All geek questions in one place

What is the correct way to force maven to use HTTPS for maven center?

Sonatype recently included maven to support https ( reference information ). Now I have added the following snippet of my pom.xml to force the use of https:

<!-- force https --> <repositories> <repository> <id>central</id> <url>https://repo1.maven.org/maven2</url> <snapshots> <enabled>false</enabled> </snapshots> </repository> </repositories> <pluginRepositories> <pluginRepository> <id>central</id> <url>https://repo1.maven.org/maven2</url> <snapshots> <enabled>false</enabled> </snapshots> </pluginRepository> </pluginRepositories>

Questions:

  • is that enough? Or will there be http somewhere else?
  • Is this the right way to do this? Since I read that I should do this in settings.xml instead. But then others using my open source project will not use a secure connection.

Update

It does not look enough, as, for example, the HTTP assembly plugin is used:

 [INFO] --- maven-assembly-plugin:2.4:single (make-assembly) @ graphhopper-web --- Downloading: http://repo.maven.apache.org/maven2/org/slf4j/slf4j-jdk14/1.5.6/slf4j-jdk14-1.5.6.jar
+6
source share
2 answers

This has already been fixed in the latest maven 3.2.3! See change lists !

So install maven 3.2.3 and do 'rm -rf ~ / .m2 / repository / *' for a better feel;)

+9
source

You can do the following to force maven to use one repo:

 <settings> ... <mirrors> <mirror> <id>internal-repository</id> <name>Maven Repository Manager running on https://repo1.maven.org/maven2</name> <url>https://repo1.maven.org/maven2</url> <mirrorOf>*</mirrorOf> </mirror> </mirrors> ... </settings>

You can find more information here .

And also you can use authentication for repo, if you want, the information is here .

0
source

Source: https://habr.com/ru/post/974054/

More articles:


All Articles