sschuberth
commented
3 months ago The package org.apache.http.client.protocol.ResponseProcessCookies is not from us. Can you share more context from the stacktrace?
Closed heliocastro closed 2 months ago
sschuberth
commented
3 months ago The package org.apache.http.client.protocol.ResponseProcessCookies is not from us. Can you share more context from the stacktrace?
sschuberth
commented
3 months ago @heliocastro, do you see this when running one of the SW360 commands? Because that seems to be the only place where ORT is using Apache Http instead of OkHttp. If so, this might solve it.
heliocastro
commented
2 months ago Hi @sschuberth, I did some investigation and the issue comes from the maven implementation on Ort, not related to the sw360, and happens during Analyzer stage: Here's exact snippet where it happens in eclipse-aether:
I'll try to debug further
10:05:46.809 [DefaultDispatcher-worker-1] DEBUG org.ossreviewtoolkit.plugins.packagemanagers.maven.utils.MavenSupport - Ignoring local repositories [vw-central (https://jfrog.devstack.vwgroup.com/artifactory/public/, default, releases), vw-dp-common (https://jfrog.devstack.vwgroup.com/artifactory/gvo-maven-dataproductscommon/, default, releases+snapshots), central (https://repo.maven.apache.org/maven2, default, releases), sonatype-nexus-snapshots (https://oss.sonatype.org/content/repositories/snapshots, default, snapshots), central (https://repo.maven.apache.org/maven2, default, releases)].
10:05:46.809 [DefaultDispatcher-worker-1] DEBUG org.ossreviewtoolkit.plugins.packagemanagers.maven.utils.MavenSupport - Searching for 'org.webjars:swagger-ui:jar:4.18.2' in [vw-central (https://jfrog.devstack.vwgroup.com/artifactory/public/, default, releases), vw-dp-common (https://jfrog.devstack.vwgroup.com/artifactory/gvo-maven-dataproductscommon/, default, releases+snapshots), central (https://repo.maven.apache.org/maven2, default, releases), spring-release (https://repo.spring.io/release, default, releases), spring-snapshot (https://repo.spring.io/snapshot, default, releases+snapshots), sonatype-nexus-snapshots (https://oss.sonatype.org/content/repositories/snapshots, default, snapshots)].
10:05:46.809 [DefaultDispatcher-worker-1] DEBUG org.ossreviewtoolkit.plugins.packagemanagers.maven.utils.MavenSupport - Trying to download artifact 'org.webjars:swagger-ui:jar:4.18.2' from https://jfrog.devstack.vwgroup.com/artifactory/public/org/webjars/swagger-ui/4.18.2/swagger-ui-4.18.2.jar.
10:05:46.810 [DefaultDispatcher-worker-1] DEBUG org.eclipse.aether.internal.impl.DefaultTransporterProvider - Using transporter HttpTransporter with priority 5.0 for https://jfrog.devstack.vwgroup.com/artifactory/public/
10:05:46.810 [DefaultDispatcher-worker-1] DEBUG org.eclipse.aether.internal.impl.DefaultRepositoryConnectorProvider - Using connector BasicRepositoryConnector with priority 0.0 for https://jfrog.devstack.vwgroup.com/artifactory/public/ via localhost:9000 with org.eclipse.aether.util.repository.JreProxySelector$JreProxyAuthentication@4ddacff8
10:05:46.810 [DefaultDispatcher-worker-1] DEBUG org.apache.http.client.protocol.RequestAddCookies - CookieSpec selected: default
10:05:46.810 [DefaultDispatcher-worker-1] DEBUG org.apache.http.impl.conn.PoolingHttpClientConnectionManager - Connection request: [route: {tls}->http://localhost:9000->https://jfrog.devstack.vwgroup.com:443][total available: 3; route allocated: 1 of 50; total allocated: 3 of 100]
10:05:46.810 [DefaultDispatcher-worker-1] DEBUG org.apache.http.impl.conn.PoolingHttpClientConnectionManager - Connection leased: [id: 0][route: {tls}->http://localhost:9000->https://jfrog.devstack.vwgroup.com:443][total available: 2; route allocated: 1 of 50; total allocated: 3 of 100]
10:05:46.810 [DefaultDispatcher-worker-1] DEBUG org.apache.http.impl.conn.DefaultManagedHttpClientConnection - http-outgoing-0: set socket timeout to 0
10:05:46.810 [DefaultDispatcher-worker-1] DEBUG org.apache.http.impl.conn.DefaultManagedHttpClientConnection - http-outgoing-0: set socket timeout to 1800000
10:05:46.810 [DefaultDispatcher-worker-1] DEBUG org.apache.http.impl.execchain.MainClientExec - Executing request HEAD /artifactory/public/org/webjars/swagger-ui/4.18.2/swagger-ui-4.18.2.jar HTTP/1.1
10:05:46.810 [DefaultDispatcher-worker-1] DEBUG org.apache.http.impl.execchain.MainClientExec - Target auth state: UNCHALLENGED
10:05:46.860 [DefaultDispatcher-worker-1] DEBUG org.apache.http.impl.execchain.MainClientExec - Connection can be kept alive indefinitely
10:05:46.860 [DefaultDispatcher-worker-1] DEBUG org.apache.http.impl.auth.HttpAuthenticator - Authentication required
10:05:46.860 [DefaultDispatcher-worker-1] DEBUG org.apache.http.impl.auth.HttpAuthenticator - jfrog.devstack.vwgroup.com:443 requested authentication
10:05:46.860 [DefaultDispatcher-worker-1] DEBUG org.apache.http.impl.client.TargetAuthenticationStrategy - Authentication schemes in the order of preference: [Negotiate, Kerberos, NTLM, CredSSP, Digest, Basic]
10:05:46.860 [DefaultDispatcher-worker-1] DEBUG org.apache.http.impl.client.TargetAuthenticationStrategy - Challenge for Negotiate authentication scheme not available
10:05:46.860 [DefaultDispatcher-worker-1] DEBUG org.apache.http.impl.client.TargetAuthenticationStrategy - Challenge for Kerberos authentication scheme not available
10:05:46.860 [DefaultDispatcher-worker-1] DEBUG org.apache.http.impl.client.TargetAuthenticationStrategy - Challenge for NTLM authentication scheme not available
10:05:46.860 [DefaultDispatcher-worker-1] DEBUG org.apache.http.impl.client.TargetAuthenticationStrategy - Challenge for CredSSP authentication scheme not available
10:05:46.860 [DefaultDispatcher-worker-1] DEBUG org.apache.http.impl.client.TargetAuthenticationStrategy - Challenge for Digest authentication scheme not available
10:05:46.860 [DefaultDispatcher-worker-1] DEBUG org.apache.http.impl.conn.PoolingHttpClientConnectionManager - Connection [id: 0][route: {tls}->http://localhost:9000->https://jfrog.devstack.vwgroup.com:443] can be kept alive indefinitely
10:05:46.860 [DefaultDispatcher-worker-1] DEBUG org.apache.http.impl.conn.DefaultManagedHttpClientConnection - http-outgoing-0: set socket timeout to 0
10:05:46.860 [DefaultDispatcher-worker-1] DEBUG org.apache.http.impl.conn.PoolingHttpClientConnectionManager - Connection released: [id: 0][route: {tls}->http://localhost:9000->https://jfrog.devstack.vwgroup.com:443][total available: 3; route allocated: 1 of 50; total allocated: 3 of 100]
10:05:46.860 [DefaultDispatcher-worker-1] WARN org.apache.http.client.protocol.ResponseProcessCookies - Invalid cookie header: "Set-Cookie: AWSALB=rlhopvySkjsYFSk30vL2SO3xIcok/rnQ98TEfEjWBgT5F9X+8RcToudxqjv26n9TW9k0h/sx0f/PVIjxajAeFUU5WN1i5sxiYqwHkssgyquG0NwbZUlXoJH+rnzq; Expires=Mon, 01 Jul 2024 08:05:46 GMT; Path=/". Invalid 'expires' attribute: Mon, 01 Jul 2024 08:05:46 GMT
10:05:46.860 [DefaultDispatcher-worker-1] WARN org.apache.http.client.protocol.ResponseProcessCookies - Invalid cookie header: "Set-Cookie: AWSALBCORS=rlhopvySkjsYFSk30vL2SO3xIcok/rnQ98TEfEjWBgT5F9X+8RcToudxqjv26n9TW9k0h/sx0f/PVIjxajAeFUU5WN1i5sxiYqwHkssgyquG0NwbZUlXoJH+rnzq; Expires=Mon, 01 Jul 2024 08:05:46 GMT; Path=/; SameSite=None; Secure". Invalid 'expires' attribute: Mon, 01 Jul 2024 08:05:46 GMTStill looks like this should be reported against https://maven.apache.org/resolver/issue-management.html instead.
heliocastro
commented
2 months ago Opened here: https://issues.apache.org/jira/browse/MRESOLVER-574
sschuberth
commented
2 months ago Thanks, let's close this in favor of the upstream issue then; we'll automatically benefit from a fix if a new version of the resolver library with the fix is released.
sschuberth
commented
2 months ago Version 1.9.21 of Maven resolver will have the fix.
During analyzer run, using --info, this warning can be seen: