Using Artifactory 6.x ?
JFrog Artifactory 6.x User Guide
Have a question? Want to report an issue?Contact JFrog support
Skip to end of metadata
Go to start of metadata
Overview
As a Maven repository, Artifactory is both a source for artifacts needed for a build, and a target to deploy artifacts generated in the build process.Maven is configured using asettings.xmlfile located under your Maven home directory(typically, this will be/user.home/.m2/settings.xml). For more information on configuring Maven please refer to theApache Maven Project Settings Reference.
The default values in this file configure Maven to work with a default set of repositories used to resolve artifacts and a default set of plugins.
To work with Artifactory you need to configure Maven to perform the following two steps:
Once your Maven build is configured, Artifactory also provides tight integration with commonly used CI servers (such asJenkins,TeamCityor aBamboo) through a set of plugins that you can freely install and use.
Viewing Maven Artifacts
If you select a Maven metadata file (maven-metadata.xml) or a POM file (pom.xml) in the Tree Browser, Artifactory provides corresponding tabs allowing you to view details on the selected item.
Maven Metadata View
POM View
Resolving Artifacts through Artifactory
To configure Maven to resolve artifacts through Artifactory you need to modify thesettings.xml.You can generate one automatically, or modify it manually.
自动ally Generating Settings
To make it easy for you to configure Maven to work with Artifactory, Artifactory can automatically generate asettings.xmlfile which you can save under your Maven home directory.
The definitions in the generatedsettings.xmlfile override the defaultcentralandsnapshotrepositories of Maven.
In theArtifact Repository Browserof theArtifactsmodule, selectSet Me Up.In theSet Me Updialog, setMavenin theToolfield and click "Generate Maven Settings". You can now specify the repositories you want to configure for Maven.
Releases |
The repository from which to resolve releases |
Snapshots |
The repository from which to resolve snapshots |
Plugin Releases |
The repository from which to resolve plugin releases |
Plugin Snapshots |
The repository from which to resolve plugin snapshots |
Mirror Any |
When set, you can select a repository that should mirror any other repository. For more details please refer toAdditionalMirror AnySetup |
Once you have configured the settings for Maven you can click "Generate Settings" to generate and save thesettings.xmlfile.
Provisioning Dynamic Settings for Users
You can deploy and provision a dynamic settings template for your users.
Once downloaded, settings are generated according to your own logic and can automatically include user authentication information.
For more details, please refer to theProvisioning Build Tool SettingsunderFiltered Resources.
Manually Overriding the Built-in Repositories
To override the built-incentralandsnapshotrepositories of Maven, you need to ensure that Artifactory is correctly configured so that no request is ever sent directly to them.
Using the automatically generated file as a template
You can use the automatically generatedsettings.xmlfile as an example when defining the repositories to use for resolving artifacts.
To do so, you need to insert the following into your parent POM orsettings.xml(under an active profile):
central http://[host]:[port]/artifactory/libs-release false snapshots http://[host]:[port]/artifactory/libs-snapshot false central http://[host]:[port]/artifactory/plugins-release false snapshots http://[host]:[port]/artifactory/plugins-snapshot false
Using the Default Global Repository
You can configure Maven to run with theDefault Global Repositoryso that any request for an artifact will go through Artifactory which will search through all of the local and remote repositories defined in the system.
We recommend that you fine tune Artifactory to search through a more specific set of repositories by defining a dedicated virtual (or local) repository, and configure Maven to use that to resolve artifacts instead.
AdditionalMirror AnySetup
In addition tooverriding built-in Maven repositories, you can use theMirror Any设置将所有请求重定向到一个Maven repository through Artifactory, including those defined inside POMs of plug-ins and third party dependencies. (While it does not adhere to best practices, it is not uncommon for POMs to reference Maven repositories directly). This ensures no unexpected requests directly to Maven are introduced by such POMs.
You can either checkMirror Anyin theMaven Settingsscreen when generating yoursettings.xmlfile, or you can manually insert the following:
artifactory * http://[host]:[port]/artifactory/[virtual repository] Artifactory
Care when using "Mirror Any"
While this is a convenient way to ensure Maven only accesses repositories through Artifactory, it defines a coarse proxying rule that does not differentiate between releases and snapshots and relies on the single specified repository to do this resolution.
Using Mirrors
For more information on using mirrors please refer toUsing Mirrors for Repositoriesin the Apache Maven documentation.
Configuring Authentication
Artifactory requires user authentication in three cases:
- Anonymous access has been disabled by unchecking the globalAllow Anonymous Accesssetting.
- You want to restrict access to repositories to a limited set of users
- When deploying builds (while theoretically possible, it is uncommon to allow anonymous access to deployment repositories)
Authentication is configured in Maven usingsettings.xmlfile.
Each
The sample snippet below emphasizes that theid=centralhas a correspondingid=central.
Similarly, theid=snapshotshas a correspondingid=snapshots.
The same would hold for
In both cases the username isadminand the password is encrypted.
Artifactory加密密码安全access to Maven repositories
To avoid having to use cleartext passwords, Artifactoryencrypts the passwordin the settings.xml file that is generated. For example, in the above sample snippet we can see that the admin user name is specified in cleartext, but the password is encrypted:
Synchronizing authentication details for repositories with the same URL
If you have repository definitions (either for deployment or download) that usethe same URL, Maven takes the authentication details (from the corresponding server definition) of the first repository encountered and uses it for the life-time of the running build for all repositories with the same URL.This may cause authentication to fail (producing 401 errors for downloads or deployment) if you are using different authentication details for the respective repositories.This is inherent Maven behavior and can only be solved by using the same authentication details for all repository definitions with the same URL in yoursettings.xml.
Deploying Artifacts Through Artifactory
Setting Up Distribution Management
To deploy build artifacts through Artifactory you must add a deployment element with the URL of a target local repository to which you want to deploy your artifacts.
To make this easier, Artifactory displays a code snippet that you can use as your deployment element. In theArtifactsmoduleTree Browserselect the repository you want to deploy to and clickSet Me UP.The code snippet is displayed underDeploy.
Remember that you can not deploy build artifacts to remote, so you should not use them in a deployment element.
Setting Up Security in Maven Settings
Whendeploying your Maven builds through Artifactory, you must ensure that anysettings.xmlfile with a valid username and password as described inConfiguring Authenticationabove. For the example displayed above, the Maven client expects to find asettings.xmlwith
Anonymous access to distribution repository
If anonymous access to your distribution repository is allowed then there is no need to configure authentication. However, while it is technically possible, this is not good practice and is therefore an unlikely scenario
Watch the Screencast
Overview
Content Tools