Maven Repo Proxy - Without Caching Functionality

https://stackoverflow.com/questions/19679107

01-07-2022
|

Pergunta

Another department has a maven repository on their network. This includes external 3rd-party artifacts (java libs), as well as their own artifacts (their own software).

I would like to be able to access their repository, as I cannot access maven central (security policy) for 3rd-party libraries.

Their server is behind a firewall, and they will not grant me access to the required ports - as they are concerned with me having access to their artifacts.

Therefore, I would like to suggest to them that they set up a "Maven Proxy" for me. This would have only one upstream repo (their full repo) but would need to filter the artifacts, so I can't access anything from the "com.mycompany.theirdepartment" part of the tree.

It is likely that this proxy would sit on the same server as the original repo - i.e. on their resources, not mine. This is straightforward if we roll out a brand-new instance of nexus, archiva or artifactory.

I could then ask for the firewall changes so I can access this proxy which only grants me access to the non-sensitive parts of the tree.

However, the standard roll-out of the applications above would involve their own caches. I.e. they'd cache the data that they got from the upstream "full" repo. This is likely to cause all the artifacts to be stored twice on the server - on their server.... which they're not going to be happy with!

Can anyone suggest a tool (or configuration thereof) that will act purely as a proxy, which will not cache the dependencies it pulls from upstream?

I realise this is a horrible requirement, but corporate politics are throwing common-sense out of the window!

One obvious alternative is to user users/credentials. They're using archiva at the moment and I can't find any documentation on being able to set this up easily / reliably. Asking them to move to Nexus and set this up properly is much more invasive than a proxy -- and would have to be a last-resort if there's not a tool I can use as per the above...

Solução

Number of answers here:

If the repository you are willing to access is Artifactory, it's very easy to configure the needed permissions by using include/exclude patterns (i.e. exclude com/mycompany/theirdepartment/**/*.*)
If their repository is not a proper binary repository, your idea of having Artifactory in front without storing artifacts is a good one. It achieved by triggering one checkbox in Artifactory: Do Not Store Artifacts Locally.

Outras dicas

For Apache Archiva have a look here: http://archiva.apache.org/docs/1.4-M4/adminguide/proxy-connector-rules.html

http://archiva.apache.org/docs/1.4-M4/adminguide/proxy-connectors.html (white/black list)

Licenciado em: CC-BY-SA com atribuição

Não afiliado a StackOverflow