username/password via the method overrides a username and password that might be present in the URL.
Previous Topic:Unable to clone repo in 5.10
Next Topic:Again and again stuck when trying to resolve conflicts
Goto Forum:
  


Current Time: Sat Jul 31 07:02:06 GMT 2021

Powered by FUDForum. Page generated in 0.02333 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software

Back to the top