Gradle through a corporate network

blake1024 · November 14, 2018, 11:48am

Greetings,

I am doing work for a very large, international company. They use maven everwhere and don’t seem to know a lot about Gradle. I would like to introduce Gradle but my problem is as follows.

Maven works fine through their corporate firewall / proxy, Gradle does not. It is my impression that Gradle has stricter security requirements (HTTPS, etc.). I would like it if Gradle had a simple way of disabling those strict requirements so that I can:

A. easily get Gradle to work so that I can demo it (and use it in the future)

B. rely on their corporate firewall / proxy for security rather than having Gradle enforce any

I understand that there are ways of configuring Gradle to retain it’s security requirements and get it to work in this corporate environment, but the problem is as follows:

The barrier to entry is too high. It takes too much work / time to figure out how to get it working for a developer who’s not well connected to their corporate network configuration.
It’s hard to get corporate assistance when they are happy with what works. A bit of a chicken and egg problem.

So, what I am looking for is a very simple, single flag or environment variable to set to allow Gradle to work in a very restricted corporate environment. I will rely on their corporate security mechanisms for security assurances.

If I can’t get Gradle to work myself, they’ll remain a maven shop.

Thank you.

Blake McBride

Lance · November 17, 2018, 7:16pm

Which https communication are you referring to? Gradle can reference repositories over http by configuring a http url

repositories {
    maven {
        url "http://repo.mycompany.com/maven"
    }
}

Jean_Pierre_Delouche · November 20, 2018, 12:34pm

Hi Blake,

If they run maven, they should have an artefact cache in some place that access to the wild internet, thus putting the burden of security out of the gradle plate. Accessing directly to jcenter is inefficient because each time a developer will ask for a dependency, the artefact will be downloaded one more time. In addition, if for some reason jcenter gets out of the internet, nobody will be able to work anymore for some times. Just to say that I have no problem to work behind a big corporate firewall, with direct acces to the internet or with an Artifactory cache.

Jean-Pierre

DJViking · November 20, 2018, 1:50pm

Use a Repository Manager like Sonatype Nexus or Artifactory.

A vital component for any corporation, as the intermediary for Maven/Gradle plugins and dependencies. Also specially for uploading artifacts from your own projects.