Consumers

The following list details some high level information for accessing the Central Repository with a variety of tools. Feel free to let us know of any further additions for the list.

Access to the Central Repository is available via plain HTTP as well as secured HTTPS connections.

The canonical URLs for accessing the Central Repository are

  • HTTP: http://repo1.maven.org/maven2

  • HTTPS: https://repo1.maven.org/maven2

In general, we recommend installation of a repository manager like Sonatype Nexus to gain access to advantages like

  • local caching of proxied components and therefore improved build times,
  • access to private repository hosting of internal components as well as third party components, which are not available in public repositories
  • easy proxying of additional public repositories

and many others.

The Central Repository uses the Maven repository format and publishes release components only.

The availability of the Central Repository via HTTPS currently requires some configuration for various tools. The following sections provide more details.

Repository Managers

Nexus and other repository managers proxy the Central Repository by default or can be configured to do so - including possible setup to proxy via HTTPS.

Sonatype Nexus

Versions 2.9+ use the HTTPS URL by default. Older versions of Nexus Professional use a secured URL with auth-token and older versions of Nexus Open Source use the HTTP URL or optionally the auth-token setup.

We recommend to all Nexus users of versions lower than 2.9 to change the URL of the "Central" proxy repository to the HTTPS URL.

Apache Archiva

Archiva proxies the HTTP URL of the Central Repository by default. We suggest to change this to use the HTTPS URL.

JFrog Artifactory

Artifactory indirectly proxies the Central Repository via JCenter. We suggest to add a direct proxy to the Central Repository using the HTTPS URL.

Apache Maven

Apache Maven retrieves all components from the Central Repository by default. Through at least Maven version 3.2.2, no further configuration is required for access via HTTP, though this is no longer recommended given the availability of the HTTPS transport.

Access via HTTPS can be configured by reconfiguring the built in configuration for the "central" in your settings.xml placed in ~/.m2:

<settings>
  <activeProfiles>
    <!--make the profile active all the time -->
    <activeProfile>securecentral</activeProfile>
  </activeProfiles>
  <profiles>
    <profile>
      <id>securecentral</id>
      <!--Override the repository (and pluginRepository) "central" from the
         Maven Super POM -->
      <repositories>
        <repository>
          <id>central</id>
          <url>https://repo1.maven.org/maven2</url>
          <releases>
            <enabled>true</enabled>
          </releases>
        </repository>
      </repositories>
      <pluginRepositories>
        <pluginRepository>
          <id>central</id>
          <url>https://repo1.maven.org/maven2</url>
          <releases>
            <enabled>true</enabled>
          </releases>
        </pluginRepository>
      </pluginRepositories>
    </profile>
  </profiles>
</settings>

Apache Ivy (and Apache Ant)

Apache Ivy has a built-in resolver for the Central Repository that can be configured in ivysettings.xml and accesses the repository via HTTP.

<ivysettings>
  <settings defaultResolver="chain"/>
  <resolvers>
    <chain name="chain">
      <ibiblio name="central" m2compatible="true"/>
    </chain>
  </resolvers>
</ivysettings>

To access the Central Repository with Ivy via HTTPS you can add the URL to the resolver definition in the root attribute.

<ivysettings>
  <settings defaultResolver="chain" />
  <resolvers>
    <chain name="chain">
      <ibiblio name="securedcentral" m2compatible="true" root="https://repo1.maven.org/maven2" />
    </chain>
  </resolvers>
</ivysettings>

Eclipse Aether (and Apache Ant)

Eclipse Aether and the Aether Ant tasks retrieve all components from the Central Repository by default. No further configuration is required for access via HTTP.

Access via HTTPS can be configured by taking advantage of the fact that Aether uses the Apache Maven settings.xml and configuring it. Alternatively you can configure a remote repository.

<remoterepo id="securecentral" url="https://repo1.maven.org/maven2">
    <releases enabled="true" updates="daily" checksums="fail"/>
    <snapshots enabled="false"/>
</remoterepo>

and use it in the resolve task.

Gradle

Gradle has a built-in configuration to access the Central Repository via HTTP as documented in the dependency tutorial.

repositories {
  mavenCentral()
}

To access the Central Repository with Gradle via HTTPS you can define a Maven repository specifying the URL.

repositories {
  maven {
    url "https://repo1.maven.org/maven2"
  }
}

Leiningen

The default Leiningen configuration for versions 2.4.3+ includes resolving components from the Central Repository via HTTPS.

To access the Central Repository with older Leiningen versions via HTTPS you can override the built-in central URL in your project.clj file.

:mirrors 
  {"central" {:name "securedcentral" :url "https://repo1.maven.org/maven2"}
  }

SBT

The default SBT configuration includes resolving components from the Central Repository via HTTP as documented in the library management documentation.

To access the Central Repository with sbt via HTTPS you can add a new resolver for the secured Central Repository, while disabling the default, in your build.sbt file

resolvers += "Secured Central Repository" at "https://repo1.maven.org/maven2"

externalResolvers := Resolver.withDefaultResolvers(resolvers.value, mavenCentral = false)

Alternatively you can add it as a global repository in ~/.sbt/repositories

[repositories]
local
secured-central: https://repo1.maven.org/maven2

and set sbt.override.build.repos=true when running sbt.