How do I setup a Maven 1 secure repository?

I'm transitioning a Maven 1 repo from an internal machine where security wasn't an issue, to a machine that can be accessed from the Internet. I want to make the repo available for downloads by our developers, but no one else. Is it possible to setup secure access to the repository? Porting everything to Maven 2 (where this would be easier) is not feasible right now.

Some solutions I've considered:
o Use sftp: to access the repo instead of http:. From the Maven docs, though, it looks like you need to include the username and password in the URL, but we're using private/public keys and no passwords.

o Use basic authentication for the repository directories. I can't tell if there's a way to define the username/password for Maven to use on the client side, though.

Has anyone tried one of the above, or come up with another clever way of doing this? Or know for sure it cannot be done w/ Maven 1?

Thanks for any leads.
jkfrenchAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

see4me2002Commented:
Check out artifactory repository. This has the feature to assign rights to the users who can access the repository, which means rights to repository and the same can be specified in the setting.xml with the username and password.

As everything would be in common repostiory ( artifactory) which has the rights to view/edit/delete. Also a virtual mapping can be done for the same. so no one would know whats the remote repository is.

Also everybody doesnt need to go to internet , Artifactory would resovle from the internet and provide the required jars for users.
0
jkfrenchAuthor Commented:
Thanks for the reply, see4me2002. Artifactory looks good, but can you access it from a Maven 1 client? The settings.xml file was added in Maven 2, and I haven't found any indication on the Artifactory site/forum that it supports Maven1 clients.
0
see4me2002Commented:
yes ofcourse you can access it. in the Maven 1 artificatory have a external Link to your second second artifactory and the put the 1 artifactory link in your pom.xml as common repository. it would look in 1 and then 1 would look in 2 if its not available .

other way around is , you can have two urls mapped in your pom.xml as common repository.

To make it secured, have the local and external repository url mapped to a virtual repository and then give that url to the developers so in this case the developers wont know which are the sites your artifactory is looking for the downloads. Also other advantage is, when the library is missing in your repository it would look for the external site and download it, cache it in the artifactory and then give to the developer.

Alot can be done with aritifactory.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Exploring ASP.NET Core: Fundamentals

Learn to build web apps and services, IoT apps, and mobile backends by covering the fundamentals of ASP.NET Core and  exploring the core foundations for app libraries.

jkfrenchAuthor Commented:
It does look like Artifactory can do a lot, including talking to a Maven1 repo. But my problem is in accessing a secure repository with a Maven1 client. The pom.xml file you mentioned implies Maven2. I just wasn't sure how to configure the Maven1 client to access Artifactory (or any repository) securely.
0
jkfrenchAuthor Commented:
Thanks, see4me2002. I figured out how to do this with Maven 1 and our current repo, but I'm assigning you the points because you pointed me to Artifactory. Although I didn't use Artifactory to solve this problem, I think it will come in handy as we migrate our repo from Maven 1 to Maven 2.
0
jkfrenchAuthor Commented:
For future searchers, this is how I solved it:

1. Set up basic authentication for the root directory of our Maven repository.

2. Changed the Maven 1 repository property to include:

   http://${repo.user}:${repo.passwd}@myhost/myrepo

3. Defined these properties in my ~/build.properties file:

   repo.user = myname
   repo.passwd = mypasswd
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Java

From novice to tech pro — start learning today.