10

I am just testing out a gradle (an absolute noob in this field).

I am trying this out on Windows box. I used to have Maven do the build and release for me from the same machine. It is behind a proxy with NTLM authentication. And that used to work alright. However, somehow Gradle is not doing that for me.

My build.gradle has the following config (apart from other)

// Java plugin to build our JAR artifact.
apply plugin: 'java'  

// Build stuff with jdk 1.7
sourceCompatibility = 1.7
targetCompatibility = 1.7

// Regular name and version for your project. 
group = 'foo.bar.gradle'
version = '1.0-SNAPSHOT'

// The local maven repository
def localMavenRepo = 'file://C:/ProgramFiles/MavenRepository'

repositories {
// Use the maven central repository. 
mavenCentral()
// ... and the local maven repository.
maven { url localMavenRepo }

// maven { url 'http://www.springsource.com/repository/' }
}


dependencies {
compile 'org.databene:contiperf:2.2.0','org.springframework:spring-webmvc:3.2.0.RELEASE'         
testCompile 'junit:junit:4.11' 
/*compile.exclude module: 'commons'*/
/*all*.exclude*/ 
}

My /gradle.properties has the following set up 

systemProp.proxySet=true
systemProp.http.proxyHost=<proxy name, same as that set in Maven>
systemProp.http.proxyPort=8080
systemProp.http.proxyUser=<domain name>/<user name>

However, when I run this, I get the following error 

NEGOTIATE authentication error: No valid credentials provided (Mechanism level:
No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)
)

This is in version 1.3 of Gradle. Please help.

Update: I have now updated to gradle-1.4-rc-3 My gradle.properties file look like this now 

systemProp.proxySet="true"
systemProp.http.keepAlive="true"
systemProp.http.proxyHost=<proxy name> 
systemProp.http.proxyPort=8080
systemProp.http.proxyUser=<domain name>/<username>

But I still continue to see the issue. I have got some more logs. I see this in the STS (IDE)

Could not GET 'http://repo1.maven.org/maven2/org/spr...'. Received status code 500 from server: Internal Server Error 
Could not execute build using Gradle installation 'C:\ProgramFiles\gradle-1.4-rc-3'.

And no, the credentials are not wrong. In the same setup, with same values Maven is working fine. And no, the gradle.properties is in correct location as well. If I change the value of the proxy, the error changes. So, the tool is definitely reading the gradle.properties file.

partha
  • 2,286
  • 5
  • 27
  • 37
  • Did you solve this issue? Im facing the same issue. Im behind a proxy and Im using Gradle 2.3 – Deepu May 06 '15 at 04:25
  • Were you able to solve this issue? I'm too facing the same! – zIronManBox Sep 10 '15 at 06:27
  • See Mannfred Berndtgen's answer below. In addition to having cntlm up and running and having http.proxyHost, http.proxyPort pointing at it (as above), you need to also have the HTTPS equivalents (https.proxyHost, https.proxyPort) pointing at the same cntlm instance. – bdumtish Oct 16 '15 at 11:48

7 Answers7

11

UPDATE:

with time, better solution:

Add wagon-http-lightweight extension Wagon HTTP lightweight library deals with authentication limitations in Maven 3 when working with NTLM proxies.

Download the wagon-http-lightweight-2.2.jar from maven repo. Copy the wagon-http-lightweight-2.2.jar to %M2_HOME%/lib/ext folder.

Original Answer:

I had the exact same problem. It's a common problem with microsoft servers (ISA, etc). The http header used in your application are not supported for NTLM (at least, directly)
To bypass this, I used a "proxy-to-proxy". A local proxy that will change the http header on the fly so that Microsoft servers can understand your request.

Basically you will send your request locally (127.0.0.1) this proxy server will change the header with NTLM compliant request and forward it to the parent proxy on the 8080 port.

Two scenarios: you have Administrators privileged or not.

If you have admin rights, you can install CNTLM It will be installed as a service. There is a "auto-config" install, you can check on the wiki of CNTLM (default port:3128)

If you don't have Admin rights, you can install NTLM APS (even though it's quite old, it works for me)
you need to configure the server.cfg file with your NT Domain, host, parent proxy + port, NTLM_TO_BASIC 1 (you can get your domain and host by pressing on your keyboard 'windows + pause' buttons) the default port is 5865.

For NTLMAPS, you need Python (python portable doesn't require admin rights, and change the value in 'runserver.bat' to match your install) and you also need to patch the version on sourceforge with this patch because it has a bug with chunked responses

In your application, you need to change your proxy settings as follow: 

systemProp.http.proxyHost=127.0.0.1
systemProp.http.proxyPort=3128 or 5865 depending on which server you installed

Sometimes the microsoft server still blocks the requests and I need to restart my local proxy or change parent proxy address.

Rigg802
  • 2,666
  • 1
  • 16
  • 14
  • Ok. That is new and I had not found that before. However, just so you know, I use Maven from the exact same box, under the exact same user, using the exact same proxy and user settings. That works. And this does not. Would you still say "proxy to proxy" is something that is worth investigating. – partha Jan 31 '13 at 08:52
  • I actually had the same problem with Maven and my artifact server. So it's strange, it should behave the same way for all your software, even though sometimes, my maven could go through proxy but it was random. I found that solution online awhile ago and I sent you my notes about it. But I just found again the source: http://docs.codehaus.org/display/MAVENUSER/Configuring+Maven+behind+an+NTLM+proxy it is a quick and easy solution to implement, so yes, it is worth trying. – Rigg802 Jan 31 '13 at 10:46
  • Awesome, your update helped me solve my problem which I was struggling with for 2 days now. – Aakash Apr 28 '16 at 05:54
  • @Rigg802 could you please elaborate: if I need to make gradle to work with NTLM proxy I should put the JAR to %M2_HOME%/lib/ext, right ? And gradle automagically will use libraries from that folder even if I don't have maven installed? – user3159253 Dec 25 '20 at 17:04
4

This is a rather old question, but still one of the first hits when googling for 'gradle' and 'ntlm proxy'. There's not much documentation about it, but if gradle complains about something like

Could not GET 'https://jcenter.bintray.com/org/slf4j/...

and you're using cntlm as your proxy then this command line might be helpful:

gradle test -DproxySet=true -Dhttps.proxyHost=127.0.0.1 -Dhttps.proxyPort=3128

(assuming default values for proxy name and port). Note the "https" settings. Missing downloads were working successfully with these settings.

Manfred Berndtgen
  • 181
  • 6
1

This worked for me, am using gradle-6.3. Place the following in gradle.properties

Note that we usually give domain-name\user-name while logging into Windows machine, but the value to be give would be domain-name/user-name. Also your password need not be hex-encoded, and if your password contains 'equal to' character, gradle picks all value 'after' first '=' (from the left) as your password.

systemProp.http.proxyHost=proxy-ip-or-name
systemProp.http.proxyPort=proxy-port 
systemProp.http.proxyUser=domain-name/user-name 
systemProp.http.proxyPassword=your-password-without-any-encoding

systemProp.https.proxyHost=proxy-ip-or-name 
systemProp.https.proxyPort=proxy-port 
systemProp.https.proxyUser=domain-name/user-name 
systemProp.https.proxyPassword=your-password-without-any-encoding
Siva
  • 598
  • 3
  • 11
  • This should be the accepted answer, was it is the only thing that really works with recent version of gradle. – M.Huetter Jan 13 '22 at 16:27
0

I remember working behind an NTLM proxy in the past. As we worked on *nix boxes we couldn't use NTLM proxy as there is no support for it in those OSes. I also don't think that Gradle supports NTLM, but I might be wrong.

Anyway, the thing we used back then was (cntlm)[http://cntlm.sourceforge.net/] proxy and you could do the same thing. Just set it up on your machine and point Gradle's proxy settings at it.

EDIT: Apparently I was wrong - Gradle supports NTLM authentication, see release notes for 1.0-milestone-8

erdi
  • 6,944
  • 18
  • 28
  • Thanks @erdi. Yes, I have seen that bit of documentation but still it is not working on my end, athough Maven is working perfectly alright with same setting in the same infrastructure. I have also raised a ticket with Gradle folks at http://forums.gradle.org/gradle/topics/not_being_able_to_download_dependencies_from_mavencentral_from_behind_a_corporate_proxy_on_ntlm?rfm=1. – partha Jan 25 '13 at 04:17
0

Gradle depends on Apache HttpClient + jcifs to do NTLM authentication.

There is a bug in HttpClient 4.2.1 and 4.2.2 that can cause issues: there are 2 options for you to try.

  • Upgrade to the Gradle 1.4-rc-3 or higher, which contain a bugfix for this issue.
  • Include systemProp.http.keepAlive="true" in your gradle.properties file.
daz deboer
  • 1
  • 1
  • Thanks for the response @daz deboer. But I am still facing the same issue. See update in the question. – partha Jan 25 '13 at 05:44
0

Seeing that you have your maven repo is under C:\ProgramFiles and not in a typical write-able location such as in a user directory 

%USERPROFILE%\.m2\repository || ~/.m2/repository

Your errors may be windows permissions errors ... make sure you check your windows logs and/or try moving your repo to a traditional location ...

Edward J Beckett
  • 5,061
  • 1
  • 41
  • 41
0

I was able to patch Gradle core v1.10 to use BASIC instead of NTLM, and it worked in our environment.

In case you wanted to try, the jar file is here

Use at your own risk.

Adam Adamaszek
  • 3,914
  • 1
  • 19
  • 24