I've installed a sonatype nexus to be my maven repo. The nexus instalation is using the Active Directory to authenticate users, and the annonymous login is off.
Every user that uploads an artifact to my repo must be identifyed with a unique username, thus the AD integration.
The regular way to use this structure is to set in the POM.xml the Distribution Managemente tag so the artifact is sent to nexus
<distributionManagement>
...
<repository>
<id>deploymentRepo</id>
<name>Internal Releases</name>
<url>http://nexusserver:8081/nexus/content/repositories/releases</url>
</repository>
...
</distributionManagement>
In the local repo settings (~/.m2/settings.xml) add the username/password combo to login into nexus
<server>
<id>deploymentRepo</id>
<username>deployment</username>
<password>deployment123</password>
</server>
It's working great for me, but what I'm trying to achieve is to somehow do the auth in nexus without having to put the user password in the local repo. Is it possible?
What are you trying to achieve: not to store password as plain text or for user having to pass password every time it runs maven deploy command?
Password could be stored in encrypted form, as described here
Or you could try to pass password on command line like below, but I haven't tried that:
mnv -Dpassword=deployment123 deploy
Nexus 2.1 is due to be released in June and we've built a new feature to support secure authentication without requiring a clear text password in the settings.xml.
Related
On our jenkins box we clone our repo using https rather than ssh. However when I run the
mvn release:prepare
command it is pushing the commits via ssh. I am pretty sure it is because in my pom.xml in the scm section I have
<connection>scm:git:ssh:<internal package></connection>
<developerConnection>scm:git:ssh:<internal package></developerConnection>
I am pretty sure I can just change that to to be something like https: however where do I put the username and password so that it can connect?
The credentials are stored in mavens settings file, so that the are not exposed in the pom.
Add a server section to your ~/.m2/settings file with your GitHub user/password, i.e.
<servers>
<server>
<id>GitHub</id>
<username>[User]</username>
<password>[Password]</password>
</server>
</servers>
Add a property <project.scm.id>GitHub</project.scm.id> to your properties section in the pom.
The reference to the server Id is not detailed in the release plugin config but the top level pom properties.
http://numberformat.wordpress.com/2011/05/18/nexus-repository/
I am following the above link to setup Maven and Nexus, everything new. I couldn't left a new comment there so I post here.
After so long, I am in another company, when I tried to setup a simple sample in my local PC, I got this error in "mvn deploy" to the simple Maven my-app sample. I installed the simple Nexus Open Source w/o Tomcat.
[WARNING] Could not transfer metadata com.mycompany.app:my-app:1.0-SNAPSHOT/maven-metadata.xml from/to snapshots (localhost:8081/nexus/content/repositories/snapshots): Access denied to: localhosts:8081/nexus/content/repositories/snapshots/com/mycompany/app/my-app/1.0-SNAPSHOT/maven-metadata.xml , ReasonPhrase:Forbidden.
In your settings.xml located in MAVEN_HOME/conf you have to add in servers section
<server>
<id>nexus-releases</id>
<username>deploy</username>
<password>123456</password>
</server>
And in your pom must looks like
<distributionManagement>
<repository>
<id>nexus-releases</id>
<url>http://localhost:8081/nexus/content/repositories/releases</url>
</repository>
</distributionManagement>
Ids have to be the same.
Richard Seddon resolved my issue in nexus-users group.
Add this to nonProxyHosts:
localhost
You need to be authorized to run deployment. This is done by having the server section in your settings.xml. Check out the Nexus eval guide, specifically the publishing section and the sample projects in there for more detail.
I have installed nexus on my local machine. I want my pom file to point to this repo. How can I add my custom repository to my pom.xml file?
From Maven - Settings Reference
The repositories for download and deployment are defined by the repositories and distributionManagement elements of the POM. However, certain settings such as username and password should not be distributed along with the pom.xml. This type of information should exist on the build server in the settings.xml.
<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0
http://maven.apache.org/xsd/settings-1.0.0.xsd">
...
<servers>
<server>
<id>server001</id>
<username>my_login</username>
<password>my_password</password>
<privateKey>${user.home}/.ssh/id_dsa</privateKey>
<passphrase>some_passphrase</passphrase>
<filePermissions>664</filePermissions>
<directoryPermissions>775</directoryPermissions>
<configuration></configuration>
</server>
</servers>
...
</settings>
id: This is the ID of the server (not of the user to login as) that matches the id element of the repository/mirror that Maven tries to connect to.
username, password: These elements appear as a pair denoting the login and password required to authenticate to this server.
privateKey, passphrase: Like the previous two elements, this pair specifies a path to a private key (default is ${user.home}/.ssh/id_dsa) and a passphrase, if required. The passphrase and password elements may be externalized in the future, but for now they must be set plain-text in the settings.xml file.
filePermissions, directoryPermissions: When a repository file or directory is created on deployment, these are the permissions to use. The legal values of each is a three digit number corrosponding to *nix file permissions, ie. 664, or 775.
Note: If you use a private key to login to the server, make sure you omit the element. Otherwise, the key will be ignored.
All you should need is the id, username and password
The id and URL should be defined in your pom.xml like this:
<repositories>
...
<repository>
<id>acme-nexus-releases</id>
<name>acme nexus</name>
<url>https://nexus.acme.net/content/repositories/releases</url>
</repository>
...
</repositories>
If you need a username and password to your server, you should encrypt it.
Maven Password Encryption
First of all I can highly recommend reading the Nexus book. It will explain the benefits of using a Maven repository manager.
There is a section on how to configure your Maven build to use Nexus:
http://www.sonatype.com/books/nexus-book/reference/config.html
This leads me to question why you altering your POM file? I suspect what you really want to do is setup Nexus as a remote repository mirror. This is done in your Maven settings file.
The following tells Maven use Nexus as your default repository (Instead of Maven Central)
<settings>
..
..
<mirrors>
<mirror>
<id>nexus</id>
<url>http://localhost:8081/nexus/content/groups/public</url>
<mirrorOf>central</mirrorOf>
</mirror>
</mirrors>
This is desired behaviour since your Nexus repository is configured to cache artifacts retrieved from Central (which is good for build performance).
Note:
The "public" repository group could include other repositories proxied by your Nexus instance (Not just Maven Central). You probabily want this behaviour, as it centralizes all repository management. It just makes your build less portable for people outside of your organization.
It seems the answers here do not support an enterprise use case where a Nexus server has multiple users and has project-based isolation (protection) based on user id ALONG with using an automated build (CI) system like Jenkins. You would not be able to create a settings.xml file to satisfy the different user ids needed for different projects. I am not sure how to solve this, except by opening Nexus up to anonymous access for reading repositories, unless the projects could store a project-specific generic user id in their pom.xml.
From the Apache Maven site
<project>
...
<repositories>
<repository>
<id>my-internal-site</id>
<url>http://myserver/repo</url>
</repository>
</repositories>
...
</project>
"The repositories for download and deployment are defined by the repositories and distributionManagement elements of the POM. However, certain settings such as username and password should not be distributed along with the pom.xml. This type of information should exist on the build server in the settings.xml." - Apache Maven site - settings reference
<servers>
<server>
<id>server001</id>
<username>my_login</username>
<password>my_password</password>
<privateKey>${user.home}/.ssh/id_dsa</privateKey>
<passphrase>some_passphrase</passphrase>
<filePermissions>664</filePermissions>
<directoryPermissions>775</directoryPermissions>
<configuration></configuration>
</server>
</servers>
If you don't want or you cannot modify the settings.xml file, you can create a new one at the root of your project, and call maven passing it as a parameter with the -s argument:
$ mvn COMMAND ... -s settings.xml
From maven setting reference, you can not put your username/password in a pom.xml
The repositories for download and deployment are defined by the repositories and distributionManagement elements of the POM. However, certain settings such as username and password should not be distributed along with the pom.xml. This type of information should exist on the build server in the settings.xml.
You can first add a repository in your pom and then add the username/password in the $MAVEN_HOME/conf/settings.xml:
<servers>
<server>
<id>my-internal-site</id>
<username>yourUsername</username>
<password>yourPassword</password>
</server>
</servers>
our Nexus repository is configured to use repository-target permissions:
user1 can deploy to com.company.group1,
user2 can deploy to com.company.group2, etc.
can we have both user1 and user2 credentials for the same Maven repository in .m2/settings.xml file? will Maven try them both if permission is denied for one of them?
I use properties in distributionManagement, like-
<distributionManagement>
<repository>
<id>releases</id>
<url>${url.releases}</url>
</repository>
<snapshotRepository>
<id>snapshots</id>
<url>${url.snapshots}</url>
</snapshotRepository>
<site>
<id>site</id>
<url>${url.site}</url>
</site>
</distributionManagement>
My settings.xml has profiles that define these properties for target repositories. The <id> are matched with the <server> in the settings.xml, so you could use different <id> for different username/password/repository combination. In settings.xml, setup <activeProfiles> to the default profile you need for your deployment. When you need to switch to a different profile, you can do so on the command line.
You could e.g. use different profiles for each user and set user name and password as properties in those profiles. Then you could activate the profile depending on what user you want to work as at the moment. You could also set one of the profiles to be active by default so that you don't have to always use a profile name in your invocations.
Another way to do it would be to have separate settings.xml files for the users and specify the desired one with the -s flag for the maven invocation.
You can't mix credentials in the same settings.xml file, as far as I know; seems this would be a large security hole. Each user should have his own login on your build machine; then each person has his own .m2/settings.xml and .m2/settings-security.xml files (you need the latter to encrypt passwords). Each user adds <server> entries with ids matching the ids in the <distributionManagement> section for the projects being deployed.
I am trying to deploy a zip file to a remote inhouse maven repo.(artifactory integrated into hudson).
pom.xml
...
<modelVersion>4.0.0</modelVersion>
<groupId>mygroupId</groupId>
<artifactId>myartifactid</artifactId>
<version>1.0-SNAPSHOT</version>
<distributionManagement>
<repository>
<id>hudson</id>
<name>hudson-releases</name>
<url>http://url to repo</url>
</repository>
</distributionManagement>
...
settings.xml
<servers>
<server>
<id>hudson</id>
<username>username</username>
<password>password</password>
</server>
</servers>
maven deploy
mvn deploy:deploy-file -Durl=http://url -Dfile=file-1.0.0.zip -Dpackaging=zip -DpomFile=pom.xml
maven quits with return code 401.
Looking at artifactory's logs
2011-07-15 13:52:50,090 [DENIED DEPLOY] libs-release-local:somefile.zip for anonymous/192.168.220.146.
I don't understand why maven doesn't use the supplied credentials.
What am i doing wrong here ?
Tip to solve the problem with the clear text password:
Access and login into Artifactory.
Once you are logged in, click over your user name, on the superior right corner of the screen.
Put your password then clique in the em Unlockbutton, enabling the encrypted password.
Copy the tag that will be showed on the inferior part of the screen and paste it into the settings.xml file. If you prefer to just copy the password, be sure about let it exactly equals the tag showed below, including the "\" at the beginning of the password.
Remember to adjust the tag with the id of your server, defined into the tag, in your POM.xml
Click in Update button and ready! Check if everything will occur well at the next project's publication.
DonĀ“t forget to check that what you put on <distributionManagement> at your pom.xml corresponds to what is on the tags of your .m2/settings.xml.
Hudson is most likely caching settings.xml. You can try to reload configuration from the disk using this url http://your-hudson-url:8081/hudson/reload or restart the container Hudson is running on. Worked for me.
For some reason using a POM file didn't work. So i had to do it from command line.
mvn deploy:deploy-file -Durl=http://url -Dfile=file-1.0.0.zip -Dpackaging=zip -DartifactId=aid -DgroupId=groupId -DrepositoryId=repId -Dversion=1.0-SNAPSHOT
I still do not know why this worked. Also , i didn't have to change settings.xml from what i listed before.
EDIT
Also, on the home tab in artifactory, you can get maven settings by clicking "Maven settings->Generate Settings" .
Maven is not set to use preemptive authentication by default and has some issues when being challenged.
You can try configuring Maven's HttpClient Wagon to do preemptive authentication (http://maven.apache.org/guides/mini/guide-http-settings.html), though I rarely managed to get it working properly.
Since you're using Jenkins\Hudson, you might want to take a look at the Jenkins\Hudson - Artifactory plugin:
https://wiki.jenkins-ci.org/display/JENKINS/Artifactory+Plugin
http://wiki.hudson-ci.org/display/HUDSON/Artifactory+Plugin
You're publishing a snapshot version but you haven't specified a snapshotRepository tag in the distributionManagement section of your POM. Alternatively try and deploy a normal version and see if that works
Update Maven configuration details and add the credentials of nexus:
credentials: admin