问题
Recently Maven build jobs running in Jenkins are failing with the below exception saying that they could not pull dependencies from Maven Central and should use HTTPS. I am not sure how to change the requests from HTTP to HTTPS. Could someone guide me on this matter?
[ERROR] Unresolveable build extension: Plugin org.apache.maven.wagon:wagon-ssh:2.1 or one of its dependencies could not be resolved: Failed to collect dependencies for org.apache.maven.wagon:wagon-ssh:jar:2.1 (): Failed to read artifact descriptor for org.apache.maven.wagon:wagon-ssh:jar:2.1: Could not transfer artifact org.apache.maven.wagon:wagon-ssh:pom:2.1 from/to central (http://repo.maven.apache.org/maven2): Failed to transfer file: http://repo.maven.apache.org/maven2/org/apache/maven/wagon/wagon-ssh/2.1/wagon-ssh-2.1.pom. Return code is: 501 , ReasonPhrase:HTTPS Required. -> [Help 2]
Waiting for Jenkins to finish collecting data[ERROR] Plugin org.apache.maven.plugins:maven-clean-plugin:2.4.1 or one of its dependencies could not be resolved: Failed to read artifact descriptor for org.apache.maven.plugins:maven-clean-plugin:jar:2.4.1: Could not transfer artifact org.apache.maven.plugins:maven-clean-plugin:pom:2.4.1 from/to central (http://repo.maven.apache.org/maven2): Failed to transfer file: http://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-clean-plugin/2.4.1/maven-clean-plugin-2.4.1.pom. Return code is: 501 , ReasonPhrase:HTTPS Required. -> [Help 1]
回答1:
The reason for the observed error is explained in Central 501 HTTPS Required
Effective January 15, 2020, The Central Repository no longer supports insecure communication over plain HTTP and requires that all requests to the repository are encrypted over HTTPS.
It looks like latest versions of Maven (tried with 3.6.0, 3.6.1) are already using the HTTPS URL by default.
Here are the dates when the major repositories will switch:
Your Java builds might break starting January 13th (if you haven't yet switched repo access to HTTPS)
回答2:
Effective January 15, 2020, The Central Repository no longer supports insecure communication over plain HTTP and requires that all requests to the repository are encrypted over HTTPS.
If you're receiving this error, then you need to replace all URL references to Maven Central with their canonical HTTPS counterparts.
(source)
We have made the following changes in my project's build.gradle:
Old:
repositories {
maven { url "http://repo.maven.apache.org/maven2" }
}
New:
repositories {
maven { url "https://repo.maven.apache.org/maven2" }
}
回答3:
Try to hit the below URL in any browser. It will return 501
http://repo.maven.apache.org/maven2/org/apache/maven/wagon/wagon-ssh/2.1/wagon-ssh-2.1.pom
Please try with https. It will download a pom.xml file:
https://repo.maven.apache.org/maven2/org/apache/maven/wagon/wagon-ssh/2.1/wagon-ssh-2.1.pom
Please add it (https://repo.maven.apache.org/maven2) in the setting.xml file:
<repositories>
<repository>
<id>Central Maven repository</id>
<name>Central Maven repository https</name>
<url>https://repo.maven.apache.org/maven2</url>
</repository>
</repositories>
回答4:
Update the central repository of Maven and use https instead of http.
<repositories>
<repository>
<id>central</id>
<name>Central Repository</name>
<url>https://repo.maven.apache.org/maven2</url>
<layout>default</layout>
<snapshots>
<enabled>false</enabled>
</snapshots>
</repository>
</repositories>
回答5:
I was using an outdated version of Maven (3.0.3 and 3.1). These older versions no longer supports http repositories (as mentioned above). Upgrading to Maven 3.6 was the fix for me.
回答6:
I was using a clean install of Maven/Java on a Docker container.
For me, I had to cd $M2_HOME/conf and edit the settings.xml file there. Add the following block inside <mirrors>...</mirrors>
<mirror>
<id>central-secure</id>
<url>https://repo.maven.apache.org/maven2</url>
<mirrorOf>central</mirrorOf>
</mirror>
回答7:
I have the same issue, but I use GitLab instead of Jenkins. The steps I had to do to get over the issue:
- My project is in GitLab so it uses the .yml file which points to a Docker image I have to do continuous integration, and the image it uses has the http://maven URLs. So I changed that to https://maven.
- That same Dockerfile image had an older version of Maven 3.0.1 that gave me issues just overnight. I updated the Dockerfile to get the latest version 3.6.3
- I then deployed that image to my online repository, and updated my Maven project POM file to use that new image.
- And lastly, I updated my main projects POM file to reference https://maven... instead of http://maven
I realize that is more specific to my setup. But without doing all of the steps above I would still continue to get this error message
Return code is: 501 , ReasonPhrase:HTTPS Required
回答8:
As stated in other answers, https is now required to make requests to Maven Central, while older versions of Maven use http.
If you don't want to/cannot upgrade to Maven 3.2.3+, you can do a workaround by adding the following code into your MAVEN_HOME\conf\settings.xml into the <profiles> section:
<profile>
<id>maven-https</id>
<activation>
<activeByDefault>true</activeByDefault>
</activation>
<repositories>
<repository>
<id>central</id>
<url>https://repo1.maven.org/maven2</url>
<snapshots>
<enabled>false</enabled>
</snapshots>
</repository>
</repositories>
<pluginRepositories>
<pluginRepository>
<id>central</id>
<url>https://repo1.maven.org/maven2</url>
<snapshots>
<enabled>false</enabled>
</snapshots>
</pluginRepository>
</pluginRepositories>
</profile>
This will be always an active setting unless you disable/override it in your POM when needed.
回答9:
Maven is moving to HTTPS and disabling HTTP access
Short story, from January 15, 2020, Maven Central repository is not longer supporting HTTP connections (other repositories are doing the same). Therefore, you will indicate your Maven/Gradle settings to use an HTTPS URL.
Solution:
You can choose one of the following three approaches.
Add a repository in your project´s
pom.xmlfile<project> ... <repositories> <repository> <id>central maven repo</id> <name>central maven repo https</name> <url>https://repo.maven.apache.org/maven2</url> </repository> </repositories> </project>Add the repository into a profile in the
settings.xmlfile.<profile> <id>my profile</id> <repositories> <repository> <id>central maven repo</id> <name>central maven repo https</name> <url>https://repo.maven.apache.org/maven2</url> </repository> </repositories> </profile>- Update you maven version to a new one that uses https values as default. The lastest one at this moment 3.6.3 Download here
For Gradle:
Only replace the URL for the HTTPS version.
repositories {
maven { url "https://repo.maven.apache.org/maven2" }
}
回答10:
I am facing the same problem. There are two solutions that I tried, and both works fine for me.
- Update the Maven version repository (Maven version >= 3.2.3)
- Restrict the current Maven version to use HTTPS links.
Update the Maven version repository:
Download the Apache Maven binary that includes the default https addresses (Apache Maven 3.6.3 binary). And open the Options dialog window in tools of NetBeans menu bar (Java Maven Dialog View). And select browse option in Maven Home List Box (Maven Home List Box View). After adding the Apache Maven newly downloaded version (Updated Maven Home List Box View), the project builds and runs successfully.
Restrict the current Maven version to use HTTPS links:
Include the following code in pom.xml of your project.
<project>
...
<pluginRepositories>
<pluginRepository>
<id>central</id>
<name>Central Repository</name>
<url>https://repo.maven.apache.org/maven2</url>
<layout>default</layout>
<snapshots>
<enabled>false</enabled>
</snapshots>
<releases>
<updatePolicy>never</updatePolicy>
</releases>
</pluginRepository>
</pluginRepositories>
<repositories>
<repository>
<id>central</id>
<name>Central Repository</name>
<url>https://repo.maven.apache.org/maven2</url>
<layout>default</layout>
<snapshots>
<enabled>false</enabled>
</snapshots>
</repository>
</repositories>
</project>
回答11:
For all the corporate coders, ideally, if you get this error, it means that your code base is still being built from open-source community. You need to over ride the "central" repository with your in house company Maven repository manager.
You can go to your settings.xml and override your central repository URL from http:// to https://
<M2_HOME>/conf/settings.xml
Find the mirrors sections and add the following entry:
<mirror>
<id>other-mirror</id>
<name>Other Mirror Repository</name>
<url>https://other-mirror.repo.other-company.com/maven2</url>
<mirrorOf>central</mirrorOf>
</mirror>
In the URL section, if you were using either http://repo1.maven.org/maven2/ or http://repo.maven.apache.org/maven2/ then
Replace http://repo1.maven.org/maven2/ with https://repo1.maven.org/maven2/
Replace http://repo.maven.apache.org/maven2/ with https://repo.maven.apache.org/maven2/
You need to ideally use your company source control management/repository URL over here. As this will block any contact with open source Maven repository community.
As mentioned in other answers, effective from 15 January 2020, the central Maven repository doesn't support insecure communication over plain HTTP.
回答12:
For me also adding a mirror repository in the settings.xml fixed the issue. I am also using Maven inside a docker container.
<mirrors>
<mirror>
<id>https-mirror</id>
<name>Https Mirror Repository</name>
<url>https://repo1.maven.org/maven2</url>
<mirrorOf>central</mirrorOf>
</mirror>
</mirrors>
回答13:
Using Ubuntu 16.04, java 1.8.0_201.
I un-installed old maven and installed Maven 3.6.3, still got this error that Maven dependencies are failing with a 501 error.
Realized it could be a truststore/keystore issue associated with requiring https. Found that you can now configure -Djavax options using a jvm.config file, see: https://maven.apache.org/configure.html.
As I am also using Tomcat I copied the keystore & truststore config from Tomcat (setenv.sh) to my jvm.config and then it worked!
There is also an option to pass the this config in 'export MAVEN_OPTS' (when using mvn generate) but although this stopped the 501 error it created another: it expected a pom file.
Creating a separate jvm.config file works perfectly, just put it in the root of your project.
Hopefully this helps someone, took me all day to figure it out!
回答14:
Try this (click here).
If you are behind a proxy, you can use:
mvn clean install -DproxySet=true -DproxyHost=<your proxy host> -DproxyPort=<port>
回答15:
Add the following repository in pom.xml.
<project>
...
<repositories>
<repository>
<id>central</id>
<name>Maven Plugin Repository</name>
<url>https://repo1.maven.org/maven2</url>
<layout>default</layout>
<snapshots>
<enabled>false</enabled>
</snapshots>
</repository>
</repositories>
...
</project
来源:https://stackoverflow.com/questions/59763531/maven-dependencies-are-failing-with-a-501-error