Skip to end of metadata
Go to start of metadata
Table of Contents

Note: This space is for Artifactory 2.0.
Take me to the latest version!

Introduction

The quickest way for setting up Maven to use Artifactory proxy is to configure a Maven repository with the following URL:
<host>:<port>/artifactory/repo
This URL will make artifactory look through all repositories (local and remote), for any artifacts maven is fetching.

You can create and use a dedicated virtual (or local) repository to limit Artifactory searches to that specific repository:
The maven repository URL should look like:
<host>:<port>/artifactory/<repo_name>

Overriding the Built-in Repositories

If your Artifactory is configured correctly, you should override the built-in central and snapshots repositories of Maven, so that no request will be ever sent directly to them.
Insert the following into your parent POM or settings.xml (under an active profile):

Additional "Mirror-any" Setup

You can also use the "mirror any" feature on top of the previous setup, and have Artifactory act as a redirecting proxy for any Maven repository, including ones defined inside POMs of plug-ins and of third party dependencies (which is bad practice, but unfortunately, not uncommon). This will make sure no unexpected requests will be made to external repositories introduced by such POMs.

Insert the following into your settings.xml:

Caveat

Don't use "mirror any" by itself, as your only resolution rule. Use it to enforce any artifacts resolution to be made strictly through Artifactory.
The "mirror any" proxying configuration works for defined repositories. It will supersede, but not hide, the built-in central and snapshots repositories, unless overridden by the user. It defines a coarse-grained proxying rule that does not differentiate between releases and snapshots, and relies on the defined repositories to do this resolution filtering.

Configuring Authentication

You can turn off the Global Anonymous Access flag (Admin:Security:General) and use secured downloads with Maven. Users will have to have Read access on repositories they wish to resolve artifacts from.
You will also have to make sure your settings.xml file contains a server definition with the repository id used for artifacts resolution (downloads) and with valid user name and password.
Artifactory offers a unique feature that makes sure you do not have to use clear text passwords in your settings, so it is highly recommended to use this feature.

Synchronizing Authentication Details for Same-URL Repositories

When using authenticated downloads Maven will use the user name and password defined in your settings.xml to authenticate against Artifactory repositories.
Your settings.xml may contain other server definitions (with different server ids) used for authenticating to deployment repositories or to other download repositories.
If you have repository definitions (either for deployment or download) that are using the same URL, Maven will take the authentication details (from the matching server definition) of the first repository encountered and will use it for the life-time of the running build for all repositories with the same URL.
This might cause authentication to fail if you are using different authentication details between such repositories, and you might receive 401 errors for your downloads or deployments.
Unfortunately, this is an inherent Maven problem which is beyond the control of Artifactory and the only solution is to use the same authentication details in your settings.xml if they are going to be used by same-URL repositories.

  • No labels