Show Table of Contents
14.6. Securely Accessing Maven Repositories
Overview
In a Fabric environment, you can implement basic authentication for secure access to Maven repositories. To do this, you add some configuration settings to the
default container profile.
Obtain encrypted Maven passwords
The
default profile has the maven-settings.xml template file and the maven-settings-secure.xml template file. You need to update these files to specify encrypted Maven passwords. Before you can do that, you must obtain an encryption of the master Maven password and and an encryption of the ordinary Maven password as follows:
- Invoke the
fabric:maven-passwordcommand to view Maven security settings:JBossFuse:karaf@root> fabric:maven-password Maven security configuration in Fabric environment defined in io.fabric8.maven and io.fabric8.agent PID. Security settings file: /data/servers/jboss-fuse-6.3.0.redhat-311/etc/maven-settings-security.xml Encrypted Maven master password: {PMFs1x/vuOMHhjzIZpzst/d5Kpna+WqNu3P15ZcIP8g=} - Decrypt the master Maven password that is in the security settings:
JBossFuse:karaf@root> fabric:maven-password -d Maven security configuration in Fabric environment defined in io.fabric8.maven and io.fabric8.agent PID. Security settings file: /data/servers/jboss-fuse-6.3.0.redhat-311/etc/maven-settings-security.xml Decrypted Maven master password: fabric:changeit - Obtain an encryption for the master Maven password by entering it twice at the prompts:
JBossFuse:karaf@root> fabric:maven-password --encrypt-master-password Master Maven password: Verify master Maven password: Encrypted master Maven password to use in security-settings.xml: {94gq/tbm0IYHZl4M6BstgfnY/iErAy+GKlfXiptLL/Q=} - Obtain an encryption for the regular Maven password:
JBossFuse:karaf@root> fabric:maven-password --encrypt-password Looking up master Maven password in /data/servers/jboss-fuse-6.3.0.redhat-311/etc/maven-settings-security.xml... Done! Maven password: Verify Maven password: Encrypted Maven password to use in settings.xml for server and proxy authentication: {WCUxIVlatO4HZG2xrqtVBziJIeDTTuVK1oCNEA2eKEQ=}
Procedure
To securely access Maven repositories in a Fabric environment:
- Obtain an encrypted master Maven password and an encrypted regular Maven password, as described in the previous section.
- In the
defaultprofile, configureio.fabric8.agent.properties/org.ops4j.pax.url.mvn.repositoriesas follows:org.ops4j.pax.url.mvn.repositories= http://localhost:8081/repository/maven-releases@id=nexus
- In the
defaultprofile, edit themaven-settings.xmlfile to specify the encrypted regular Maven password. For example:<servers> <server> <id>nexus</id> <username>developer</username> <password>{WCUxIVlatO4HZG2xrqtVBziJIeDTTuVK1oCNEA2eKEQ}</password> </server> ... </servers> - In the
defaultprofile, edit themaven-settings-security.xmlfile to specify the encrypted master Maven password. For example:<settingsSecurity> <master>{94gq/tbm0IYHZl4M6BstgfnY/iErAy+GKlfXiptLL/Q=}</master> </settingsSecurity> - Refresh the
defaultprofile so thatfabric-agentuses the updated configuration:profile-refresh default
- Restart the
fabric-mavenbundle so that the updates are available to the Maven URI handler and to thefabric-maven-proxybundle:bundle:stop io.fabric8.fabric-maven bundle:start io.fabric8.fabric-maven
Where did the comment section go?
Red Hat's documentation publication system recently went through an upgrade to enable speedier, more mobile-friendly content. We decided to re-evaluate our commenting platform to ensure that it meets your expectations and serves as an optimal feedback mechanism. During this redesign, we invite your input on providing feedback on Red Hat documentation via the discussion platform.