无法让 Maven 从代理后面的 HTTPS URL 下载
Posted
技术标签:
【中文标题】无法让 Maven 从代理后面的 HTTPS URL 下载【英文标题】:Unable to get maven to download from HTTPS URLs behind proxy 【发布时间】:2013-07-31 14:48:39 【问题描述】:根据我在pom.xml 中指定的依赖项,使用 HTTP URL 的依赖项会被下载,但使用 HTTPS URL 的依赖项会失败:
SEVERE: Proxy authentication error: Credentials cannot be used for NTLM authentication: org.apache.maven.wagon.providers.http.httpclient.auth.UsernamePasswordCredentials
这里是settings.xml的内容:
<?xml version="1.0" encoding="UTF-8"?>
<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 http://maven.apache.org/xsd/settings-1.0.0.xsd">
<pluginGroups />
<proxies>
<proxy>
<id>proxy1</id>
<active>true</active>
<protocol>http</protocol>
<host>proxy.mycompany.com</host>
<port>6050</port>
<username>domain\username</username>
<password>password</password>
<nonProxyHosts></nonProxyHosts>
</proxy>
<proxy>
<id>proxy2</id>
<active>true</active>
<protocol>https</protocol>
<host>proxy.mycompany.com</host>
<port>6050</port>
<username>domain\username</username>
<password>password</password>
<nonProxyHosts></nonProxyHosts>
</proxy>
</proxies>
<servers>
</servers>
<mirrors>
</mirrors>
<profiles>
<profile>
<id>centralrepo</id>
<repositories>
<repository>
<id>central</id>
<url>http://central</url>
<releases>
<enabled>true</enabled>
</releases>
<snapshots>
<enabled>true</enabled>
</snapshots>
</repository>
<repository>
<id>fortytwo</id>
<name>fortytwo.net Maven repository</name>
<url>http://fortytwo.net/maven2</url>
<releases>
<enabled>true</enabled>
</releases>
<snapshots>
<enabled>true</enabled>
</snapshots>
</repository>
<repository>
<id>javanet</id>
<name>java.net Maven repository</name>
<url>http://download.java.net/maven/2</url>
<releases>
<enabled>true</enabled>
</releases>
<snapshots>
<enabled>true</enabled>
</snapshots>
</repository>
<repository>
<id>scala-tools.org</id>
<name>Scala-tools Maven2 Repository</name>
<url>http://scala-tools.org/repo-releases</url>
</repository>
</repositories>
<pluginRepositories>
<pluginRepository>
<id>central</id>
<url>http://central</url>
<releases>
<enabled>true</enabled>
</releases>
<snapshots>
<enabled>true</enabled>
</snapshots>
</pluginRepository>
<pluginRepository>
<id>scala-tools.org</id>
<name>Scala-tools Maven2 Repository</name>
<url>http://scala-tools.org/repo-releases</url>
</pluginRepository>
</pluginRepositories>
</profile>
</profiles>
</settings>
我搜索了一下,发现有人建议我使用 CNTLM。因此,我安装了 CNTLM 并将 /etc/cntlm.conf 文件编辑为以下内容:
#
# Cntlm Authentication Proxy Configuration
#
# NOTE: all values are parsed literally, do NOT escape spaces,
# do not quote. Use 0600 perms if you use plaintext password.
#
Username username
Domain domain
Password password
# NOTE: Use plaintext password only at your own risk
# Use hashes instead. You can use a "cntlm -M" and "cntlm -H"
# command sequence to get the right config for your environment.
# See cntlm man page
# Example secure config shown below.
# PassLM 1AD35398BE6565DDB5C4EF70C0593492
# PassNT 77B9081511704EE852F94227CF48A793
### Only for user 'testuser', domain 'corp-uk'
# PassNTLMv2 D5826E9C665C37C80B53397D5C07BBCB
# Specify the netbios hostname cntlm will send to the parent
# proxies. Normally the value is auto-guessed.
#
# Workstation netbios_hostname
# List of parent proxies to use. More proxies can be defined
# one per line in format <proxy_ip>:<proxy_port>
#
Proxy proxy.mycompany.com:6050
# List addresses you do not want to pass to parent proxies
# * and ? wildcards can be used
#
NoProxy localhost, 127.0.0.*, 10.*, 192.168.*
# Specify the port cntlm will listen on
# You can bind cntlm to specific interface by specifying
# the appropriate IP address also in format <local_ip>:<local_port>
# Cntlm listens on 127.0.0.1:3128 by default
#
Listen 3128
# If you wish to use the SOCKS5 proxy feature as well, uncomment
# the following option. It can be used several times
# to have SOCKS5 on more than one port or on different network
# interfaces (specify explicit source address for that).
#
# WARNING: The service accepts all requests, unless you use
# SOCKS5User and make authentication mandatory. SOCKS5User
# can be used repeatedly for a whole bunch of individual accounts.
#
#SOCKS5Proxy 8010
#SOCKS5User dave:password
# Use -M first to detect the best NTLM settings for your proxy.
# Default is to use the only secure hash, NTLMv2, but it is not
# as available as the older stuff.
#
# This example is the most universal setup known to man, but it
# uses the weakest hash ever. I won't have it's usage on my
# conscience. :) Really, try -M first.
#
#Auth LM
#Flags 0x06820000
# Enable to allow access from other computers
#
#Gateway yes
# Useful in Gateway mode to allow/restrict certain IPs
# Specifiy individual IPs or subnets one rule per line.
#
#Allow 127.0.0.1
#Deny 0/0
# GFI WebMonitor-handling plugin parameters, disabled by default
#
#ISAScannerSize 1024
#ISAScannerAgent Wget/
#ISAScannerAgent APT-HTTP/
#ISAScannerAgent Yum/
# Headers which should be replaced if present in the request
#
#Header User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)
# Tunnels mapping local port to a machine behind the proxy.
# The format is <local_port>:<remote_host>:<remote_port>
#
#Tunnel 11443:remote.com:443
当我尝试使用 sudo cntlm -v -I -M http://google.com 测试 CNTLM 时,我得到以下信息:
Reading PROXY auth response...
HEAD: HTTP/1.1 407 Proxy Authorization Required
.
.
.
HEAD: HTTP/1.1 407 Proxy Authorization Required
Credentials rejected
我确信我的凭据是正确的,因为 maven 能够从 HTTP URL 下载依赖项。
大约一个月前,我的公司更改了 HTTPS 代理的 SSL 证书,从那以后,我一直收到此错误。
帮助!
【问题讨论】:
【参考方案1】:您的问题的解决方案是带有 cntlm 身份验证代理的 https_proxy 环境变量。请找here回答!如果您需要任何帮助,请联系我!
【讨论】:
以上是关于无法让 Maven 从代理后面的 HTTPS URL 下载的主要内容,如果未能解决你的问题,请参考以下文章
Keycloak Node.js 适配器在公司代理后面不起作用
如何让 Anaconda 在 HTTP 代理(不是 https)后面工作?