Eclipse Community Forums: EGit / JGit » [Feature Request] Method to explicitly set the auth method

Home » Eclipse Projects » EGit / JGit » [Feature Request] Method to explicitly set the auth method(Proposal of a change to reduce the rate of requests to git server)

Show: Today's Messages :: Show Polls :: Message Navigator

[Feature Request] Method to explicitly set the auth method [message #1835395]

Wed, 02 December 2020 11:22

Anatoly Cherenkov

Messages: 1
Registered: December 2020

Junior Member

When using HTTP to connect to the git server, there is always an unauthenticated request before authenticated one. Git server access log shows:

127.0.0.1 - - [27/Feb/2017:16:53:28 +0800] "GET /tac621git.git/info/refs?service=git-upload-pack HTTP/1.1" 401 401
127.0.0.1 - admin [27/Feb/2017:16:53:28 +0800] "GET /tac621git.git/info/refs?service=git-upload-pack HTTP/1.1" 200 320
127.0.0.1 - - [27/Feb/2017:16:55:33 +0800] "GET /tac621git.git/info/refs?service=git-receive-pack HTTP/1.1" 401 401
127.0.0.1 - admin [27/Feb/2017:16:55:33 +0800] "GET /tac621git.git/info/refs?service=git-receive-pack HTTP/1.1" 200 185

It seems org.eclipse.jgit.transport.TransportHttp::connect by default using HttpAuthMethod.Type.NONE. Only when authentication failed it update AuthMethod with the value from response.

The problem is some git server has a limit on denied requests per second. And when exceed that limit server will cut all request from the same IP for a period of time, causing all git related function unavailable.

I think there should be a way to eliminate unauthenticated request but found none in code. Please do tell me if there a way to achieve that. And if there is not, is there a chance for it to be implemented?

Report message to a moderator

Re: [Feature Request] Method to explicitly set the auth method [message #1835412 is a reply to message #1835395]

Wed, 02 December 2020 17:36

Thomas Wolf

Messages: 576
Registered: August 2016

Senior Member

Preemptive authentication is currently not possible with JGit. It would also only work for Basic auth.

But if a git server rate limits accesses without authorization header by number of requests per second and your JGit client gets into trouble because of that, that would mean that your client makes many fetches or pushes within a second. That's rather atypical.

You could perhaps hack it for Basic auth via git config http.extraHeaders, but if you want to implement it in TransportHttp feel free to push a change to Gerrit. See the Contributor's Guide for some help with that.

Report message to a moderator

Re: [Feature Request] Method to explicitly set the auth method [message #1835430 is a reply to message #1835412]

Thu, 03 December 2020 08:53

Thomas Wolf

Messages: 576
Registered: August 2016

Senior Member

I see we already have bug 541327. I've put it on my list of things to tackle in 5.11.

Report message to a moderator

Re: [Feature Request] Method to explicitly set the auth method [message #1836925 is a reply to message #1835430]

Mon, 18 January 2021 21:10

Thomas Wolf

Messages: 576
Registered: August 2016

Senior Member

Bug 541327 is fixed for JGit 5.11. Takes username/password from the URL (%-encode special characters!), or can be set in code via a new method TransportHttp.setPreemptiveBasicAuthentication(String username, String password) which could be used in a TransportConfigCallback. Setting username/password via the method overrides a username and password that might be present in the URL.

Report message to a moderator

Previous Topic:	Unable to clone repo in 5.10
Next Topic:	Again and again stuck when trying to resolve conflicts

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

]

Current Time: Thu Apr 25 20:06:54 GMT 2024

.:: Contact :: Home ::.

Breadcrumbs

Sign up to our Newsletter