Maven Build Failure -- DependencyResolutionException

Asked 7/4, 2021 at 5:28 Answered 26/6, 2023 at 13:54

Solved maven pom.xml dependency-resolution

108

I'm installing a package that has Maven dependency and get a DependencyResolutionException when I try to clean it. After cloning it, I navigate to the directory and run the following to install it with no error:

mvn install:install-file -Dfile=./lib/massbank.jar -DgroupId=massbank  -DartifactId=massbank -Dversion=1.0 -Dpackaging=jar
mvn install:install-file -Dfile=./lib/metfusion.jar -DgroupId=de.ipbhalle.msbi  -DartifactId=metfusion -Dversion=1.0 -Dpackaging=jar

Then:

mvn clean package

with the following console output:

[INFO] Scanning for projects...
[INFO] 
[INFO] --------------------< MassBank2NIST:MassBank2NIST >---------------------
[INFO] Building MassBank2NIST 0.0.2-SNAPSHOT
[INFO] --------------------------------[ jar ]---------------------------------
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time:  0.450 s
[INFO] Finished at: 2021-04-07T01:08:28-04:00
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal on project MassBank2NIST: Could not resolve dependencies for project MassBank2NIST:MassBank2NIST:jar:0.0.2-SNAPSHOT: Failed to collect dependencies at edu.ucdavis.fiehnlab.splash:core:jar:1.8: Failed to read artifact descriptor for edu.ucdavis.fiehnlab.splash:core:jar:1.8: Could not transfer artifact edu.ucdavis.fiehnlab.splash:core:pom:1.8 from/to maven-default-http-blocker (http://0.0.0.0/): Blocked mirror for repositories: [EBI (http://www.ebi.ac.uk/intact/maven/nexus/content/repositories/ebi-repo/, default, releases+snapshots), releases (http://gose.fiehnlab.ucdavis.edu:55000/content/groups/public, default, releases+snapshots)] -> [Help 1]
[ERROR] 
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR] 
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/DependencyResolutionException

I can post the output of the debug logging switch if necessary, but it's quite long. I can also post the pom.xml, however it refers to the repositories as required from what I can tell.

I've searched for similar posts, but none seem to contain the same series of errors or similar. Can someone help me decipher these errors?

Thanks!

Advent answered 7/4, 2021 at 5:28 Comment(2)

Does this answer your question? How to disable maven blocking external HTTP repositores? – Abracadabra 21/12, 2021 at 2:54

I fixed mine by changing the URLs from http to https – Quaternion 13/1, 2022 at 15:57

151

You don't have to downgrade Maven. What happens here is that since 3.8.1, Maven comes with a default configuration to block all HTTP (insecure) repositories. The best way would be to upgrade your repositories and make them secure (HTTPS).

However, you can tell Maven to allow downloading from your insecure repository by adding this mirror to your ~/.m2/settings.xml:

<mirror>
  <id>insecure-repo</id>
  <mirrorOf>external:http:*</mirrorOf>
  <url>http://www.ebi.ac.uk/intact/maven/nexus/content/repositories/ebi-repo/</url>
  <blocked>false</blocked>
</mirror>

Setting blocked to false will fix your issue. Note that above snippet assumes that the repository at www.ebi.ac.uk mirrors all insecure HTTP repositories (which is what external:http:* means).

You can also unblock individual repositories. For example, the JasperSoft repository is insecure, I unblock it with:

<mirror>
  <id>jaspersoft-third-party-mirror</id>
  <mirrorOf>jaspersoft-third-party</mirrorOf>
  <url>http://jaspersoft.jfrog.io/jaspersoft/third-party-ce-artifacts/</url>
  <blocked>false</blocked>
</mirror>

Elegance answered 16/4, 2021 at 8:37 Comment(5)

Updated my answer with instructions how to unblock an individual repository. – Elegance 20/4, 2021 at 8:35

Thanks - I realised I was putting my <mirror> declaration inside a profile, so it wasn't being picked up. – Amniocentesis 21/4, 2021 at 7:55

if I get 2 different repositries as repo1 and repo2, then create 2 mirrors for both repos repectively like below, but I still get the error msg. <mirror> <id>repo1-mirror</id> <mirrorOf>repo1</mirrorOf> <url>xx/</url> <blocked>false</blocked> </mirror><mirror> <id>repo2-mirror</id> <mirrorOf>repo2</mirrorOf> <url>xxyyy/</url> <blocked>false</blocked> </mirror> – Quennie 2/6, 2021 at 9:21

The <blocked></blocked> tag is now an issue. Facepalm – Stratovision 27/5, 2022 at 6:41

using first mirror gives 401 error – Sams 18/9, 2023 at 13:18

Open file ${MAVEN_HOME}/conf/settings.xml

And Comment these lines.

<mirror>
    <id>maven-default-http-blocker</id>
    <mirrorOf>external:http:*</mirrorOf>
    <name>Pseudo repository to mirror external repositories initially using HTTP.</name>
    <url>http://0.0.0.0/</url>
    <blocked>false</blocked>
</mirror>

Tribal answered 10/5, 2021 at 15:13 Comment(3)

What version of maven is this? Can't find it – Stratovision 26/5, 2022 at 17:20

@OjonugwaJudeOchalifu happened to me with 3.8.4 – Corded 18/7, 2022 at 16:3

This solution worked great for me. Our internal Artifactory server was setup without SSL. This stopped the failover to "central" after upgrading to maven 3.8.6. Prior we used maven 3.2.1 and the unsecured local repo did not get blocked. Thanks so much. :) – Akers 2/12, 2022 at 15:56

If you do not have access to ~/.m2/settings.xml because your build is handled by cloud CI/CD or you want to share this solution with your team members. The best way is to create your own maven setting file in the project.

Create .mvn folder in your project.
Create custom-settings.xml file inside .mvn folder with such content (in this example we unblock http connection for releases.java.net mirror):

<settings xmlns="http://maven.apache.org/SETTINGS/1.2.0"
          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
          xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.2.0 http://maven.apache.org/xsd/settings-1.2.0.xsd">
    <mirrors>
        <mirror>
            <id>releases-java-net-http-unblocker</id>
            <mirrorOf>releases.java.net</mirrorOf>
            <name>releases.java.net</name>
            <url>http://maven.java.net/content/repositories/releases/</url>
            <blocked>false</blocked>
        </mirror>
    </mirrors>
</settings>

Create maven.config file inside .mvn folder with such content:

--settings ../.mvn/custom-settings.xml

Or you can just run mvn clean install --settings .mvn/custom-settings.xml.

Sulfanilamide answered 7/5, 2021 at 20:49 Comment(0)

The error "Blocked mirror for repositories" is referred to explicitly in Maven's release note for version 3.8.1:

How to fix when I get a HTTP repository blocked?

If the repository is defined in your pom.xml, please fix it in your source code.

If the repository is defined in one of your dependencies POM, you’ll get a message like:

[ERROR] Failed to execute goal on project test: Could not resolve dependencies for project xxx: Failed to collect dependencies at my.test:dependency:version -> my.test.transitive:transitive:version: Failed to read artifact descriptor for my.test.transitive:transitive:jar:version: Could not transfer artifact my.test.transitive:transitive:pom:version from/to maven-default-http-blocker (http://0.0.0.0/): Blocked mirror for repositories: [blocked-repository-id (http://blocked.repository.org, default, releases+snapshots)]

They go on to offer some ways to avoid the problem:

Options to fix are:

upgrade the dependency version to a newer version that replaced the obsolete HTTP repository URL with a HTTPS one,

keep the dependency version but define a mirror in your settings.

Plus, I suppose, the simpler, shorter-term option would be to roll back your version of Maven to anything prior to 3.8.1.

Amniocentesis answered 9/4, 2021 at 9:11 Comment(0)

Use apache-maven-3.6.3, which uses http only

https://downloads.apache.org/maven/maven-3/3.6.3/binaries/apache-maven-3.6.3-bin.zip

Treece answered 12/4, 2021 at 9:58 Comment(3)

Thank you for the quick link to a version of maven that doesn't complain if a repo is http instead of https. This worked for me. – Arran 20/4, 2021 at 19:30

Downvote as rolling back versions is a poor fix which isn't necessary – Simulcast 15/12, 2022 at 0:53

3.6.3 does not only use (unencrypted) http. It supports HTTPS, but simply does not block unencrypted http by default. – Echinoderm 7/3, 2023 at 20:44

use apache-maven-3.8.1, adding the following in ~/.m2/settings.xml could solve such problem:

<mirrors>
  <mirror>
    <id>internal-repository</id>
    <name>Maven Repository Manager running on https://repo1.maven.org/maven2</name>
    <url>https://repo1.maven.org/maven2</url>
    <mirrorOf>central</mirrorOf>
  </mirror>
</mirrors>

Refer to this link https://maven.apache.org/guides/mini/guide-mirror-settings.html to see why the error occurred.

Silence answered 21/4, 2021 at 8:8 Comment(0)

I had a similar problem but with Vaadin. There is the simplest solution possible, and it is to replace all http:// with https://

This is an example :

<repository>
    <id>vaadin-addons</id>
    <url>https://maven.vaadin.com/vaadin-addons</url>
</repository>

Binate answered 29/12, 2021 at 8:35 Comment(1)

Build succeeded with warning. – Filamentary 4/10, 2022 at 12:17

This is due to latest maven blocks insecure HTTP connections. One possibility is adding a mirror to maven settings.xml. Best way is updating the pom file to refer to secure HTTPS repository if it is available. For example I faced the same issue with following config in pom.xml.

<repositories>
    <repository>
        <releases>
            <enabled>true</enabled>
            <updatePolicy>daily</updatePolicy>
            <checksumPolicy>ignore</checksumPolicy>
        </releases>
        <id>wso2-nexus</id>
        <url>http://maven.wso2.org/nexus/content/groups/wso2-public/</url>
    </repository>
</repositories>

I was able to resolve the issue by updating URL as bellow. Here I referred to HTTPS repo which was available in my case.

<url>https://maven.wso2.org/nexus/content/groups/wso2-public/</url>

Lohman answered 18/1, 2022 at 23:32 Comment(0)

For me, I had to downgrade to the older version 3.6.3 from the site and the crazy problem is gone, hope maven community can fix this problem without us doing anything to our settings.xml.

Forayer answered 1/2, 2022 at 18:23 Comment(0)

New mvn versions do not support http (insecure repos)

Smidgen answered 26/1, 2023 at 19:6 Comment(0)

You should remove mirror from MVN_DIRECTORY/conf/setting.xml

<mirror>
  <id>maven-default-http-blocker</id>
  <mirrorOf>external:http:*</mirrorOf>
  <name>Pseudo repository to mirror external repositories initially using HTTP.</name>
  <url>http://0.0.0.0/</url>
</mirror>

Busman answered 26/6, 2023 at 13:54 Comment(0)

apache-maven-3.6.3-bin will resolve the maven-default-http-blocker (http //0.0.0.0/) blocked Issue (fixed for me) it works for me

Postdoctoral answered 20/5, 2021 at 10:32 Comment(1)

This is the same answer as @Satya Kaveti and the root cause has been explained in detail already. – Daric 20/5, 2021 at 18:19

-3

ultimately had to downgrade to mvn 3.5

brew uninstall maven

Instructions to install mvn 3.5 can be found at

https://formulae.brew.sh/formula/[email protected]

Alternate answered 2/8, 2021 at 12:22 Comment(0)

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags