Recently sonatype enabled maven central to support https (background information). I've now added the following snippet to my pom.xml to force using https everywhere:
<!-- force https --> <repositories> <repository> <id>central</id> <url>https://repo1.maven.org/maven2</url> <snapshots> <enabled>false</enabled> </snapshots> </repository> </repositories> <pluginRepositories> <pluginRepository> <id>central</id> <url>https://repo1.maven.org/maven2</url> <snapshots> <enabled>false</enabled> </snapshots> </pluginRepository> </pluginRepositories>
Questions:
Update
It does not look sufficient as for e.g. the assembly plugin still HTTP is used:
[INFO] --- maven-assembly-plugin:2.4:single (make-assembly) @ graphhopper-web --- Downloading: http://repo.maven.apache.org/maven2/org/slf4j/slf4j-jdk14/1.5.6/slf4j-jdk14-1.5.6.jar
The solution is very easy, you just need to replace the urls to maven central repository (and maybe other main repositories) to https instead of http. That's all!!! In case, you have never defined the repositories url and you are using the default values, you just need to add the new repositories with https.
Google's Maven repository can be accessed from https://maven.google.com (an alternative URL is https://dl.google.com/dl/android/maven2/). If you are using Gradle 4.1 or higher, you can use it by adding google() to your repositories configuration in your build.
Beginning January 15, 2020, The Central Repository will no longer support communication over HTTP. Any attempts to access http://repo1.maven.org and http://repo.maven.apache.org/ will result in an error, and users will need to update their builds to resolve dependencies over HTTPS.
Maven Central Repository URL – https://repo.maven.apache.org/maven2.
You don't have to place it into all POMs one by one. I'd rather suggest to add the following code into MAVEN_HOME\conf\settings.xml into <profiles>
section:
<profile> <id>maven-https</id> <activation> <activeByDefault>true</activeByDefault> </activation> <repositories> <repository> <id>central</id> <url>https://repo1.maven.org/maven2</url> <snapshots> <enabled>false</enabled> </snapshots> </repository> </repositories> <pluginRepositories> <pluginRepository> <id>central</id> <url>https://repo1.maven.org/maven2</url> <snapshots> <enabled>false</enabled> </snapshots> </pluginRepository> </pluginRepositories> </profile>
This will be always an active setting unless you disbale/override it in your POM when needed.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With