jkfrench
asked on
How do I setup a Maven 1 secure repository?
I'm transitioning a Maven 1 repo from an internal machine where security wasn't an issue, to a machine that can be accessed from the Internet. I want to make the repo available for downloads by our developers, but no one else. Is it possible to setup secure access to the repository? Porting everything to Maven 2 (where this would be easier) is not feasible right now.
Some solutions I've considered:
o Use sftp: to access the repo instead of http:. From the Maven docs, though, it looks like you need to include the username and password in the URL, but we're using private/public keys and no passwords.
o Use basic authentication for the repository directories. I can't tell if there's a way to define the username/password for Maven to use on the client side, though.
Has anyone tried one of the above, or come up with another clever way of doing this? Or know for sure it cannot be done w/ Maven 1?
Thanks for any leads.
Some solutions I've considered:
o Use sftp: to access the repo instead of http:. From the Maven docs, though, it looks like you need to include the username and password in the URL, but we're using private/public keys and no passwords.
o Use basic authentication for the repository directories. I can't tell if there's a way to define the username/password for Maven to use on the client side, though.
Has anyone tried one of the above, or come up with another clever way of doing this? Or know for sure it cannot be done w/ Maven 1?
Thanks for any leads.
ASKER
Thanks for the reply, see4me2002. Artifactory looks good, but can you access it from a Maven 1 client? The settings.xml file was added in Maven 2, and I haven't found any indication on the Artifactory site/forum that it supports Maven1 clients.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
It does look like Artifactory can do a lot, including talking to a Maven1 repo. But my problem is in accessing a secure repository with a Maven1 client. The pom.xml file you mentioned implies Maven2. I just wasn't sure how to configure the Maven1 client to access Artifactory (or any repository) securely.
ASKER
Thanks, see4me2002. I figured out how to do this with Maven 1 and our current repo, but I'm assigning you the points because you pointed me to Artifactory. Although I didn't use Artifactory to solve this problem, I think it will come in handy as we migrate our repo from Maven 1 to Maven 2.
ASKER
For future searchers, this is how I solved it:
1. Set up basic authentication for the root directory of our Maven repository.
2. Changed the Maven 1 repository property to include:
http://${repo.user}:${repo.passwd} @myhost/my repo
3. Defined these properties in my ~/build.properties file:
repo.user = myname
repo.passwd = mypasswd
1. Set up basic authentication for the root directory of our Maven repository.
2. Changed the Maven 1 repository property to include:
http://${repo.user}:${repo.passwd}
3. Defined these properties in my ~/build.properties file:
repo.user = myname
repo.passwd = mypasswd
As everything would be in common repostiory ( artifactory) which has the rights to view/edit/delete. Also a virtual mapping can be done for the same. so no one would know whats the remote repository is.
Also everybody doesnt need to go to internet , Artifactory would resovle from the internet and provide the required jars for users.