Configuring Maven for Artifacts Resolution from Artifactory
Auto Settings Generation
The easiest way to set up Maven to use Artifactory is to use the automatic settings generator from the Home tab and then
Generate and save the
Provisioning Dynamic Settings for Users
You can deploy and provision a dynamic settings template for your users.
Once downloaded, settings are generated according to your own logic and can automatically include user authentication information.
Refer to the Provisioning Build Tool Settings section under Filtered Resources.
The Default Global Repository
The simplest way for setting up Maven to use Artifactory proxy is to configure a Maven repository with the following URL:
This URL is Artifactory's built-in global virtual repository and it lets Artifactory search through all repositories (local and remote), for any artifacts Maven is fetching.
You can create and use a dedicated virtual (or local) repository to limit Artifactory searches to that specific repository.
The Maven repository URL should appear as:
Overriding the Built-in Repositories
If your Artifactory is configured correctly, you should override the built-in central and snapshots repositories of Maven, so that no request is ever sent directly to them.
Insert the following into your parent POM or settings.xml (under an active profile):
Additional "Mirror-any" Setup
You can use the "Mirror Any" feature on top of the previous setup, and have Artifactory act as a redirecting proxy for any Maven repository, including those defined inside POMs of plug-ins and third party dependencies (although this is bad practice, but unfortunately, not uncommon). This ensures no unexpected requests are made to external repositories introduced by such POMs.
Insert the following into your settings.xml:
Do not use "Mirror Any" as your only resolution rule. Use it to enforce any artifacts resolution to be made strictly through Artifactory.
The "Mirror Any" proxying configuration works for defined repositories. It supersedes, but does not hide, the built-in
It defines a coarse-grained proxying rule that does not differentiate between releases and snapshots and relies on the defined repositories to do this resolution filtering.
You can uncheck the Global Anonymous Access checkbox from the Admin tab and then
Users must have Read Access on repositories they want to resolve artifacts from. You must also ensure your
Artifactory offers a unique feature that ensures you do not have to use clear text passwords in your settings, so it is highly recommended to use this feature.
Watch the Screencast