Accessing an Artifactory/Maven Repo that requires basic-auth

Question

I have an Artifactory repo that sits behind basic authentication. How would I configure the settings.xml to allow access?

<mirrors>
    <mirror>
        <id>artifactory</id>
        <mirrorOf>*</mirrorOf>
        <url>https://myserver.example.com/artifactory/repo</url>
        <name>Artifactory</name>
    </mirror>
</mirrors>
<servers>
    <!--
        This server configuration gives your personal username/password for
        artifactory. Note that the server id must match that given in the
        mirrors section.
    -->
    <server>
        <id>Artifactory</id>
        <username>someArtifactoryUser</username>
        <password>someArtifactoryPassword</password>
    </server>

So server tag is the user credentials for the artifactory user, but I also need to provide another user/password to get through the basic-auth. Where would I put that?!?

score 17 · Answer 1 · edited May 23 '17 at 10:29

17

The username and password go in the server settings as you have them. I think your problem is that you've specified the server by its name (Artifactory), rather than its id (artifactory).

I'd recommend you put the server settings in your user settings rather than the global settings. You can also encrypt the password in Maven 2.1.0+, see the mini guide for details.

Update: What version of Artifactory are you using? There is a discussion and corresponding issue that basic-auth fails. This has apparently been fixed in 2.0.7 and 2.1.0.

From the discussion, it seems that a workaround is to pass the properties via the command line, e.g.

-Dhttp.proxyHost=proxy -Dhttp.proxyPort=8080 -Dproxy.username=... -Dhttp.password=...

Update: To let your Maven installation connect through a firewall, you'll need to configure the proxy section of the settings.xml, see this question for some pointers on doing that.

Update2: There are additional properties you can set in the server settings, see this blog for some background. I've not had an opportunity to test this, but from the blog and related http wagon javadoc, it appears you can set authenticationInfo on the server settings, something like this:

<server>  
  <id>Artifactory</id>
  <username>someArtifactoryUser</username>
  <password>someArtifactoryPassword</password>
  <configuration>  
    <authenticationInfo>
      <userName>auth-user</userName>
      <password>auth-pass</password>
    </authenticationInfo>
  </configuration>  
</server>

edited May 23 '17 at 10:29

Community

1
1

answered Aug 15 '09 at 06:49

Rich Seller

83,208
23
172
177

Thanks for the Maven encryption tip... The name/id conflict isn't the issue though. The problem still remains that I have two sets of credentials to work with. – harschware Aug 15 '09 at 17:13
The proxy settings might apply to configuring my Maven to get through to the server. I tried putting them in place but am having no luck. The issues you cite above, seem to be about getting Artifactory to communicate through a firewall. In my case I am trying to get Maven to communicate to an Artifactory that sits behind basic-auth. I will continue trying proxy settings, and post any updates. Thanks. – harschware Aug 17 '09 at 15:23
Sorry I thought I had posted a link to the proxy mini guide already, looking at my answer again it seems not. If you configure your proxy settings in the settings.xml it allows Maven to get outside the firewall. – Rich Seller Aug 17 '09 at 15:30
1

But, what does it mean to get through a firewall? (not to sound dense). In my case I have Maven on my local box, and Artifactory is on https on "myserver.example.com". Testing with my browser I can see JAR URLs at "myserver.example.com" but am challenged with basic-auth login. In reality there is a firewall, but I get passed it with VPN-client on the local box. I know this because I can fetch JARs manually with the browser. – harschware Aug 17 '09 at 20:00
1

If you look in your browser, you'll see if you're using a proxy to connect to the net (on IE it's Tools->Internet Options...->Connections->LAN Settings->Proxy Server and on Firefox its Tools->Options->Advanced->Network-Settings...). If you are using a proxy you need to configure Maven's proxy settings with the same values for the proxy host and port, the username and password will be your domain user and password – Rich Seller Aug 17 '09 at 20:07
That is helpful, thanks. It confirms I do not use a proxy server. Can Maven be made to authenticate the URL using basic-auth? – harschware Aug 17 '09 at 21:03
I think your "Update2" is probably the solution to my problem. For the moment, I am hung up on some other technical issues that are preventing me from validating that. Once I get by those, I'll mark your answer as a valid one. ( In any case, thanks for all the awesome help ) – harschware Aug 19 '09 at 14:40
The technical issues I spoke of have been removed and I had a chance to test. As stated above the configuration did not work. The only other thing I could think to try so far was to wrap the password in a CDATA section. No luck there either. – harschware Aug 24 '09 at 22:19
It should work. According to this issue (http://jira.codehaus.org/browse/WAGON-129) it was resolved a while back. I don't have a server to test against, but it is entirely possible my snippet has some typo that stops it working. Do you have a domain for your username when logging on? e.g. for me it is HBEU/, that might also be an issue – Rich Seller Aug 24 '09 at 22:26
I don't need a domain. I can authenticate via basic-auth through my browser and so I know the proper username/password. I'll keep trying. I tried changing to: httpclient ...no effect. Also, the maven XSD is kind of weak. It does not specify what are valid tags within the tag. So I'll have to scour the web some to see if I can find another example... – harschware Aug 24 '09 at 22:53
I determined I had used the tag userName as username. That got Maven attempting to connect I think. Now it says "Authorization failed: Not authorized." Still working this one. – harschware Aug 25 '09 at 14:43
sounds like progress. Did you see my previous comment about specifying the domain in the username? – Rich Seller Aug 25 '09 at 14:51
On a whim I changed password to passWord. if I do it says "Unable to apply wagon configuration". Good, so if I don't see that then I have the tags correct. When correct, I see "[WARNING] Unable to get resource 'XXX' from repository artifactory (YYY/artifactory/repo): Authorization failed: Access denied to: XXX". At this point I think it must be a Maven bug. – harschware Aug 25 '09 at 15:18
It sounds like it might be a bug, you can raise a JIRA at the same location as the WAGON-129 issue above. – Rich Seller Aug 25 '09 at 15:36
I seem to be experiencing something similar. All the documents online seem to deal with a Proxy and ignore the idea that the Repository server ITSELF can be behind NTLM or Basic Auth which is not the same as a HTTP Proxy server. – Andrew T Finnell Jun 06 '18 at 14:19

score 8 · Answer 2 · answered Jun 11 '12 at 18:11

8

I was able to use the following configuration to enable HTTP basic authentication - by writing the necessary HTTP headers manually. In my situation I used it to access the build artifacts on my Go server as a poor man's staging repository.

    <server>
        <id>go</id>
        <configuration>
            <httpHeaders>
                <property>
                    <name>Authorization</name>
                    <!-- Base64-encoded "guest:guest" -->
                    <value>Basic Z3Vlc3Q6Z3Vlc3Q=</value>
                </property>
            </httpHeaders>
        </configuration>
    </server>

answered Jun 11 '12 at 18:11

Esko Luontola

73,184
17
117
128

1

The regular way (username and password without configuration element) doesn't seem to work when the password is empty, this does! – Davio Jun 15 '16 at 06:24
https://maven.apache.org/guides/mini/guide-http-settings.html#http-headers – Jesse Glick Sep 10 '21 at 18:24

Pmt · Answer 3 · 2013-03-10T17:34:46.917

Tip to solve the problem with the clear text password:

Access and login into Artifactory.
Once you are logged in, click over your user name, on the superior right corner of the screen.
Put your password then clique in the em Unlockbutton, enabling the encrypted password.
Copy the tag that will be showed on the inferior part of the screen and paste it into the settings.xml file. If you prefer to just copy the password, be sure about let it exactly equals the tag showed below, including the "\" at the beginning of the password.
Remember to adjust the tag with the id of your server, defined into the tag, in your POM.xml
Click in Update button and ready! Check if everything will occur well at the next project's publication.

score 0 · Answer 4 · answered May 06 '21 at 11:39

Most of the time this happens due to following reasons

Settings.xml is not found inside the ~/.m2/conf or ~/.m2 directories
Settings.xml doesn't contain the correct credentials Username or the API Key to access the Artifactory
Cannot access the Artifactory mentioned in the Settings.xml with the given credentials

You can see what Maven looks for in what directories... Running with -e -X options will show these details

Sometimes the Settings.xml file may be placed inside a different directory, so when you build locally, maven cannot find it inside ~/.m2 or ~/.m2/conf directories. For e.g if the project uses buildkite, it may be inside a directory that buildkite can access during the build process. In that case, just copy the same Settings.xml file into ~/.m2.

To find the aritifactory, logon to the url using your email/password and go to profile and locate the username and the API Key like in the pic.

Then check the repository is correct in Settings.xml

Accessing an Artifactory/Maven Repo that requires basic-auth

4 Answers4

Linked