How do I use the new JBoss Maven repository from behind a corporate firewall?

Question

I have a dependency on Hibernate 3.5.3 which is only available to me from the new JBoss Maven repository is hosted on Sonatype's Nexus and all the URLs are secured with HTTPS.

I can access this repository from behind my corporate firewall via the web browser. But Maven is unable to resolve the artifacts.

I see the following warning at the start of the build:

[WARNING] Unable to get resource 'org.hibernate:hibernate-core:pom:3.5.3-Final' from repository jboss.org (https://repository.jboss.org/nexus/content/repositories/releases): Error transferring file: repository.jboss.org

I expected that adding the following the the section of the global settings.xml should have done the trick for me:

<proxy>
    <id>http.proxy</id>
    <active>true</active>
    <protocol>http</protocol>
    <username>me</username>
    <password>private</password>
    <host>proxy.somecompany.com</password>
    <port>80</port>
    <nonProxyHosts>*.somecompany.com</nonProxyHosts>
 </proxy>
<proxy>
    <id>https.proxy</id>
    <active>true</active>
    <protocol>https</protocol>
    <username>me</username>
    <password>private</password>
    <host>proxy.somecompany.com</password>
    <port>80</port> <!-- tried 443 too -->
    <nonProxyHosts>*.somecompany.com</nonProxyHosts>
 </proxy>

But it it doesn't work for me.

In my pom.xml I have the following repository dependency declared:

 <repository>
     <id>jboss.org</id>
     <name>JBoss Repository</name>
     <url>https://repository.jboss.org/nexus/content/repositories/releases</url>
 </repository>

I am constrained to using Maven 2.0.8 but I have checked and it doesn't work on Maven 2.2.1 either.

Answer 1

This was fixed in recent Maven versions (starting 3.0-alpha something, don't remember the exact issue #). Works in 3.0.3-SNAPSHOT

Answer 2

It will really come down to what your company has done to setup their firewall. If the firewall requires NTLMv2 authentication then Maven won't do that alone (it's supposed to work soon, but I tried on the v3 alpha without any luck).

While it may not be the ideal solution you are looking for, I found that the best case for this kind of thing is to install CNTLM and a local repository proxy within the firewall (such as Sonatype Nexus, Jfrog's Artifactory, or Apache Archiva.

CNTLM just plain works (TM). It took about 15 minutes to install and play around with and I haven't had to think about it since.

I've used Artifactory and Nexus and they are both pretty comparable. I've read that Artifactory comes preloaded with most of the popular Maven sites so you may not have to fiddle with it as much. (I definitely had to add several third party repos to Nexus). You can get a good comparison of them here.

An added benefit of this solution is that your builds should be significantly faster (and your team will thank you).