Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

What is the correct way of forcing maven to use HTTPS for maven central?

Tags:

java

maven

Recently sonatype enabled maven central to support https (background information). I've now added the following snippet to my pom.xml to force using https everywhere:

<!-- force https --> <repositories>     <repository>         <id>central</id>         <url>https://repo1.maven.org/maven2</url>         <snapshots>             <enabled>false</enabled>         </snapshots>     </repository> </repositories> <pluginRepositories>     <pluginRepository>         <id>central</id>         <url>https://repo1.maven.org/maven2</url>         <snapshots>             <enabled>false</enabled>         </snapshots>     </pluginRepository> </pluginRepositories> 

Questions:

  • Is this sufficient? Or will there be still http involved somewhere?
  • Is this the correct way of doing it? As I've read that I should do this in the settings.xml instead. But then others using my (open source) project won't use the secure connection.

Update

It does not look sufficient as for e.g. the assembly plugin still HTTP is used:

[INFO] --- maven-assembly-plugin:2.4:single (make-assembly) @ graphhopper-web --- Downloading: http://repo.maven.apache.org/maven2/org/slf4j/slf4j-jdk14/1.5.6/slf4j-jdk14-1.5.6.jar 
like image 328
Karussell Avatar asked Aug 19 '14 21:08

Karussell


People also ask

How do I change from HTTP to https in Maven?

The solution is very easy, you just need to replace the urls to maven central repository (and maybe other main repositories) to https instead of http. That's all!!! In case, you have never defined the repositories url and you are using the default values, you just need to add the new repositories with https.

How do I access Maven central repository?

Google's Maven repository can be accessed from https://maven.google.com (an alternative URL is https://dl.google.com/dl/android/maven2/). If you are using Gradle 4.1 or higher, you can use it by adding google() to your repositories configuration in your build.

What happened to Central Maven org?

Beginning January 15, 2020, The Central Repository will no longer support communication over HTTP. Any attempts to access http://repo1.maven.org and http://repo.maven.apache.org/ will result in an error, and users will need to update their builds to resolve dependencies over HTTPS.

What is Maven Central URL?

Maven Central Repository URL – https://repo.maven.apache.org/maven2.


1 Answers

You don't have to place it into all POMs one by one. I'd rather suggest to add the following code into MAVEN_HOME\conf\settings.xml into <profiles> section:

<profile>     <id>maven-https</id>     <activation>         <activeByDefault>true</activeByDefault>     </activation>     <repositories>         <repository>             <id>central</id>             <url>https://repo1.maven.org/maven2</url>             <snapshots>                 <enabled>false</enabled>             </snapshots>         </repository>     </repositories>     <pluginRepositories>         <pluginRepository>             <id>central</id>             <url>https://repo1.maven.org/maven2</url>             <snapshots>                 <enabled>false</enabled>             </snapshots>         </pluginRepository>     </pluginRepositories>  </profile> 

This will be always an active setting unless you disbale/override it in your POM when needed.

like image 77
Ellrohir Avatar answered Oct 16 '22 04:10

Ellrohir