How to Configure Maven Authentication for Sonatype Nexus Repository with Disabled Anonymous Access


2 views

When you disable anonymous access in Sonatype Nexus (a common security practice for internet-facing repositories), Maven clients need proper authentication configuration. The confusion typically arises from where and how to set these credentials.

The key lies in Maven's settings.xml file (typically found in ~/.m2/ or %USERPROFILE%\.m2\). You need to:

  1. Define a server entry with your Nexus credentials
  2. Ensure this server ID matches your repository configuration
<settings>
  <servers>
    <server>
      <id>nexus</id>
      <username>deployment</username>
      <password>yourSecurePassword123</password>
    </server>
  </servers>
</settings>

Your project's pom.xml should reference this server ID:

<repositories>
  <repository>
    <id>nexus</id>
    <url>http://your-nexus-server:8081/repository/maven-public/</url>
  </repository>
</repositories>

For better security, consider using Maven's password encryption:

mvn --encrypt-password yourPassword

Then use the output in settings.xml:

<password>{COQLCE6DU6GtcS5P=}</password>

Verify with a simple command:

mvn help:effective-settings

This will show your resolved settings, including the server configuration.

  • 403 Forbidden: Verify username/password and repository permissions in Nexus
  • Connection refused: Check Nexus server availability and firewall settings
  • Server ID mismatch: Ensure the <id> in settings.xml matches exactly with pom.xml

For complex setups with multiple repositories:

<profiles>
  <profile>
    <id>release-repo</id>
    <repositories>
      <repository>
        <id>nexus-releases</id>
        <url>...</url>
      </repository>
    </repositories>
  </profile>
</profiles>

<servers>
  <server>
    <id>nexus-releases</id>
    <username>release_user</username>
    <password>...</password>
  </server>
</servers>

When setting up a private Nexus repository with anonymous access disabled, developers often hit a wall when trying to configure Maven client authentication. This configuration is crucial for secure artifact deployment and retrieval in enterprise environments.

The key configuration lives in Maven's settings.xml file, typically located in either:

  • Global: ${maven.home}/conf/settings.xml
  • User-specific: ~/.m2/settings.xml
<settings>
  <servers>
    <server>
      <id>nexus</id>
      <username>deployment_user</username>
      <password>secure_password123</password>
    </server>
  </servers>
</settings>

Your project's pom.xml should reference the repository with matching server ID:

<repositories>
  <repository>
    <id>nexus</id>
    <url>http://your-nexus-server:8081/repository/maven-public/</url>
  </repository>
</repositories>

<distributionManagement>
  <repository>
    <id>nexus</id>
    <url>http://your-nexus-server:8081/repository/maven-releases/</url>
  </repository>
  <snapshotRepository>
    <id>nexus</id>
    <url>http://your-nexus-server:8081/repository/maven-snapshots/</url>
  </snapshotRepository>
</distributionManagement>

For production environments, consider these security enhancements:

  • Use HTTPS instead of HTTP
  • Encrypt passwords using Maven's password encryption
  • Implement Nexus Realm configuration for proper access control

If authentication fails, verify:

  1. Server ID matches between settings.xml and pom.xml
  2. User has proper permissions in Nexus (nx-repository-view-*-*-* roles)
  3. No special characters in password that might need escaping
  4. Network connectivity to Nexus server