Skip to end of metadata
Go to start of metadata
Table of Contents

Configuring Maven for Artifacts Resolution from Artifactory

Auto Settings Generation

The easiest way to set up Maven to use Artifactory is to use the automatic settings generator from the Home tab and then Client Settings -> Maven Settings.

Generate and save the settings.xml file into your Maven home directory.

Configuring apache maven

Field NameDescription
ReleasesThe repository of the chosen releases.
SnapshotsThe repository of the chosen snapshots.
Plugin ReleasesThe repository of the chosen plugins releases.
Plugin SnapshotsThe repository of the chosen plugins snapshots.
Mirror AnyMark this checkbox if you want to mirror the repository.

Provisioning Dynamic Settings for Users

You can deploy and provision a dynamic settings template for your users.

Once downloaded, settings are generated according to your own logic and can automatically include user authentication information.

Refer to the Provisioning Build Tool Settings section under Filtered Resources.

The Default Global Repository

The simplest way for setting up Maven to use Artifactory proxy is to configure a Maven repository with the following URL:

This URL is Artifactory's built-in global virtual repository and it lets Artifactory search through all repositories (local and remote), for any artifacts Maven is fetching.

You can create and use a dedicated virtual (or local) repository to limit Artifactory searches to that specific repository.

The Maven repository URL should appear as:

Overriding the Built-in Repositories

If your Artifactory is configured correctly, you should override the built-in central and snapshots repositories of Maven, so that no request is ever sent directly to them.

Insert the following into your parent POM or settings.xml (under an active profile):

Additional "Mirror-any" Setup

You can use the "Mirror Any" feature on top of the previous setup, and have Artifactory act as a redirecting proxy for any Maven repository, including those defined inside POMs of plug-ins and third party dependencies (although this is bad practice, but unfortunately, not uncommon). This ensures no unexpected requests are made to external repositories introduced by such POMs.

Insert the following into your settings.xml:


Do not use "Mirror Any" as your only resolution rule. Use it to enforce any artifacts resolution to be made strictly through Artifactory.

The "Mirror Any" proxying configuration works for defined repositories. It supersedes, but does not hide, the built-in central and snapshots repositories, unless overridden by the user.

It defines a coarse-grained proxying rule that does not differentiate between releases and snapshots and relies on the defined repositories to do this resolution filtering.

Configuring Authentication

You can uncheck the Global Anonymous Access checkbox from the Admin tab and then Security -> General and use secure downloads with Maven.

Users must have Read Access on repositories they want to resolve artifacts from.  You must also ensure your settings.xml file contains a server definition with the repository ID used for artifacts resolution (downloads) and with valid user name and password.

Artifactory offers a unique feature that ensures you do not have to use clear text passwords in your settings, so it is highly recommended to use this feature.

Synchronizing Authentication Details for Same-URL Repositories

When using authenticated downloads Maven uses the user name and password defined in your settings.xml to authenticate against Artifactory repositories.

Your settings.xml may contain other server definitions (with different server IDs) used for authenticating to deployment repositories or to other download repositories.

If you have repository definitions (either for deployment or download) that are using the same URL, Maven takes the authentication details (from the matching server definition) of the first repository encountered and uses it for the life-time of the running build for all repositories with the same URL.

This might cause authentication to fail if you are using different authentication details between such repositories, and you might receive 401 errors for your downloads or deployments. Unfortunately, this is an inherent Maven problem which is beyond the control of Artifactory and the only solution is to use the same authentication details in your settings.xml if they are going to be used by same-URL repositories.

Watch the Screencast

  • No labels