Artifactory requires user authentication in three cases:
Anonymous access has been disabled by unchecking the global Allow Anonymous Access setting.
You want to restrict access to repositories to a limited set of users
When deploying builds (while theoretically possible, it is uncommon to allow anonymous access to deployment repositories)
Authentication is configured in Maven using <server>
elements in the settings.xml
file.
Each <repository> and <mirror> element specified in the file must have a corresponding <server> element with a matching <id> that specifies the username and password.
The sample snippet below emphasizes that the <repository>
element with id=central
has a corresponding <server>
element with id=central.
Similarly, the <repository>
element with id=snapshots
has a corresponding <server>
element with id=snapshots
.
The same would hold for <mirror> elements that require authentication.
In both cases the username is admin
and the password is encrypted.
Artifactory encrypts passwords for safe and secure access to Maven repositories
To avoid having to use cleartext passwords, Artifactory encrypts the password in the settings.xml file that is generated. For example, in the above sample snippet we can see that the admin user name is specified in cleartext, but the password is encrypted:
<username>admin</username> <password>\{DESede\}kFposSPUydYZf89Sy/o4wA==</password>
Synchronizing authentication details for repositories with the same URL
If you have repository definitions (either for deployment or download) that use the same URL, Maven takes the authentication details (from the corresponding server definition) of the first repository encountered and uses it for the life-time of the running build for all repositories with the same URL. This may cause authentication to fail (producing 401 errors for downloads or deployment) if you are using different authentication details for the respective repositories.This is inherent Maven behavior and can only be solved by using the same authentication details for all repository definitions with the same URL in your settings.xml
.