Login/Register
How to access a secured Nexus with sbt?
Asked Answered
Solved sbtivynexus
P

6

52

I'm trying to access a Nexus repository manager which requires some basic authentication. Everything works fine from Maven2 but when I try to configure things in SBT it can't find the artifacts. It is using a custom repository pattern (see this related question) but I don't think that should matter. In any case the relevant configuration is here.

Project.scala:

val snapshotsName = "Repository Snapshots"
val snapshotsUrl = new java.net.URL("http://nexusHostIp:8081/nexus/content/repositories/snapshots")
val snapshotsPattern = "[organisation]/[module]/[revision]-SNAPSHOT/[artifact]-[revision](-[timestamp]).[ext]"
val snapshots = Resolver.url(snapshotsName, snapshotsUrl)(Patterns(snapshotsPattern))
Credentials(Path.userHome / ".ivy2" / ".credentials", log)

val dep = "group" % "artifact" % "0.0.1" extra("timestamp" -> "20101202.195418-3")

~/.ivy2/.credentials:

realm=Snapshots Nexus
host=nexusHostIp:8081
user=nexususername
password=nexuspassword

According to a similar discussion in the SBT user group this should work fine but I am getting the following when I try to build.

==== Repository Snapshots: tried
[warn]    -- artifact group#artifact;0.0.1!artifact.jar:
[warn]    http://nexusHostIp:8081/nexus/content/repositories/snapshots/group/artifact/0.0.1-SNAPSHOT/artifact-0.0.1-20101202.195418-3.jar

I'm fairly certain this is a credentials problem and not something else because I can hit the URL it says it is trying directly and download the jar (after authenticating).

I have also tried declaring the credentials inline (even though it is less than ideal) like so:

Credentials.add("Repository Snapshots", "nexusHostIp", "nexususername", "nexuspassword")
Paddle answered 3/12, 2010 at 18:49 Comment(0)
B
88

Here's what I did (sbt 0.13 + artifactory - setup should be similar for nexus):

1) Edited the file ~/.sbt/repositories as specified here: http://www.scala-sbt.org/0.13.0/docs/Detailed-Topics/Proxy-Repositories.html

[repositories]
  local
  my-ivy-proxy-releases: http://repo.company.com/ivy-releases/, [organization]/[module]/(scala_[scalaVersion]/)(sbt_[sbtVersion]/)[revision]/[type]s/[artifact](-[classifier]).[ext]
  my-maven-proxy-releases: http://repo.company.com/maven-releases/

2) Locked down my artifactory to disable anonymous access.

3) Created a credentials file in ~/.sbt/.credentials

realm=Artifactory Realm
host=artifactory.mycompany.com
user=username
password=password

4) Created a file under ~/.sbt/0.13/plugins/credentials.sbt that wires up the default credentials

credentials += Credentials(Path.userHome / ".sbt" / ".credentials")

Now when my project loads sbt hits artifactory like normal.

The reason I did it this way is to keep the repository definitions, etc, out of the project files to enable teams to have flexibility (they can set up an internal server to serve in-progress artifacts, etc).

-Austen

Breastwork answered 25/10, 2013 at 19:56 Comment(8)
In case of nexus the realm should be configured as Sonatype Nexus Repository Manager.Piet
It's working for me but I don't understand how "Credentials" can work without specifying the port: my Nexus instance is listening on port 8082. In fact, I have the port specified in the "publishTo :=..." section. What am I missing here?Endplay
It doesn't work in the case when sbt updates itself based on build.propertiesMitchell
To workaround the issue I've added public ivy repository to repositories file as the last repository to check: public-ivy-releases: https://repo.typesafe.com/typesafe/ivy-releases/, [organization]/[module]/(scala_[scalaVersion]/)(sbt_[sbtVersion]/)[revision]/[type]s/[artifact](-[classifier]).[ext]Mitchell
If I create credentials.sbt in the prescribed folder, it doesn't work, but if I put it one folder up (~/.sbt/0.13/credentials.sbt), it does.Chiles
It does not work on my Windows 10+Sbt1.2.8, I also follow the steps in Sbt docs. There is a 401 error occurred, like this. [error] Unable to find credentials for [Sonatype Nexus Repository Manager @ my host name]. Obviously the credentials file is read, but it seems the user/password is not applied correctly. BTW, I am using a HTTPS for my Nexus server.Maine
General, Make sure credentials file is of right type. Should be of Type File.Tablet
in build.sbt after creation of the file ~/.sbt/.credentials just add: credentials += Credentials(Path.userHome / ".sbt" / ".credentials")Quijano
P
35

UPDATE: This answer does not work in recent sbt versions - see Austen's answer instead.

Alright I finally got this sorted out.

snapshotsName can be anything. realm in .credentials must be the HTTP Authentication realm that shows up when trying to hit the URL of the repository (nexus in my case). realm is also the first parameter of Credentials.add. So that line should have been 

Credentials.add("Sonatype Nexus Repository Manager", "nexusHostIp", "nexususername", "nexuspassword")

The host name is just the ip or DNS name. So in .credentials host is just nexusHostIp without the port number.

So the working Project configuration is:

val snapshotsName = "Repository Snapshots"
val snapshotsUrl = new java.net.URL("http://nexusHostIp:8081/nexus/content/repositories/snapshots")
val snapshotsPattern = "[organisation]/[module]/[revision]-SNAPSHOT/[artifact]-[revision](-[timestamp]).[ext]"
val snapshots = Resolver.url(snapshotsName, snapshotsUrl)(Patterns(snapshotsPattern))
Credentials(Path.userHome / ".ivy2" / ".credentials", log)

val dep = "group" % "artifact" % "0.0.1" extra("timestamp" -> "20101202.195418-3")

With a .credentials file that looks like:

realm=Sonatype Nexus Repository Manager
host=nexusHostIp
user=nexususername
password=nexuspassword

Where "Sonatype Nexus Repository Manager" is the HTTP Authentication realm.

Paddle answered 4/12, 2010 at 0:43 Comment(0)
P
7

Following the SBT Documetation:

There are two ways to specify credentials for such a repository:

Inline

credentials += Credentials("Some Nexus Repository Manager", "my.artifact.repo.net", "admin", "password123")

External File

credentials += Credentials(Path.userHome / ".ivy2" / ".credentials")

The .credentials file is a properties file with keys realm, host, user, and password. For example:

realm=Some Nexus Repository Manager
host=my.artifact.repo.net
user=admin
password=password123
Puentes answered 2/6, 2016 at 17:19 Comment(0)
T
5

If SBT launcher is failing to download a new version of SBT from your proxy, and that ~/.sbt/boot/update.log is showing that you're getting 401 authentication errors, you can use the environment variable SBT_CREDENTIALS to specify where the ivy credential file is.

Either of these should work and download the new sbt version:

  1. SBT_CREDENTIALS='/home/YOUR_USER_NAME/.ivy2/.credentials' sbt
  2. Putting export SBT_CREDENTIALS="/home/YOUR_USER_NAME/.ivy2/.credentials" in your .bashrc (or .zshrc), start a new shell session and then run sbt

(You'll need have the ~/.ivy2/.credentials file setup like other answers here has shown)

Source: https://github.com/sbt/sbt/commit/96e5a7957c830430f85b6b89d7bbe07824ebfc4b

Tempestuous answered 28/10, 2016 at 7:9 Comment(0)
F
2

This worked for me. I'm using SBT version 0.13.15:

~/.ivy2/.my-credentials (host without port):

realm=Sonatype Nexus Repository Manager
host=mynexus.mycompany.com
user=my_user
password=my_password

build.sbt (nexus url with port):

import sbt.Credentials

...

credentials += Credentials(Path.userHome / ".ivy2" / ".my-credentials")

...

resolvers in ThisBuild ++= Seq(
    MavenRepository("my-company-nexus", "https://mynexus.mycompany.com:8081/repository/maven-releases/")
)
Firedrake answered 1/11, 2017 at 15:56 Comment(0)
W
2

Check for all files containing credentials.

For me I had a new project in sbt 1.0 (instead of good old 0.13), where I had a ~/.sbt/1.0/global.sbt file containing my credentials, which I forgot about. So after a mandatory password change, the artifactory downloads was broken and locking my account.

Would be nice if the chain of credentials and files filling them can be easily inspected. Would also be nice if SBT was a bit more careful and first checking if authentication/authorization is correct, before starting tot download X files and locking my account after 3 misauthenticated attempts.

Woebegone answered 5/6, 2018 at 11:47 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.