1.问题
最近在研究drools 工作台,从github下载了
drools-wb
和kie-wb-distributions
源码,将源码导入到IDEA工具中,开始下载jar包,奇怪好多jar包无法下载下来!!!(其中包括drools依赖的jar包也有常见的jar包,这些jar包都无法正常下载)。
这些jar包,在maven仓库中都可以找得到,而且每个拿出来都可以在其它项目中正常下载!!!
运行
package
命令(mvn clean install -DskipTests
)打包时,发现报如下错误:
[ERROR] Failed to execute goal org.apache.maven.plugins:maven-enforcer-plugin:3.0.0-M1:enforce (enforce-java-version) on project kie-wb-distributions: Some Enforcer rules
2.原因分析
查找所有使用到
maven-enforcer-plugin
插件和出现过enforce-java-version
的地方,最终定位到kie-wb-distributions
项目的parent的parent的pom.xml文件。
原因:jboss父工程使用maven-enforcer-plugin
增加了限制规则,maven仓库禁止使用http协议访问!!!
<parent>
<groupId>org.jboss</groupId>
<artifactId>jboss-parent</artifactId>
<!-- Keep in sync with jboss-parent version in kie-user-bom-parent/pom.xml -->
<version>36</version>
<relativePath/>
</parent>
<plugins>
<!-- Check for the minimum version of Java and Maven. Runs during the validate phase. -->
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-enforcer-plugin</artifactId>
<executions>
<execution>
<id>enforce-java-version</id>
<goals>
<goal>enforce</goal>
</goals>
<configuration>
<rules>
<bannedRepositories>
<level>${insecure.repositories}</level>
<bannedRepositories>
<bannedRepository>http://*</bannedRepository>
</bannedRepositories>
<bannedPluginRepositories>
<bannedPluginRepository>http://*</bannedPluginRepository>
</bannedPluginRepositories>
</bannedRepositories>
<requireJavaVersion>
<message>To build this project JDK ${jdk.min.version} (or greater) is required. Please install it.</message>
<version>${jdk.min.version}</version>
</requireJavaVersion>
</rules>
</configuration>
</execution>
<execution>
<id>enforce-maven-version</id>
<goals>
<goal>enforce</goal>
</goals>
<configuration>
<rules>
<requireMavenVersion>
<message>To build this project Maven ${maven.min.version} (or greater) is required. Please install it.</message>
<version>${maven.min.version}</version>
</requireMavenVersion>
</rules>
</configuration>
</execution>
</executions>
</plugin>
kie-wb-distributions
root顶级工程不是配置了jboss仓库了吗?而且就是https协议的,为什么下载不了jar包?查看官方文档才发现,是做了maven mirror镜像代理导致的!
- kie-wb-distributions pom.xml代码片段
<repositories>
<!-- Bootstrap repository to locate the parent pom when the parent pom has not been build locally. -->
<repository>
<id>jboss-public-repository-group</id>
<name>JBoss Public Repository Group</name>
<url>https://repository.jboss.org/nexus/content/groups/public/</url>
<layout>default</layout>
<releases>
<enabled>true</enabled>
<updatePolicy>never</updatePolicy>
</releases>
<snapshots>
<enabled>true</enabled>
<updatePolicy>daily</updatePolicy>
</snapshots>
</repository>
</repositories>
- setting.xml文件代码片段(目前使用的http协议)
<mirrors>
<mirror>
<id>nexus-aliyun</id>
<mirrorOf>central,spring-milestone,spring-plugins-release,spring-libs-release,spring-snapshot</mirrorOf>
<name>Nexus aliyun</name>
<url>http://maven.aliyun.com/nexus/content/groups/public</url>
</mirror>
</mirrors>
3.解决办法
- Sample Configuration
For example, one company want to limit repositories usage. But different developers might use different settings.xml. Even their projects’ pom defined different repostories too. For this case, could leverage this enforcer rule to banned specified repositories or even use allowedRepositories/allowedPluginRepositories to banned others unexpected repositories.
Ex. http://repo1/xyz is the repository that want to be banned. http://repo2/xyz is the repository that want to use now.
Sample Plugin Configuration:
<project>
[...]
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-enforcer-plugin</artifactId>
<version>3.0.0-M3</version>
<executions>
<execution>
<id>enforce-banned-repositories</id>
<goals>
<goal>enforce</goal>
</goals>
<configuration>
<rules>
<bannedRepositories>
<bannedRepositories>
<bannedRepository>http://repo1/*<bannedRepository>
</bannedRepositories>
<bannedPluginRepositories>
<bannedPluginRepository>http://repo1/*<bannedPluginRepository>
</bannedPluginRepositories>
<!-- for some cases, white list is more effective -->
<!--
<allowedRepositories>
<allowedRepository>http://repo2/*<allowedRepository>
</allowedRepositories>
<allowedPluginRepositories>
<allowedPluginRepository>http://repo2/*<allowedPluginRepository>
</allowedPluginRepositories>
-->
</bannedRepositories>
</rules>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</build>
[...]
</project>
Worth to Note
- http/https url patterns support wildcard “*”
- This rule will detect banned repositories on maven session itself istead of pom or settings, so if users defined “mirrorOf” in settings.xml, even defined banned repositories in pom.xml, it won’t be detected
<mirrors>
<mirror>
<id>nexus</id>
<mirrorOf>*</mirrorOf>
<url>http://.../nexus/..</url>
</mirror>
</mirrors>
看到了吧,刚好入坑 😝😝😝
4.解决办法
将maven mirror镜像代理中的http协议换成https协议 。
<mirrors>
<mirror>
<id>nexus-aliyun</id>
<mirrorOf>central,spring-milestone,spring-plugins-release,spring-libs-release,spring-snapshot</mirrorOf>
<name>Nexus aliyun</name>
<url>https://maven.aliyun.com/nexus/content/groups/public</url>
</mirror>
</mirrors>
完整配置
<?xml version="1.0" encoding="UTF-8"?>
<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 http://maven.apache.org/xsd/settings-1.0.0.xsd">
<!-- 默认的值是${user.home}/.m2/repository -->
<localRepository>D:\maven\aliyun-repository</localRepository>
<!-- 如果Maven要试图与用户交互来得到输入就设置为true,否则就设置为false,默认为true。 -->
<interactiveMode>true</interactiveMode>
<!-- 如果Maven使用${user.home}/.m2/plugin-registry.xml来管理plugin的版本,就设置为true,默认为false。 -->
<usePluginRegistry>false</usePluginRegistry>
<!-- 如果构建系统要在离线模式下工作,设置为true,默认为false。 如果构建服务器因为网络故障或者安全问题不能与远程仓库相连,那么这个设置是非常有用的。 -->
<offline>false</offline>
<mirrors>
<mirror>
<id>nexus-aliyun</id>
<mirrorOf>central,spring-milestone,spring-plugins-release,spring-libs-release,spring-snapshot</mirrorOf>
<name>Nexus aliyun</name>
<url>https://maven.aliyun.com/nexus/content/groups/public</url>
</mirror>
</mirrors>
<!-- settings.xml中的profile是pom.xml中的profile的简洁形式。 它包含了激活(activation),仓库(repositories),插件仓库(pluginRepositories)和属性(properties)元素。
profile元素仅包含这四个元素是因为他们涉及到整个的构建系统,而不是个别的POM配置。 如果settings中的profile被激活,那么它的值将重载POM或者profiles.xml中的任何相等ID的profiles。 -->
<profiles>
<profile>
<id>default</id>
<activation>
<activeByDefault>true</activeByDefault>
<jdk>1.8</jdk>
</activation>
<repositories>
<repository>
<id>aliyun-public</id>
<name>aliyun public</name>
<url>https://maven.aliyun.com/repository/public</url>
<releases>
<enabled>true</enabled>
</releases>
<snapshots>
<enabled>false</enabled>
</snapshots>
<layout>default</layout>
</repository>
<repository>
<id>aliyun-central</id>
<name>aliyun central</name>
<url>https://maven.aliyun.com/repository/central</url>
<releases>
<enabled>true</enabled>
</releases>
<snapshots>
<enabled>false</enabled>
</snapshots>
<layout>default</layout>
</repository>
<repository>
<id>aliyun-spring</id>
<name>aliyun spring</name>
<url>https://maven.aliyun.com/repository/spring</url>
<releases>
<enabled>true</enabled>
</releases>
<snapshots>
<enabled>false</enabled>
</snapshots>
<layout>default</layout>
</repository>
<repository>
<id>aliyun-spring-plugin</id>
<name>aliyun spring-plugin</name>
<url>https://maven.aliyun.com/repository/spring-plugin</url>
<releases>
<enabled>true</enabled>
</releases>
<snapshots>
<enabled>false</enabled>
</snapshots>
<layout>default</layout>
</repository>
<repository>
<id>aliyun-apache-snapshots</id>
<name>aliyun apache-snapshots</name>
<url>https://maven.aliyun.com/repository/apache-snapshots</url>
<releases>
<enabled>true</enabled>
</releases>
<snapshots>
<enabled>false</enabled>
</snapshots>
<layout>default</layout>
</repository>
<repository>
<id>aliyun-google</id>
<name>aliyun google</name>
<url>https://maven.aliyun.com/repository/google</url>
<releases>
<enabled>true</enabled>
</releases>
<snapshots>
<enabled>false</enabled>
</snapshots>
<layout>default</layout>
</repository>
<repository>
<id>aliyun-gradle-plugin</id>
<name>aliyun gradle-plugin</name>
<url>https://maven.aliyun.com/repository/gradle-plugin</url>
<releases>
<enabled>true</enabled>
</releases>
<snapshots>
<enabled>false</enabled>
</snapshots>
<layout>default</layout>
</repository>
<repository>
<id>aliyun-jcenter</id>
<name>aliyun jcenter</name>
<url>https://maven.aliyun.com/repository/jcenter</url>
<releases>
<enabled>true</enabled>
</releases>
<snapshots>
<enabled>false</enabled>
</snapshots>
<layout>default</layout>
</repository>
<repository>
<id>aliyun-releases</id>
<name>aliyun releases</name>
<url>https://maven.aliyun.com/repository/releases</url>
<releases>
<enabled>true</enabled>
</releases>
<snapshots>
<enabled>false</enabled>
</snapshots>
<layout>default</layout>
</repository>
<repository>
<id>aliyun-snapshots</id>
<name>aliyun snapshots</name>
<url>https://maven.aliyun.com/repository/snapshots</url>
<releases>
<enabled>true</enabled>
</releases>
<snapshots>
<enabled>false</enabled>
</snapshots>
<layout>default</layout>
</repository>
<repository>
<id>aliyun-grails-core</id>
<name>aliyun grails-core</name>
<url>https://maven.aliyun.com/repository/grails-core</url>
<releases>
<enabled>true</enabled>
</releases>
<snapshots>
<enabled>false</enabled>
</snapshots>
<layout>default</layout>
</repository>
<repository>
<id>aliyun-mapr-public</id>
<name>aliyun mapr-public</name>
<url>https://maven.aliyun.com/repository/mapr-public</url>
<releases>
<enabled>true</enabled>
</releases>
<snapshots>
<enabled>false</enabled>
</snapshots>
<layout>default</layout>
</repository>
<repository>
<id>spring-milestone</id>
<name>Spring Milestone Repository</name>
<url>https://repo.spring.io/milestone</url>
<releases>
<enabled>true</enabled>
</releases>
<snapshots>
<enabled>false</enabled>
</snapshots>
<layout>default</layout>
</repository>
<repository>
<id>spring-plugins-release</id>
<name>Spring plugins Repository</name>
<url>https://repo.spring.io/plugins-release/</url>
<releases>
<enabled>true</enabled>
</releases>
<snapshots>
<enabled>false</enabled>
</snapshots>
<layout>default</layout>
</repository>
<repository>
<id>spring-libs-release</id>
<name>Spring libs Repository</name>
<url>https://repo.spring.io/libs-release/</url>
<releases>
<enabled>true</enabled>
</releases>
<snapshots>
<enabled>false</enabled>
</snapshots>
<layout>default</layout>
</repository>
<repository>
<id>spring-snapshot</id>
<name>Spring Snapshot Repository</name>
<url>https://repo.spring.io/snapshot</url>
<releases>
<enabled>false</enabled>
</releases>
<snapshots>
<enabled>true</enabled>
</snapshots>
<layout>default</layout>
</repository>
<repository>
<id>jboss-public-repository-group</id>
<name>JBoss Public Repository Group</name>
<url>https://repository.jboss.org/nexus/content/groups/public/</url>
<releases>
<enabled>true</enabled>
</releases>
<snapshots>
<enabled>true</enabled>
</snapshots>
<layout>default</layout>
</repository>
</repositories>
</profile>
</profiles>
<!-- activations是profile的关键,就像POM中的profiles,profile的能力在于它在特定情况下可以修改一些值。
而这些情况是通过activation来指定的。 -->
<!-- <activeProfiles/> -->
</settings>