20.6. Securely Accessing Maven Repositories

Overview

In a Fabric environment, you can implement basic authentication for secure access to Maven repositories. To do this, you add some configuration settings to the default container profile.

Obtain encrypted Maven passwords

The default profile has the maven-settings.xml template file and the maven-settings-secure.xml template file. You need to update these files to specify encrypted Maven passwords. Before you can do that, you must obtain an encryption of the master Maven password and and an encryption of the ordinary Maven password as follows:
  1. Invoke the fabric:maven-password command to view Maven security settings:
    JBossFuse:karaf@root> fabric:maven-password 
    Maven security configuration in Fabric environment defined in io.fabric8.maven and io.fabric8.agent PID.
    Security settings file: /data/servers/jboss-fuse-6.3.0.redhat-311/etc/maven-settings-security.xml
    Encrypted Maven master password: {PMFs1x/vuOMHhjzIZpzst/d5Kpna+WqNu3P15ZcIP8g=}
  2. Decrypt the master Maven password that is in the security settings:
    JBossFuse:karaf@root> fabric:maven-password -d
    Maven security configuration in Fabric environment defined in io.fabric8.maven and io.fabric8.agent PID.
    Security settings file: /data/servers/jboss-fuse-6.3.0.redhat-311/etc/maven-settings-security.xml
    Decrypted Maven master password: fabric:changeit
  3. Obtain an encryption for the master Maven password by entering it twice at the prompts:
    JBossFuse:karaf@root> fabric:maven-password --encrypt-master-password 
    Master Maven password: 
    Verify master Maven password: 
    Encrypted master Maven password to use in security-settings.xml: {94gq/tbm0IYHZl4M6BstgfnY/iErAy+GKlfXiptLL/Q=}
  4. Obtain an encryption for the regular Maven password:
    JBossFuse:karaf@root> fabric:maven-password --encrypt-password 
    Looking up master Maven password in /data/servers/jboss-fuse-6.3.0.redhat-311/etc/maven-settings-security.xml... Done!
    Maven password: 
    Verify Maven password: 
    Encrypted Maven password to use in settings.xml for server and proxy authentication: {WCUxIVlatO4HZG2xrqtVBziJIeDTTuVK1oCNEA2eKEQ=}

Procedure

To securely access Maven repositories in a Fabric environment:
  1. Obtain an encrypted master Maven password and an encrypted regular Maven password, as described in the previous section.
  2. In the default profile, configure io.fabric8.agent.properties/org.ops4j.pax.url.mvn.repositories as follows:
    org.ops4j.pax.url.mvn.repositories= http://localhost:8081/repository/maven-releases@id=nexus
  3. In the default profile, edit the maven-settings.xml file to specify the encrypted regular Maven password. For example:
    <servers>
       <server>
          <id>nexus</id>
          <username>developer</username>
          <password>{WCUxIVlatO4HZG2xrqtVBziJIeDTTuVK1oCNEA2eKEQ}</password>
        </server>
        ...
    </servers>
  4. In the default profile, edit the maven-settings-security.xml file to specify the encrypted master Maven password. For example:
    <settingsSecurity>
       <master>{94gq/tbm0IYHZl4M6BstgfnY/iErAy+GKlfXiptLL/Q=}</master>
    </settingsSecurity>
  5. Refresh the default profile so that fabric-agent uses the updated configuration:
    profile-refresh default
  6. Restart the fabric-maven bundle so that the updates are available to the Maven URI handler and to the fabric-maven-proxy bundle:
    bundle:stop io.fabric8.fabric-maven
    bundle:start io.fabric8.fabric-maven