Maven Build Failure -- DependencyResolutionException

Question

I'm installing a package that has Maven dependency and get a DependencyResolutionException when I try to clean it. After cloning it, I navigate to the directory and run the following to install it with no error:

mvn install:install-file -Dfile=./lib/massbank.jar -DgroupId=massbank  -DartifactId=massbank -Dversion=1.0 -Dpackaging=jar
mvn install:install-file -Dfile=./lib/metfusion.jar -DgroupId=de.ipbhalle.msbi  -DartifactId=metfusion -Dversion=1.0 -Dpackaging=jar

Then:

mvn clean package

with the following console output:

[INFO] Scanning for projects...
[INFO] 
[INFO] --------------------< MassBank2NIST:MassBank2NIST >---------------------
[INFO] Building MassBank2NIST 0.0.2-SNAPSHOT
[INFO] --------------------------------[ jar ]---------------------------------
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time:  0.450 s
[INFO] Finished at: 2021-04-07T01:08:28-04:00
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal on project MassBank2NIST: Could not resolve dependencies for project MassBank2NIST:MassBank2NIST:jar:0.0.2-SNAPSHOT: Failed to collect dependencies at edu.ucdavis.fiehnlab.splash:core:jar:1.8: Failed to read artifact descriptor for edu.ucdavis.fiehnlab.splash:core:jar:1.8: Could not transfer artifact edu.ucdavis.fiehnlab.splash:core:pom:1.8 from/to maven-default-http-blocker (http://0.0.0.0/): Blocked mirror for repositories: [EBI (http://www.ebi.ac.uk/intact/maven/nexus/content/repositories/ebi-repo/, default, releases+snapshots), releases (http://gose.fiehnlab.ucdavis.edu:55000/content/groups/public, default, releases+snapshots)] -> [Help 1]
[ERROR] 
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR] 
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/DependencyResolutionException

I can post the output of the debug logging switch if necessary, but it's quite long. I can also post the pom.xml, however it refers to the repositories as required from what I can tell.

I've searched for similar posts, but none seem to contain the same series of errors or similar. Can someone help me decipher these errors?

Thanks!

Does this answer your question? [How to disable maven blocking external HTTP repositores?](https://stackoverflow.com/questions/67001968/how-to-disable-maven-blocking-external-http-repositores) — Vadzim, Dec 21 '21 at 02:54

Rens Verhage · Accepted Answer · 2021-04-20T08:34:48.637

143

You don't have to downgrade Maven. What happens here is that since 3.8.1, Maven comes with a default configuration to block all HTTP (insecure) repositories. The best way would be to upgrade your repositories and make them secure (HTTPS).

However, you can tell Maven to allow downloading from your insecure repository by adding this mirror to your ~/.m2/settings.xml:

<mirror>
  <id>insecure-repo</id>
  <mirrorOf>external:http:*</mirrorOf>
  <url>http://www.ebi.ac.uk/intact/maven/nexus/content/repositories/ebi-repo/</url>
  <blocked>false</blocked>
</mirror>

Setting blocked to false will fix your issue. Note that above snippet assumes that the repository at www.ebi.ac.uk mirrors all insecure HTTP repositories (which is what external:http:* means).

You can also unblock individual repositories. For example, the JasperSoft repository is insecure, I unblock it with:

<mirror>
  <id>jaspersoft-third-party-mirror</id>
  <mirrorOf>jaspersoft-third-party</mirrorOf>
  <url>http://jaspersoft.jfrog.io/jaspersoft/third-party-ce-artifacts/</url>
  <blocked>false</blocked>
</mirror>

edited Apr 20 '21 at 08:34

answered Apr 16 '21 at 08:37

Rens Verhage

5,688
4
33
51

1

Updated my answer with instructions how to unblock an individual repository. – Rens Verhage Apr 20 '21 at 08:35
Thanks - I realised I was putting my `` declaration inside a profile, so it wasn't being picked up. – DPWork Apr 21 '21 at 07:55
if I get 2 different repositries as repo1 and repo2, then create 2 mirrors for both repos repectively like below, but I still get the error msg. repo1-mirror repo1 http://xx/ false repo2-mirror repo2 http://xxyyy/ false – xuehui Jun 02 '21 at 09:21
The `` tag is now an issue. Facepalm – Ojonugwa Jude Ochalifu May 27 '22 at 06:41

score 42 · Answer 2 · edited Oct 09 '21 at 04:44

42

Open file ${MAVEN_HOME}/conf/settings.xml

And Comment these lines.

<mirror>
    <id>maven-default-http-blocker</id>
    <mirrorOf>external:http:*</mirrorOf>
    <name>Pseudo repository to mirror external repositories initially using HTTP.</name>
    <url>http://0.0.0.0/</url>
    <blocked>false</blocked>
</mirror>

edited Oct 09 '21 at 04:44

Community

1
1

answered May 10 '21 at 15:13

DIVAKAR MANTRI

440
3
9

What version of maven is this? Can't find it – Ojonugwa Jude Ochalifu May 26 '22 at 17:20
@OjonugwaJudeOchalifu happened to me with `3.8.4` – Dariopnc Jul 18 '22 at 16:03
This solution worked great for me. Our internal Artifactory server was setup without SSL. This stopped the failover to "central" after upgrading to maven 3.8.6. Prior we used maven 3.2.1 and the unsecured local repo did not get blocked. Thanks so much. :) – ScottD Dec 02 '22 at 15:56

Maksym · Answer 3 · 2021-12-03T17:43:52.463

If you do not have access to ~/.m2/settings.xml because your build is handled by cloud CI/CD or you want to share this solution with your team members. The best way is to create your own maven setting file in the project.

Create .mvn folder in your project.
Create custom-settings.xml file inside .mvn folder with such content (in this example we unblock http connection for releases.java.net mirror):

<settings xmlns="http://maven.apache.org/SETTINGS/1.2.0"
          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
          xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.2.0 http://maven.apache.org/xsd/settings-1.2.0.xsd">
    <mirrors>
        <mirror>
            <id>releases-java-net-http-unblocker</id>
            <mirrorOf>releases.java.net</mirrorOf>
            <name>releases.java.net</name>
            <url>http://maven.java.net/content/repositories/releases/</url>
            <blocked>false</blocked>
        </mirror>
    </mirrors>
</settings>

Create maven.config file inside .mvn folder with such content:

--settings ../.mvn/custom-settings.xml

Or you can just run mvn clean install --settings .mvn/custom-settings.xml.

DPWork · Answer 4 · 2021-05-18T12:21:32.273

The error "Blocked mirror for repositories" is referred to explicitly in Maven's release note for version 3.8.1:

How to fix when I get a HTTP repository blocked?

If the repository is defined in your pom.xml, please fix it in your source code.

If the repository is defined in one of your dependencies POM, you’ll get a message like:

[ERROR] Failed to execute goal on project test: Could not resolve dependencies for project xxx: Failed to collect dependencies at my.test:dependency:version -> my.test.transitive:transitive:version: Failed to read artifact descriptor for my.test.transitive:transitive:jar:version: Could not transfer artifact my.test.transitive:transitive:pom:version from/to maven-default-http-blocker (http://0.0.0.0/): Blocked mirror for repositories: [blocked-repository-id (http://blocked.repository.org, default, releases+snapshots)]

They go on to offer some ways to avoid the problem:

Options to fix are:

upgrade the dependency version to a newer version that replaced the obsolete HTTP repository URL with a HTTPS one,

keep the dependency version but define a mirror in your settings.

Plus, I suppose, the simpler, shorter-term option would be to roll back your version of Maven to anything prior to 3.8.1.

score 12 · Answer 5 · answered Apr 12 '21 at 09:58

12

Use apache-maven-3.6.3, which uses http only

https://downloads.apache.org/maven/maven-3/3.6.3/binaries/apache-maven-3.6.3-bin.zip

answered Apr 12 '21 at 09:58

Satya Kaveti

346
2
6

1

Thank you for the quick link to a version of maven that doesn't complain if a repo is http instead of https. This worked for me. – Steve Ellis Apr 20 '21 at 19:30
Downvote as rolling back versions is a poor fix which isn't necessary – MikeKulls Dec 15 '22 at 00:53
3.6.3 does not only use (unencrypted) http. It supports HTTPS, but simply does not block unencrypted http by default. – Philippe Cloutier Mar 07 '23 at 20:44

Eric · Answer 6 · 2022-07-28T10:00:32.197

use apache-maven-3.8.1, adding the following in ~/.m2/settings.xml could solve such problem:

<mirrors>
  <mirror>
    <id>internal-repository</id>
    <name>Maven Repository Manager running on https://repo1.maven.org/maven2</name>
    <url>https://repo1.maven.org/maven2</url>
    <mirrorOf>central</mirrorOf>
  </mirror>
</mirrors>

Refer to this link https://maven.apache.org/guides/mini/guide-mirror-settings.html to see why the error occurred.

score 3 · Answer 7 · answered Dec 29 '21 at 08:35

3

I had a similar problem but with Vaadin. There is the simplest solution possible, and it is to replace all http:// with https://

This is an example :

<repository>
    <id>vaadin-addons</id>
    <url>https://maven.vaadin.com/vaadin-addons</url>
</repository>

answered Dec 29 '21 at 08:35

dobrivoje

848
1
9
18

Build succeeded with warning. – Ahmed Ghoneim Oct 04 '22 at 12:17

score 2 · Answer 8 · answered Jan 18 '22 at 23:32

This is due to latest maven blocks insecure HTTP connections. One possibility is adding a mirror to maven settings.xml. Best way is updating the pom file to refer to secure HTTPS repository if it is available. For example I faced the same issue with following config in pom.xml.

<repositories>
    <repository>
        <releases>
            <enabled>true</enabled>
            <updatePolicy>daily</updatePolicy>
            <checksumPolicy>ignore</checksumPolicy>
        </releases>
        <id>wso2-nexus</id>
        <url>http://maven.wso2.org/nexus/content/groups/wso2-public/</url>
    </repository>
</repositories>

I was able to resolve the issue by updating URL as bellow. Here I referred to HTTPS repo which was available in my case.

<url>https://maven.wso2.org/nexus/content/groups/wso2-public/</url>

score 2 · Answer 9 · answered Feb 01 '22 at 18:23

2

For me, I had to downgrade to the older version 3.6.3 from the site and the crazy problem is gone, hope maven community can fix this problem without us doing anything to our settings.xml.

answered Feb 01 '22 at 18:23

Kidane

127
1
4

score 1 · Answer 10 · answered Jan 26 '23 at 19:06

1

New mvn versions do not support http (insecure repos)

answered Jan 26 '23 at 19:06

Ajit Surendran

709
7
4

score 0 · Answer 11 · answered May 20 '21 at 10:32

0

apache-maven-3.6.3-bin will resolve the maven-default-http-blocker (http //0.0.0.0/) blocked Issue (fixed for me) it works for me

answered May 20 '21 at 10:32

Devi Prasad Patnaik

19
2

2

This is the same answer as @Satya Kaveti and the root cause has been explained in detail already. – Scott Kurz May 20 '21 at 18:19

score 0 · Answer 12 · answered Jun 26 '23 at 13:54

You should remove mirror from MVN_DIRECTORY/conf/setting.xml

<mirror>
  <id>maven-default-http-blocker</id>
  <mirrorOf>external:http:*</mirrorOf>
  <name>Pseudo repository to mirror external repositories initially using HTTP.</name>
  <url>http://0.0.0.0/</url>
</mirror>

score -3 · Answer 13 · answered Aug 02 '21 at 12:22

-3

ultimately had to downgrade to mvn 3.5

brew uninstall maven

Instructions to install mvn 3.5 can be found at

https://formulae.brew.sh/formula/maven@3.5

answered Aug 02 '21 at 12:22

Varun J.P

29
9

Maven Build Failure -- DependencyResolutionException

13 Answers13

Linked