tl/dr: How can I configure gradle build script to authenticate with maven nexus without storing passwords additional somewhere and without writing too much boiling code?
My setup is following:
I have several android projects at different Git locations. There must not be a single wrapping project, we have to chose our modules by group/artifact/version.
At our office we use a own nexus. We have to authenticate with the nexus. Our company police says we have to encode our username password combination using maven’s settings-security.xml. When using maven everything is working fine. Maven checks the settings.xml deodes the authentication tokens with settings-security.xml, choses the correct nexus/mirror URL and fetches dependencies.
Now this is what I hoped to get when writing
repositories {
mavenLocal()
}
but sadly this only makes gradle look up in the local repository configured in the settings.xml (please correct me, if I’m wrong).
To make this all possible with gradle projects I wrote a plugin reading the settings, decoding password phrase and authenticating with nexus. The only problem: This plugin must be published to our nexus and all the other projects can’t authenticate with nexus without the plugin (lol).
So this is quite a dilemma. Of course our ci server jenkins shall build all the projects, everyone shall be able to checkout a module and build it instantly (requirements are configured maven and installed gradle).
Could you please give me some hints or best practices how to solve this issue? I really thought this may be a common problem but I couldn’t find a reasonable answer yet.
There is a plugin for this, however if your company doesn’t allow going out to external repositories you have the same problem. Another option would be to implement this with an init script rather than a binary plugin, or host the plugin in a repo that doesn’t require authentication.
Hi mark,
thanks for your reply! I already tried out this plugin. Sadly it only supports basic authentication. Well, we have to investigate some work around like you mentioned. Maybe I am just a bit stubborn and I need to rethink how to gradle up my project.
It could be improved to support certificate authentication but only in conjunction with the ‘maven’ plugin. Unfortunately the ‘maven-publish’ plugin only supports username/password based auth.
Does this mean, it supports encrypted password encrypted by master password in ~/.m2/settings-security.xml?
Or isn’t this basic authentication anymore?
One of the main problems is our policy, which I agree, disallowes us to use plain text files with our real passwords.
That is correct. Encrypted credentials are property decrypted using the master password in settings-security.xml. By “basic” authentication I mean username/password based auth.
Unfortunately an optimal solution requires Gradle itself to make credential information available, meaning Maven settings creds should really just be a source for the cred stuff Gradle dev team is working on. I had discussions with Hans and Adam about this back when I first wrote that plugin. But as far as I know there recent work on credential support in Gradle still does not allow for such use cases.
Is there any update on the credential “providers”? Is this still in the design stage? The kerberos and NTLM credentials are of particular interest to me.
Hey fellas, I’m out for a couple days with an injured back so I’ll be (sorta) brief.
It sounds like you’re referring to https://github.com/gradle/gradle/issues/1236. Work on this has not been started yet, but 1 of our top 2 priorities for the latter half of 2017 is streamlining Maven migration. It sounds like this issue is a good candidate for that effort.
Please upvote or helpful context to that GitHub issue if you feel compelled. Further, if this is something you’d be interested in contributing, we’d welcome your help.
