I'm trying to use jackson at a json project. And Maven is ignoring my local repository (where I have the library already set, from a previous project) and downloading from codehaus repo.
The catch is that my workplace has blocked access to external repos, so I must use local repository for this. How do I force Maven to look first at local and use the library there?
Thanks in advance
Please set the Local Repository Path in eclipse that maps to your local repo path..
Go to Windows->Preferences->Maven->User Settings and change the settings.xml and your local repository path..
If these both are correctly located then it should check to the local repo first
Having to move my development environment offsite in response to COVID-19, my environment had not been established to directly connect to various public repositories since we were mirroring those repos in our server at the office. However, my Maven was still contacting public repositories for our in-house releases. This was odd, because I already had our in-house releases in my local repo.
The solution was to update the Maven configuration, in my settings.xml. Define profiles, a profile for the office and a profile for offsite. In the offsite profile, in addition to the public repos we were already mirroring at the office, I also defined a repository that matched the name, id, and URL of our server at the office where we stored our in-house releases - identically. This allowed Maven to see that the library it was looking for did in-fact come from that repository and didn't need to go looking for it because it was already in the local repo. It also didn't matter that Maven wasn't going to be able to connect to the office server, it just needed to be defined.
Before:
Downloading from central: https://repo.maven.apache.org/maven2/com/mycompany/test-core/1.1.0/test-core-1.1.0.pom
Downloading from jboss-releases: https://repository.jboss.org/nexus/content/repositories/releases/com/mycompany/test-core/1.1.0/test-core-1.1.0.jar
Downloading from repository-apache-org: https://repository.apache.org/content/groups/public/com/mycompany/test-core/1.1.0/test-core-1.1.0.pom
[WARNING] The POM for com.mycompany:test-core:jar:1.1.0 is missing, no dependency information available
This was a library we had produced and released ourselves, definitely not at Maven Central. Maven was just hunting around for it - lost with no direction.
I defined a new repo in the offsite profile, a repo that my environment definitely would not be able to connect to due to existing company firewall rules:
<repository>
<id>leroy-releases</id>
<name>Development Release Repository</name>
<url>http://leroyhost:8080/repository/maven-releases/</url>
<layout>default</layout>
<releases>
<enabled>true</enabled>
<updatePolicy>interval:15</updatePolicy>
</releases>
<snapshots>
<enabled>false</enabled>
</snapshots>
</repository>
Please note, the profile section includes its own repositories section in which the repository section above must be defined in. You also need to activate the offsite profile:
<activeProfiles>
<!--activeProfile>main-developer-profile</activeProfile-->
<activeProfile>offsite-snapshots</activeProfile>
</activeProfiles>
I named the profile snapshots because without access to our office repository, no one is doing any releases out "in the field".
After:
Maven no longer searched the public repos for our in-house release artifacts. It consulted my local repo and found all of our releases there.
Related
I recently set up a password protected Artifactory server. A Jenkins server is deploying my artifacts to a maven repository on that Artifactory server.
Here is the problem:
The new builds are nor available at runtime (in IntelliJ) neither in Maven (when building). To get maven to update, I've to delete the artifacts from my local repo.
How can I tell Maven/IntelliJ to always check for the newest version?
Even that wasn't doing anything:
<releases>
<enabled>true</enabled>
<updatePolicy>always</updatePolicy>
</releases>
<snapshots>
<enabled>true</enabled>
<updatePolicy>always</updatePolicy>
</snapshots>
There are the cases to deal with:
Releases. Not Maven nor Artifactory will never check for a newer binary if a release binary of the same version exists in the local cache (~/.m2/repository cache for Maven or remote repository cache for Artifactory). The only way to force Artifactory and Maven to re-fetch a release artifact is to delete it from the cache. Do not use the same version for different blob, ever.
Snapshots. Although there is a difference between unique (file names end with timestamps) and non-unique (file names end with -SNAPSHOT and thus they violate the rule I just wrote, so don't use them), their retrieval policy is the same: Maven consider them expirable resources, it will occasionally check for a new blob, posted under the same version. Artifactory does the same: occasionally the expirable resource is declared "expired", so next time Maven asks for this resource, Artifactory will fetch to the remote repository to check for a new blob, posted under the same version. In both tools you can control the cache period and "zap the cache" manually.
In Maven <update-policy/> controls how often Maven checks for new snpashots, and the --update-snapshots flag forces Maven to check immediately.
In Artifactory the Retrieval Cache Period parameter in remote repository configuration controls how often Artifactory checks for new snapshots, and the Zap Caches action on the remote repository in the artifact browser screen makes sure that Artifactory will check for new snapshots on the next request.
When I run an integration test for my project, it is trying to search in a repo that is being pulled transitively and I need to wait for time out. I blacklisted that repo like this.
<repository>
<id>seacrh-snapshots</id>
<name>Exodus Snapshot Repository</name>
<url>http://repo URL/</url>
<releases>
<enabled>false</enabled>
</releases>
<snapshots>
<enabled>false</enabled>
</snapshots>
</repository>
but it is still pulling this repo when I run the IT test:
Downloading: URL repo/maven-metadata.xml
Is there anything else that need to be changed?
I strongly recommend to use a Maven Repository Manager such as Nexus. It will help you to get stable and reproducible builds with Maven. You can disable Repositories there (or Nexus can handle this for you as well).
http://www.sonatype.com/books/nexus-book/reference/maven-sect-single-group.html
http://maven.apache.org/repository-management.html
Normally, when maven runs it goes to fetch artifacts in the following order
it check your local .m2/repositories folder
if it can't find the artifact then it reads your pom / parent pom/ super Pom / user level setting.xml/ global setting.xml - in that order to find external repositories to download the artifacts from, usually these repo are either directly from the internet (like the pre-configured default maven repositories) or local private repo managers(like nexus, Artifactory).
Maven will execute the repo as in the order in which they are declared.
First of all, check your project effective-pom that nothing else is overriding your configuration. either in the terminal by typing mvn help:effective-pom on the project root dir or easily in eclipse "effective pom" view of your pom.
Otherwise, it's a good use-case for you to consider installing local repository manager as you would not always need to fetch externally your third party dependencies everytime you run maven.
i would recommend Artifactory much better than the nexus.
I believe there's a maven command you can execute to download and install a plugin in the local repository. Something like:
mvn plugin:download -DartifactId=maven-war-plugin
-DgroupId=org.apache.maven.plugins -Dversion=2.1.1
-Dmaven.repo.remote=http://www.ibiblio.org/maven,http://maven-plugins.sourceforge.net/repository
I know that this should normally happen when you build a project whose pom.xml references this plugin, but the security policy where I work is abnormal, so I need to manually install plugins.
The syntax above doesn't seem to work, does anyone know how to do this under Maven 3.0.2?
The above syntax is for Maven 1.0, which operated very differently from Maven 2.0 and Maven 3.0. You should continue to reference the plugin as you would - via the POM in this case or via the command-line directly for some types of commands. To strictly control what artifacts get downloaded, you can use a repository manager (such as Apache Archiva, Artifactory or Nexus) to intervene (as well as add several interesting features).
Here is how to force Maven to use the managed repository instead: http://archiva.apache.org/docs/1.3.4/userguide/using-repository.html
You can either add only the artifacts you want to use to that, or configure rules about what can be retrieved externally (e.g. http://archiva.apache.org/docs/1.3.4/adminguide/proxy-connectors.html)
The optimal way to deal with plugin and other artifact installation is to implement an instance of a Maven repository on your LAN. Products such as Nexus are open-source and easy to set up. Once up and running, upload your Plugin manually to Nexus. Then add your own local Nexus instance as a plugin repository inside of the settings.xml file for the developers who need it:
<pluginRepositories>
<pluginRepository>
<id>mycorp-plugin-release</id>
<name>My Companys Nexus repository for plugin artifact releases</name>
<url>https://intranet.mycorp.com/nexus/content/repositories/releases</url>
<releases>
<enabled>true</enabled>
</releases>
<snapshots>
<enabled>false</enabled>
</snapshots>
</pluginRepository>
</pluginRepositories>
Seriously...it'll take a day to set up initially, but will make your life easier and shouldn't violate ANY security policy. It'll also help to ensure that all developers are using the exact same version of the plugin.
I want to limit maven to use only private/not public maven repository, do these two settings have the same effect ?
1.Setting mirror in settings.xml
<mirrors>
<mirror>
<id>my-internal-site</id>
<mirrorOf>*</mirrorOf>
<name>our maven repository</name>
<url>http://myserver/repository</url>
</mirror>
</mirrors>
2.Setting repository in pom.xml
<repositories>
<repository>
<id>my-internal-site</id>
<name>our maven repository</name>
<url>http://myserver/repo</url>
</repository>
</repositories>
Again the requirement is that maven never goes out to public repositories even if some dependencies are not there on the internal repository. thank you
No they don't have the same effect.
The second setting add a new repository as a "complement" to central but doesn't prevent Maven to check central by itself.
The first one forces Maven to use a single repository by having it mirror all repository requests (by setting mirrorOf to *). This is the way to use a single repository.
What you're looking for is thus the first setting and need to be defined in the settings.xml.
Now, adding your corporate repository in the ~/.m2/settings.xml file of each machine can be a bit painful and what I like to do in a corporate environment is to distribute and install a "customized" version of Maven containing the mirror predefined in conf/settings.xml. This way, people just have to install the "corporate" version and they are ready to go.
No, they mean different things:
In the first example, you said that the given repository is a mirror of all repositories, including the official one.
In the second example, you simply add a new repository. In case a dependency is not found in the local repository, Maven will then look in this repository after having searched in the official repository.
Thus, to force the usage of an internal repository, you must configure the mirror in your settings.xml file.
This is explained in the official documentation of Maven.
I'm working on a fairly big Maven project. We have probably around 70 or so individual artifacts, which are roughly split into two libraries of shared code and maybe ten applications which use them. All of these items live in the namespace com.mycompany.*.
Most of the time we're running against snapshot builds. So to do a full build of an application, I might first build the library projects so that they are installed to my local repository (as, say, mycompany-libname-2.4-SNAPSHOT.jar).
The problem is that when I then go build the applications. For some reason, Maven wants to check the main two public repositories (maven-net-repo and java-net-repo) for updates for all of the mycompany-*-SNAPSHOT.jar artifacts. Of course, they aren't found there, and everything eventually resolves back to the versions I just built to my local repository, but I'd like Maven to stop doing this because (a) it makes me feel like a bad net.citizen for constantly checking these repositories for things that will never be there, and (b) it adds some unnecessary and annoying network latency into my build process.
I've taken to running maven in offline mode most of the time to work around this, but that's not ideal since occasionally a dependency on a public library will be updated. So what I'm looking for is a solution which will cause Maven not to check for updates from given repositories for artifacts which meet certain criteria - in this case, I'd be happy if Maven would ignore either SNAPSHOT versions or artifacts which were in the com.mycompany namespace.
Also, you can use -o or --offline in the mvn command line which will put maven in "offline mode" so it won't check for updates. You'll get some warning about not being able to get dependencies not already in your local repo, but no big deal.
Something that is now available in maven as well is
mvn goal --no-snapshot-updates
or in short
mvn goal -nsu
The updatePolicy tag didn't work for me. However Rich Seller mentioned that snapshots should be disabled anyways so I looked further and noticed that the extra repository that I added to my settings.xml was causing the problem actually. Adding the snapshots section to this repository in my settings.xml did the trick!
<repository>
<id>jboss</id>
<name>JBoss Repository</name>
<url>http://repository.jboss.com/maven2</url>
<snapshots>
<enabled>false</enabled>
</snapshots>
</repository>
Update: I should have probably started with this as your projects are SNAPSHOTs. It is part of the SNAPSHOT semantics that Maven will check for updates on each build. Being a SNAPSHOT means that it is volatile and subject to change so updates should be checked for. However it's worth pointing out that the Maven super POM configures central to have snapshots disabled, so Maven shouldn't ever check for updates for SNAPSHOTs on central unless you've overridden that in your own pom/settings.
You can configure Maven to use a mirror for the central repository, this will redirect all requests that would normally go to central to your internal repository.
In your settings.xml you would add something like this to set your internal repository as as mirror for central:
<mirrors>
<mirror>
<id>ibiblio.org</id>
<name>ibiblio Mirror of http://repo1.maven.org/maven2/</name>
<url>http://path/to/my/repository</url>
<mirrorOf>central</mirrorOf>
</mirror>
</mirrors>
If you are using a repository manager like Nexus for your internal repository. You can set up a proxy repository for proxy central, so any requests that would normally go to Central are instead sent to your proxy repository (or a repository group containing the proxy), and subsequent requests are cached in the internal repository manager. You can even set the proxy cache timeout to -1, so it will never request for contents from central that are already on the proxy repository.
A more basic solution if you are only working with local repositories is to set the updatePolicy for the central repository to "never", this means Maven will only ever check for artifacts that aren't already in the local repository. This can then be overridden at the command line when needed by using the -U switch to force Maven to check for updates.
You would configure the repository (in your pom or a profile in the settings.xml) as follows:
<repository>
<id>central</id>
<url>http://repo1.maven.org/maven2</url>
<updatePolicy>never</updatePolicy>
</repository>
Very simple :
In your Super POM parent or setting.xml, use
<repository>
<id>central</id>
<releases>
<updatePolicy>never</updatePolicy>
</releases>
<snapshots>
<updatePolicy>never</updatePolicy>
</snapshots>
<url>http://repo1.maven.org/maven2</url>
<layout>legacy</layout>
</repository>
It's my tips
I had some trouble similar to this,
<repository>
<id>java.net</id>
<url>https://maven-repository.dev.java.net/nonav/repository</url>
<layout>legacy</layout>
</repository>
<repository>
<id>java.net2</id>
<url>https://maven2-repository.dev.java.net/nonav/repository</url>
</repository>
Setting the updatePolicy to "never" did not work. Removing these repo was the way I solved it.
ps: I was following this tutorial about web services (btw, probably the best tutorial for ws for java)