mavennexus

Setting up authenticated maven repo on Nexus server


I have a nexus OSS server which we are using to server our java jars.

We have created a repo for our project which require clients to pass username and password for downloading the maven dependencies.

Now, we need one more repo from which users should be able to download artefacts without passing any credentials.

Is it possible to host two repos on a single Nexus OSS server one backed by basic authentication and other allowing anonymous access?


Solution

  • The solution, which I report, is explained at https://support.sonatype.com/hc/en-us/articles/360050779593-How-to-grant-anonymous-access-to-a-specific-repository- :

    To restrict anonymous access to a single repository you can create your own anonymous role with targeted permissions and assign it to the anonymous user.
    
    1. Create a new role with the permissions you would like to grant to the anonymous user.
    
    For example, the following allows read and browse privileges to a maven2 repository:
    
    nx-repository-view-maven2-<repo-id>-read
    nx-repository-view-maven2-<repo-id>-browse
    
    The read privilege allows downloads, and the browse privilege allows a user to see the repository's contents in the UI.
    
    You may also want to add the "nx-search-read" privilege to allow searching.
    
    2. Then in Security > Users remove the default nx-anonymous role from the anonymous user, and replace it with the new role.
    
    3. Make sure anonymous access is enabled in Security > Realms. Verify that the "local authenticating realm" and "local authorizing realm" are in the active realm list.
    
    4. Make sure anonymous access is enabled. In Security > Anonymous make sure the check box to Allow anonymous access to the server is checked.  Also make sure the realm of the anonymous user is "local authorizing realm". 
    
    Additional documentation regarding anonymous access is provided here:
    
    https://help.sonatype.com/repomanager3/system-configuration/user-authentication/anonymous-access