9

I'm working on a gradle based spring boot project which downloads some dependencies from 'repo.spring.io'. The application used to work fine a while back but now I'm seeing an error in the download dependencies stage.

When the application goes on to download https://repo.spring.io/libs-milestone/commons-logging/commons-logging/1.1.3/commons-logging-1.1.3.jar, I receive an error with HTTP response code 401(Unauthorized).

I'm not sure if there has been some recent change at repo.spring.io end as this used to work on my application before without any issues.

This is the exact error that I get for reference --

What went wrong:
19:44:19 A problem occurred configuring project ':account_settings-service'.
19:44:19 > Could not resolve all files for configuration ':account_settings-service:classpath'.
19:44:19    > Could not download commons-logging.jar (commons-logging:commons-logging:1.1.3)
19:44:19       > Could not get resource 'https://repo.spring.io/libs-milestone/commons-logging/commons-logging/1.1.3/commons-logging-1.1.3.jar'.
19:44:19          > Could not HEAD 'https://repo.spring.io/libs-milestone/commons-logging/commons-logging/1.1.3/commons-logging-1.1.3.jar'. Received status code 401 from server: Unauthorized

Kindly help if anyone has any idea about this or has observed a similar issue.

Thanks in Advance!

Nachiket Juneja
  • 91
  • 1
  • 1
  • 2
  • Tried hitting the same link using browser as well. But the browser too displays a pop up to enter username and password which I don't find anywhere, nor in the recent release notes for repo.spring.io – Nachiket Juneja Nov 23 '20 at 08:17
  • I also am getting this issue, and don't have any explanation. https://stackoverflow.com/questions/64839144/got-an-error-when-building-spring-security-from-source seems relevant. – David Bullock Nov 23 '20 at 12:12

2 Answers2

5

As per this answer to this question, the Spring team are putting the kibbosh on freeloaders using their repository as a public distribution channel.

It looks like you'll need to adjust your {build thingy} so that it does not attempt to download from https://repo.spring.io/libs-milestone/

In the case of commons-logging:commons-logging:1.1.3 being an Apache project, 'Maven Central' (aka https://repo.maven.apache.org/maven2/, being an Apache repository) hosts https://repo.maven.apache.org/maven2/commons-logging/commons-logging/1.1.3/ without restrictions.

David Bullock
  • 6,112
  • 3
  • 33
  • 43
  • 2
    Note: I was in a similar position just now. I discovered that https://mvnrepository.com/ is only a meta-directory (ad-supported), and you can tell which repositories host various packages by inspecting the 'Repositories' tags for the entry: eg. https://mvnrepository.com/artifact/commons-logging/commons-logging/1.2 in your case. And click on any of the repository 'tags' to browse the 'actual URL' of the repository. – David Bullock Nov 23 '20 at 12:46
  • In my case, https://mvnrepository.com did not know that the artifact I needed was actually in the 'JFrog Bintray JCentral' repo, and 'just trying' worked for me (phew!) – David Bullock Nov 23 '20 at 12:51
2

moving to spring-boot it required a pluginRepositories entry with spring-releases repo in the pom, to get the plugin, but then hit this same 401 error. Adding maven-central pluginRepository fixed it. final entry in pom is:

<pluginRepositories>
    <pluginRepository>
        <id>mavencentral</id>
        <url>https://repo.maven.apache.org/maven2</url>
    </pluginRepository>
    <pluginRepository>
        <id>spring-releases</id>
        <url>https://repo.spring.io/libs-release</url>
    </pluginRepository>
</pluginRepositories>
dezzer10
  • 752
  • 7
  • 9