简体繁体 English

Maven 安全 HTTPS 存储库和 JDK5

[英]Maven secure HTTPS repository and JDK5

原文 2020-01-29 07:05:11 3 1 java/ maven/ maven-3/ java-5

Since January 2020, maven has switched their repo from HTTP to HTTPS.自 2020 年 1 月以来，maven 已将其存储库从 HTTP 切换到 HTTPS。 In order my project (running with Java 5 + maven 3.1.1) to download the repos i changed in my pom.xml the repos to look to: https://repo.maven.apache.org/maven2 This worked fine and now maven tries to access the dependencies from the secure repository.为了我的项目（使用 Java 5 + maven 3.1.1 运行）下载我在 pom.xml 中更改的存储库，要查看的存储库： https : //repo.maven.apache.org/maven2这工作正常，现在maven 尝试从安全存储库访问依赖项。 Trying to build/clean my project i faced following issues:尝试构建/清理我的项目时，我遇到了以下问题：

Issue 1 Trying to mvn clean my project without any further arguments i receive following error: Could not transfer artifact org.apache.maven.plugins:maven-clean-plugin:pom:2.5 from/to central ( https://repo.maven.apache.org/maven2 ): peer not authenticated -> [Help 1]问题 1在没有任何进一步参数的情况下尝试 mvn 清理我的项目我收到以下错误：无法传输工件 org.apache.maven.plugins:maven-clean-plugin:pom:2.5 from/to central ( https://repo.maven .apache.org/maven2 ）：对等方未通过身份验证 -> [帮助 1]

I tried to bypass the error by adding following arguments: mvn -Dmaven.wagon.http.ssl.insecure=true -Dmaven.wagon.http.ssl.allowall=true clean我试图通过添加以下参数来绕过错误： mvn -Dmaven.wagon.http.ssl.insecure=true -Dmaven.wagon.http.ssl.allowall=true clean

New error: Could not transfer artifact org.apache.maven.plugins:maven-clean-plugin:pom:2.5 from/to central ( https://repo.maven.apache.org/maven2 ): Remote host closed connection during handshake: SSL peer shut down incorrectly -> [Help 1]新错误：无法传输工件 org.apache.maven.plugins:maven-clean-plugin:pom:2.5 from/to central ( https://repo.maven.apache.org/maven2 )：握手期间远程主机关闭连接: SSL peer 错误关闭 -> [帮助 1]

Further attemp by adding alos the following argument: -Dhttps.protocols=TLSv1.2,TLSv1.1 Resolves to a new error:通过添加以下参数进一步尝试： -Dhttps.protocols=TLSv1.2,TLSv1.1解决新错误：

Could not transfer artifact org.apache.maven.plugins:maven-clean-plugin:pom:2.5 from/to central ( https://repo.maven.apache.org/maven2 ): TLSv1.2 -> [Help 1]无法传输工件 org.apache.maven.plugins:maven-clean-plugin:pom:2.5 from/to central ( https://repo.maven.apache.org/maven2 ): TLSv1.2 -> [Help 1]

Issue 2 I tried to with a different approach by using the certificate provided from https://repo.maven.apache.org/maven2/ I import the certificate into a trust store and tried to use this with the following maven command:问题 2我尝试使用从https://repo.maven.apache.org/maven2/提供的证书以不同的方法将证书导入信任库并尝试使用以下 maven 命令使用它：

mvn -Djavax.net.ssl.trustStore=C:\\PortableApps\\trust.jks -Djavax.net.ssl.trustStorePassword=pass -Djavax.net.ssl.keyStore=C:\\PortableApps\\trust.jks -Djavax.net.ssl.keyStoreType=jks -Djavax.net.ssl.keyStorePassword=pass clean mvn -Djavax.net.ssl.trustStore=C:\\PortableApps\\trust.jks -Djavax.net.ssl.trustStorePassword=pass -Djavax.net.ssl.keyStore=C:\\PortableApps\\trust.jks -Djavax.net。 ssl.keyStoreType=jks -Djavax.net.ssl.keyStorePassword=pass clean

The error is the same as previous again Could not transfer artifact org.apache.maven.plugins:maven-clean-plugin:pom:2.5 from/to central ( https://repo.maven.apache.org/maven2 ): peer not authenticated -> [Help 1]错误与之前的相同无法传输工件 org.apache.maven.plugins:maven-clean-plugin:pom:2.5 from/to central ( https://repo.maven.apache.org/maven2 ): peer未通过身份验证 -> [帮助 1]

I start to believe, that this is not goign to work with Java 5 due to the limitations of the JVM.我开始相信，由于 JVM 的限制，这不适用于 Java 5。 As a last resolution, i find the usage of the insecure repo http://insecure.repo1.maven.org/maven2/ but i want to go do this as my very last option.作为最后一个解决方案，我发现使用不安全的 repo http://insecure.repo1.maven.org/maven2/但我想把它作为我最后的选择。 Any further suggestions?有什么进一步的建议吗？

Note笔记

On another project with Java 7, i was able to resolve all the issues by using the latest maven version 3.6.3在另一个使用 Java 7 的项目中，我能够使用最新的 Maven 版本 3.6.3 解决所有问题
Since the project is compatible only with Java 5, i am limited in using maven version up to 3.1.1由于该项目仅与 Java 5 兼容，因此我只能使用 3.1.1 以下的 maven 版本

1 个解决方案

I ended up using the insecure maven repo http://insecure.repo1.maven.org/maven2/ in order to make it work with Java 5 (build/run).我最终使用了不安全的 maven repo http://insecure.repo1.maven.org/maven2/以使其与 Java 5（构建/运行）一起使用。

Alternative, as some already suggested in the comments, you may use JDK 7 for your build process in order to download the dependencies from the secure maven repository and Java 5 for running your app.或者，正如一些评论中已经建议的那样，您可以在构建过程中使用 JDK 7，以便从安全的 maven 存储库和 Java 5 下载依赖项以运行您的应用程序。

As it seems, there is no way in accessing the secure maven repo while using Java 5 due to the lack of TLSv1.2 support which maven seems to use ( https://central.sonatype.org/articles/2018/May/04/discontinued-support-for-tlsv11-and-below/?__hstc=31049440.13cc707ef0d169390d4d7ac8ba12c78e.1571910247825.1579506965027.1580304556973.4&__hssc=31049440.1.1580304556973&__hsfp=1122763312 )看起来，由于缺乏 maven 似乎使用的 TLSv1.2 支持（ https://central.sonatype.org/articles/2018/May/04），在使用 Java 5 时无法访问安全的 maven 存储库/discontinued-support-for-tlsv11-and-below/?__hstc=31049440.13cc707ef0d169390d4d7ac8ba12c78e.1571910247825.1579506965027.1580304556973.4&__hssc=31049440.1.1580304556973&__hsfp=1122763312 ）