When a user tries to access a resource for which they are not authorized, the default behavior is to indicate that the resource exists but is protected. For example, an anonymous request will result in a request for authentication (401), and a request by an unauthorized authenticated user will simply be denied (403). You can enable Hide Existence of Unauthorized Resources from Artifactory UI to return a 404 (instead of 403) - Not Found response.
In order to enable it only for a specific repository, you have to update the Artifactory repository configuration. The global Artifactory configuration file(artifactory.config.xml) is used to provide a default set of configuration parameters. From Artifactory version 7.49.x and forward, the Global Configuration Descriptor file will no longer contain Repository Configuration. You can use the Repositories REST API to modify repositories configuration.
Steps to update the repository configuration
1. Create a json file with mandatory elements. Here the repository name is “mavenvirtual”.
repo.json:
{
"key" : "mavenvirtual",
"packageType" : "maven",
"rclass" : "virtual",
"externalDependenciesEnabled" : false,
"hideUnauthorizedResources" : true
}
2. Now execute the update repository REST API,
curl -XPOST -uadmin:pass https://artifactory_host/artifactory/api/repositories/mavenvirtual -H "Content-Type: application/json" -T repo.json
3. Verify whether the configuration is working properly by accessing any resource with a user having minimum permissions.
$ curl https://artifactory_host/artifactory/mavenvirtual/ant-contrib/ant-contrib/maven-metadata.xml -uuser:pass
{
"errors" : [ {
"status" : 404,
"message" : "Maven metadata not found for 'ant-contrib/ant-contrib/maven-metadata.xml'."
} ]
}
References:
Global-configuration-descriptor
Hide-existence-of-unauthorized-resources