14 March 2012

Private repositories in Sonatype Nexus

Bambitroll @ 16:36
Sonatype Nexus is an artifact repository manager very much used when maven is your build tool for a java project. You can use it as a proxy for other repositories but also to host your own artifacts.

By default in Nexus, all repositories are reachable via the anonymous user.

Here is what to do to configure your Nexus server so that (at least) some of your repositories will require credentials to access them.

First you have to prevent the anonymous user to have access to all the repositories:
  1. Create a new Privilege that gives access to you public group (or individual repositories) NOTE: Assigning access to a group is equivalent to assigning these privileges to all of the repositories in the group.
    1. Login to nexus as an administrator.
    2. Click on Privileges in the left menu.
    3. Click Add.
    4. Use the following values:
      1. Name: M2 Public Repositories (Group)
      2. Description: Access to Public Repositories (Group)
      3. Repository: Public Repositories (Group)
      4. Repository Target: All (Maven2)
    5. Save.
  2. Repeat the previous step for all you public groups and/or respositories.
  3. Create a new Role and assign this new privilege to it.
    1. Click on Roles in the left menu.
    2. Click Add.
    3. User the following values:
      1. Role Id: repo-public-read
      2. Name: Repo: All Public Repositories (read)
      3. Description: Read only access to all public repositories.
      4. Session Timeout: 60
      5. Selected Roles / Privileges: M2 Public Repositories (Group) - (read)
      6. NOTE: Include all of the roles you created in the first step.
    4. Save.
  4. Remove the Grant Read all role from the Anonymous user and add the new role.
    1. Click on Users in the left menu.
    2. Click on the anonymous user.
    3. Remove the role 'Repo: All Repositories (read)'
    4. Add the role 'All Public Repositories (read)'
    5. Save.

Once you have done this, you need to create users to access all the non public repositories.
  1. You first create a privilege for your given repo (Security->Privileges then Add)
  2. Then a role (add the view and read part of the privilege created above)
  3. And finally a user and assign him the role just create
  4. Repeat this for as many times as you have repos. If you want to have several users for one repo, then just repeat 3.


The final step is to configure the client side with the proper settings in .m2/settings.xml and in the project pom.xml. like this:
settings.xml
<servers>
   <server>
       <id>myserver</id>
       <username>mrx</username>
       <password>pwd</password>
   </server>
<servers>
pom.xml
<repositories>
   <repository>
       <id>myserver</id>
       <name>myserver</name>
       <url>http://server:8081/nexus/content/repositories/your_repo</url>
   </repository>
</repositories>


Now your repository should be accessible with user and password only.


Some links:
Managing Security with Nexus
Depend on a password protected nexus repository
Can I make a repository private without disabling anonymous access?