mvn deploy with username password without configuring settings.xml [duplicate] - maven

This is the way it currently works, and it's the Maven Deploy Plugin Usage
pom.xml
[...]
<distributionManagement>
<repository>
<id>internal.repo</id>
<name>MyCo Internal Repository</name>
<url>Host to Company Repository</url>
</repository>
</distributionManagement>
[...]
settings.xml
[...]
<server>
<id>internal.repo</id>
<username>someUser</username>
<password>somePassword</password>
</server>
[...]
and what I'm trying to achieve is finding a way in which the username and password are typed in at the command line. to achieve mvn deploy -someUser -somePassword

The settings.xml is considered personal, so for that reason the username+password are stored in the (user-)settings.xml. So in general there's no reason to pass them as argument. (btw, passwords can be stored encrypted here) The maven-deploy-plugin has no option to pass them via commandline. However, I've seen hacks like:
<username>${internal.repo.username}</username>
And now you can do -Dinternal.repo.username=someUser

I'll lay out here the full solution, but basically Robert Scholte's solution works brilliant.
In your ~/.m2/settings.xml you should have the following
<settings>
<servers>
<server>
<id>${repo.id}</id>
<username>${repo.login}</username>
<password>${repo.pwd}</password>
</server>
</servers>
</settings>
and then you just
mvn -Drepo.id=myRepo -Drepo.login=someUser -Drepo.pwd=somePassword clean install
You can even use your environment variable (if you are doing that on the remote server/container, for example):
mvn -Drepo.id=$REPO_ID -Drepo.login=$REPO_LOGIN -Drepo.pwd=$REPO_PWD clean install

This also works:
<server>
<id>${repo.id}</id>
<username>${repo.username}</username>
<password>${repo.password}</password>
</server>

Related

401 unauthorized from maven when publishing to gitlab artifactory

I am facing an issue when trying to publish an artifact in private gitlab repository. I am using maven and I authenticated using personal access token. When I run mvn deploy -s ~/.m2/settings.xml I get the following error Failed to deploy artifacts: Could not transfer artifact ... 401 Unauthorized
My settings.xml file looks like this.
<servers>
<server>
<id>gitlab-maven</id>
<configuration>
<httpHeaders>
<property>
<name>personal-token</name>
<value>mytoken</value>
</property>
</httpHeaders>
</configuration>
</server>
</servers>
I've also tried changing it to
<servers>
<server>
<id>gitlab-maven</id>
<username>username</username>
<password>pass</password>
</server>
</servers>
but that didn't help. And here is my pom publishing part
<repositories>
<repository>
<id>gitlab-maven</id>
<url>https://gitlab.mycompany.com/api/v4/projects/92/packages/maven</url>
</repository>
</repositories>
<distributionManagement>
<repository>
<id>gitlab-maven</id>
<url>https://gitlab.mycompany.com/api/v4/projects/92/packages/maven</url>
</repository>
<snapshotRepository>
<id>gitlab-maven</id>
<url>https://gitlab.mycompany.com/api/v4/projects/92/packages/maven</url>
</snapshotRepository>
</distributionManagement>
Is there anything that I'm missing? Thank you in advance.
Fixed this by changing property in the settings file to Private-Token (I was using actual name of the token previously)
I had the same problem but for a different reason.
my idea (intellij with built in maven plugin) was using different settings file (C:\Users\YOUR_USER_NAME\.m2\settings.xml) from the one i configured the server (local maven installation on a different path).
to fix this go to: File -> Settings (on windows Ctrl + Alt + s) -> Build, Execution, Deployment -> Build Tools -> Maven -> User settings file.
mark the check box for Override and direct to the correct path.
hopefully it will save someone's time...
In case this might help someone:
Once you reach the "mvn deploy" step in the gitlab docs and find yourself struggling with 401 Unauthorized error, running the deploy command with -s or --settings flag like so:
mvn deploy -s settings.xml (the argument to the -s flag is the path to your project settings.xml file)
Solves the issue (at least for me) by using the user specified settings file instead of the default one stored in .m2 folder.
(I found solution in this video)

Repository Authentication with Basic Auth only works when embedded in URL

I have a private maven repository. Publishing on this repository with authentication works well. But when I try use the repository to resolve dependencies, the authentication credentials defined in the settings.xml are not applied. Only way to make it work is to provide the credentials in the repository URL defined in the pom.xml
Is this a bug or did I miss something during setup?
Snippet from the pom.xml
<repositories>
<repository>
<id>myServer</id>
<name>My Servers Name</name>
<url>https://someHost/repository/maven-public/</url>
</repository>
</repositories>
Snippet from the settings.xml
<servers>
<server>
<id>myServer</id>
<username>myUser</username>
<password>myPass</password>
</server>
</servers>
I use Apache Maven 3.0.5 (Red Hat 3.0.5-17) and on the server's side I see that no credentials are applied, so a 401 is responded.
The above setup does work if I remove the server-setup from settings.xml and add the credentials myUser:myPass to the URL defined in the pom.xml.
Finally it appeared that I had a typo in the auth-credentials so, all works as expected.

how to get maven archetypes from my own authenticated nexus without username and password in the URL?

I have a private Nexus with a repository protected via authentication.
Pulling libraries works like a charm, but if I want to use one of the archetypes stored up there I always need to write plaintext username and password in the URL of the archetype catalog like this:
mvn archetype:generate -DarchetypeCatalog=http://username:password#maven.mycompany.com/nexus/content/repositories/myrepo/archetype-catalog.xml
I read http://maven.apache.org/archetype/maven-archetype-plugin/faq.html#authentication and updated my settings.xml with what I understood from that very tiny bit of help:
<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0
http://maven.apache.org/xsd/settings-1.0.0.xsd">
<servers>
<server>
<id>myrepo</id>
<username>username</username>
<password>{HASHED_PASSWORD}</password>
</server>
<server>
<id>pretty-archetype-unicorn-repo</id>
<username>username</username>
<password>{HASHED_PASSWORD}</password>
</server>
</servers>
<profiles>
<profile>
<id>someid</id>
<repositories>
<repository>
<id>myrepo</id>
<name>My Repo</name>
<url>http://maven.mycompany.com/nexus/content/repositories/myrepo/</url>
</repository>
</repositories>
</profile>
</profiles>
<activeProfiles>
<activeProfile>someid</activeProfile>
</activeProfiles>
</settings>
Needless to say, it doesn't work and when I try:
mvn archetype:generate -DarchetypeCatalog=http://maven.mycompany.com/nexus/content/repositories/myrepo/archetype-catalog.xml
I get the same old:
[WARNING] Error reading archetype catalog http://maven.mycompany.com/nexus/content/repositories/myrepo/archetype-catalog.xml
org.apache.maven.wagon.authorization.AuthorizationException: Access denied to: http://maven.mycompany.com/nexus/content/repositories/myrepo/archetype-catalog.xml
Any hints, or better documentation with working example?
There's currently no way to do that if you don't specify at least -DarchetypeArtifactId. As per the official docs you linked:
The server id used to download the artifact is [archetypeArtifactId]-repo
hence there's no way to just browse the catalog if it's password protected (and you're not willing to expose username/password on your shell history).
In the meanwhile, you can go ahead and vote for ARCHETYPE-204. They have a patch already available since years, they probably just need a bit of a push.
UPDATE
Looking into the source code of the maven archetype project, looks like the following snippet in the settings.xml might work for you:
<servers>
<server>
<id>archetype</id>
<username>${your username}</username>
<password>${your password}</password>
</server>
</servers>
There is a default ID of archetype when building the Repository object while fetching a remote catalog. I don't think it's the official way of dealing with such situations, and it's a bit dirty IMO. But it might still work for you :-)
Also, you should be able to set profiles for reusing the archetype ID for different servers.
I think it should be in your settings.xml
<servers>
<server>
<id>myrepo</id>
<username>${your username}</username>
<password>${your password}</password>
</server>
</servers>
you need to add <server> for each of password protected repositories.
Looks like this is a known issue and you can't use archetypes from protected repository. See https://issues.apache.org/jira/browse/ARCHETYPE-204
There is a workaround available by doing the following:
mvn archetype:generate -DarchetypeCatalog=https://username:password#maven.mycompany.com/nexus/content/repositories/myrepo/

Set maven to use archiva repositories WITHOUT using activeByDefault?

I am very close to finally having a working setup with archiva and maven.
The last thing that's really boggling me, is how to set up my internal and snapshot repositories - without using a profile which contains activeByDefault set to true.
I am using a SUPER super pom - a company-wide pom which contains distributionManagement information for releases. I was thinking that I could specify the repositories in this pom, and configure the authentication settings in settings.xml? Can I use repositories tag without a profile? There should be no "profile" for my internal and snapshot repositories, as they will never change...
What I'm trying to steer clear from, is using a "default" profile, which is active all the time. I hear activeByDefault is NOT a best practice and I don't intend to use it.
With that said, how should I go about doing this? My internal repo is a mirror of the maven central repo, so I would like to lock down my developers to ONLY use our internal artifact server. Remember - I do NOT want a profile with activeByDefault set to true. I cannot stress this enough! Should I use Maven mirrors? Should I "add" additional repositories?
If I take the repositories tag instead of the mirrors tag, will maven force builds to use ONLY my archiva settings, instead of the default maven central?
Or is what I seek to accomplish able to be done using only the mirrors tag in maven? I know how to configure repo credentials when using repositories tag, but not with mirrors. How is this done? Is providing credentials for anything in mirrors tags the same as for anything in repositories tags?
Am I missing something obvious? I've had it up to here with getting things up and running using maven. I know it will be worthwhile in the end, but it is surely causing me a ton of aggravation and resources seem to be sparse. Either that, or people are content using it however they please without regard to best-practices.
Thank you
To use your internal repo as a mirror of central you need to setup a mirror like this (in settings.xml):
<mirrors>
<mirror>
<id>my-internal-repo</id>
<mirrorOf>central</mirrorOf> // use * for do mirror of all
<name>Clinker Maven Repository</name>
<url>http://my-repo-host/my-repo-path</url>
</mirror>
</mirrors>
If my-internal-repo is protected you can set credentials:
<servers>
<server>
<id>my-internal-repo</id>
<username>youruser</username>
<password>yourpassword</password>
</server>
</servers>
Please, note the server id tag content should match the id of your mirror.
To use your internal-snapshots repository you must set a repository in your project POM, since the use of snapshots artifact should be controlled and clearly defined at the project level, not at the settings level:
<repository>
<id>internal-snapshots</id>
<url>http://your-repo-host/internal-snapshots-path</url>
<releases>
<enabled>false</enabled>
</releases>
<snapshots>
<enabled>true</enabled>
</snapshots>
</repository>
And finally, you must exclude internal-snapshots from the mirror:
<mirrors>
<mirror>
<id>my-internal-repo</id>
<mirrorOf>central, !internal-snapshots</mirrorOf> // use * to do mirror of all
<name>Clinker Maven Repository</name>
<url>http://my-repo-host/my-repo-path</url>
</mirror>
</mirrors>
and add a server (if it's protected):
<servers>
<server>
<id>my-internal-repo</id>
<username>youruser</username>
<password>yourpassword</password>
</server>
<server>
<id>internal-snapshots</id>
<username>youruser</username>
<password>yourpassword</password>
</server>
</servers>

maven distributionManagement outside the pom

Anyway I can move the distributionManagement part outside the pom
I don't like the idea that my pom.xml contains server location,
Is it possible to move this or server name to settings.xml?
Thanks
<distributionManagement>
<repository>
<id>archiva</id>
<name>archiva Repo</name>
<url>http://ca.server:8080/archiva/repository/snapshots/</url>
</repository>
<snapshotRepository>
<uniqueVersion>false</uniqueVersion>
<id>archiva</id>
<name>archiva Repo</name>
<url>http://ca.server:8080/archiva/repository/snapshots/</url>
</snapshotRepository>
</distributionManagement>
The best idea for this is to put such information into a parent POM (company pom) and use this instead of the settings.xml cause any body who wan't to build needs to change the settings.xml.
Short answer: Yes, you can.
Longer answer: I like the idea too, because I could imagine that the application will be built and distributed on different servers. So I like the following:
Define in the POM the dependencies to other libraries and plugins.
Define in your Maven installation configuration (so it is dependent on the installation, not on the user using that installation) what you have sketched out in your question.
Normally, you need a user-id and password to distribute in a Maven repository, and this is the (only) contents of it:
<settings>
<servers>
<server>
<id>archiva</id>
<username>XXadmin-user-nameXX</username>
<password>XXadmin-passwordXX</password>
</server>
</servers>
</settings>
This should only be on the build server configured by the build manager and not known by everyone. The only thing you have to ensure is that the IDs are the same in both files.

Resources