无法从代理后面的HTTPS URL下载maven

时间:2013-07-31 07:33:37

标签: ubuntu https proxy maven-2 ntlm

从我在pom.xml中指定的依赖项中,使用HTTP URL的依赖项被下载但使用HTTPS URL的那些依赖项无法说明:

SEVERE: Proxy authentication error: Credentials cannot be used for NTLM authentication: org.apache.maven.wagon.providers.http.httpclient.auth.UsernamePasswordCredentials

以下是settings.xml的内容:

<?xml version="1.0" encoding="UTF-8"?>
<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 http://maven.apache.org/xsd/settings-1.0.0.xsd">

<pluginGroups />

<proxies>
    <proxy>
        <id>proxy1</id>
        <active>true</active>
        <protocol>http</protocol>
        <host>proxy.mycompany.com</host>
        <port>6050</port>
        <username>domain\username</username>
        <password>password</password>
        <nonProxyHosts></nonProxyHosts>
    </proxy>
    <proxy>
        <id>proxy2</id>
        <active>true</active>
        <protocol>https</protocol>
        <host>proxy.mycompany.com</host>
        <port>6050</port>
        <username>domain\username</username>
        <password>password</password>
        <nonProxyHosts></nonProxyHosts>
    </proxy>
</proxies>

<servers>
</servers>

<mirrors>
</mirrors>

<profiles>
    <profile>
        <id>centralrepo</id>
        <repositories>
            <repository>
                <id>central</id>
                <url>http://central</url>
                <releases>
                    <enabled>true</enabled>
                </releases>
                <snapshots>
                    <enabled>true</enabled>
                </snapshots>
            </repository>
            <repository>
                <id>fortytwo</id>
                <name>fortytwo.net Maven repository</name>
                <url>http://fortytwo.net/maven2</url>
                <releases>
                    <enabled>true</enabled>
                </releases>
                <snapshots>
                    <enabled>true</enabled>
                </snapshots>
            </repository>
            <repository>
                <id>javanet</id>
                <name>java.net Maven repository</name>
                <url>http://download.java.net/maven/2</url>
                <releases>
                    <enabled>true</enabled>
                </releases>
                <snapshots>
                    <enabled>true</enabled>
                </snapshots>
            </repository>
            <repository>
                <id>scala-tools.org</id>
                <name>Scala-tools Maven2 Repository</name>
                <url>http://scala-tools.org/repo-releases</url>
            </repository>
        </repositories>
        <pluginRepositories>
            <pluginRepository>
                <id>central</id>
                <url>http://central</url>
                <releases>
                    <enabled>true</enabled>
                </releases>
                <snapshots>
                    <enabled>true</enabled>
                </snapshots>
            </pluginRepository>
            <pluginRepository>
                <id>scala-tools.org</id>
                <name>Scala-tools Maven2 Repository</name>
                <url>http://scala-tools.org/repo-releases</url>
            </pluginRepository>                              
        </pluginRepositories>
    </profile>        
</profiles>
</settings>

我用谷歌搜索,发现人们建议我使用CNTLM。因此,我安装了CNTLM并将/etc/cntlm.conf文件编辑为以下内容:

#
# Cntlm Authentication Proxy Configuration
#
# NOTE: all values are parsed literally, do NOT escape spaces,
# do not quote. Use 0600 perms if you use plaintext password.
#

Username    username
Domain      domain
Password    password
# NOTE: Use plaintext password only at your own risk
# Use hashes instead. You can use a "cntlm -M" and "cntlm -H"
# command sequence to get the right config for your environment.
# See cntlm man page
# Example secure config shown below.
# PassLM          1AD35398BE6565DDB5C4EF70C0593492
# PassNT          77B9081511704EE852F94227CF48A793
### Only for user 'testuser', domain 'corp-uk'
# PassNTLMv2      D5826E9C665C37C80B53397D5C07BBCB

# Specify the netbios hostname cntlm will send to the parent
# proxies. Normally the value is auto-guessed.
#
# Workstation   netbios_hostname

# List of parent proxies to use. More proxies can be defined
# one per line in format <proxy_ip>:<proxy_port>
#
Proxy       proxy.mycompany.com:6050

# List addresses you do not want to pass to parent proxies
# * and ? wildcards can be used
#
NoProxy     localhost, 127.0.0.*, 10.*, 192.168.*

# Specify the port cntlm will listen on
# You can bind cntlm to specific interface by specifying
# the appropriate IP address also in format <local_ip>:<local_port>
# Cntlm listens on 127.0.0.1:3128 by default
#
Listen      3128

# If you wish to use the SOCKS5 proxy feature as well, uncomment
# the following option. It can be used several times
# to have SOCKS5 on more than one port or on different network
# interfaces (specify explicit source address for that).
#
# WARNING: The service accepts all requests, unless you use
# SOCKS5User and make authentication mandatory. SOCKS5User
# can be used repeatedly for a whole bunch of individual accounts.
#
#SOCKS5Proxy    8010
#SOCKS5User dave:password

# Use -M first to detect the best NTLM settings for your proxy.
# Default is to use the only secure hash, NTLMv2, but it is not
# as available as the older stuff.
#
# This example is the most universal setup known to man, but it
# uses the weakest hash ever. I won't have it's usage on my
# conscience. :) Really, try -M first.
#
#Auth       LM
#Flags      0x06820000

# Enable to allow access from other computers
#
#Gateway    yes

# Useful in Gateway mode to allow/restrict certain IPs
# Specifiy individual IPs or subnets one rule per line.
#
#Allow      127.0.0.1
#Deny       0/0

# GFI WebMonitor-handling plugin parameters, disabled by default
#
#ISAScannerSize     1024
#ISAScannerAgent    Wget/
#ISAScannerAgent    APT-HTTP/
#ISAScannerAgent    Yum/

# Headers which should be replaced if present in the request
#
#Header     User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)

# Tunnels mapping local port to a machine behind the proxy.
# The format is <local_port>:<remote_host>:<remote_port>
# 
#Tunnel     11443:remote.com:443

当我尝试用sudo cntlm -v -I -M http://google.com测试CNTLM时,我得到以下结果:

Reading PROXY auth response...
HEAD: HTTP/1.1 407 Proxy Authorization Required
.
.
.
HEAD: HTTP/1.1 407 Proxy Authorization Required
Credentials rejected

我确信我的凭据是正确的,因为maven能够从HTTP URL下载依赖项。

大约一个月前,我的公司更改了HTTPS代理的SSL证书,从那时起,我就收到了这个错误。

帮助!

1 个答案:

答案 0 :(得分:0)

您的问题的解决方案是使用cntlm身份验证代理的https_proxy环境变量。请找here个答案!如果您需要任何帮助,请与我联系!