Reputation: 3416
How to force authentication to Archiva internal repository?
big problem. My Archiva internal repo (and maybe snapshot repo, although I don't know yet as I have not put any snapshots in there yet) seem to be accessible to the public.
I.e. if someone wanted the surefire plugin from my repo, they could download it by simply going to https://my.repo.url.com/archiva/repository/internal/org/apache/maven/surefire/surefire-junit3/2.7.1/surefire-junit3-2.7.1.jar
They could download the file right then and there. Would be a shame if there were actual project jar's and such in there also available to the general public and I can't seem to figure out how to disable private access to save the life of me.
I authenticate via LDAP.
Thanks!
Upvotes: 3
Views: 2409
Answers (2)
Reputation: 5867
To expand on Raghuram's answer, you should consider using different managed repositories for your own releases, as opposed to those proxied from an internet repository (as internal is configured to do by default).
Part of the confusion here is the legacy name of internal, which no longer accurately represents its meaning.
Upvotes: 2
Related Questions
- now getting 401 unauthorized in jenkins when deploying artifact to archiva maven repo
- why can't i upload artifact to archiva (Unauthorized), but i can download from it with admin user?
- Maven private remote repository setup
- Why can't I download an artifact from Archiva? ReasonPhrase: Unauthorized
- Managing local maven repository with Apache Archiva - licenses
- Set maven to use archiva repositories WITHOUT using activeByDefault?
- How to setup Archiva internal+snapshot repository for Maven?
- How do I configure Maven to log in to username/password protected repository hosted by Nexus?
- maven local repository proxy external
- How to configure a mirror setting for internal /external repository access