archiva-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Martin <marti...@apache.org>
Subject Re: Archiva Security
Date Wed, 28 Nov 2018 20:04:20 GMT
Hi Ranjith,

could you please check the permissions of the guest user? The guest user is the one which
is assigned, if the
user is not authenticated.
Other possibility is, that you are already logged in with your browser (there are authentication
cookies stored in the browser),
because you used the web ui before.
Please logout before testing with your browser. The better alternative is to test with curl
or wget, both do not send cookies
by default.

Regards

Martin

Am Dienstag, 27. November 2018, 07:25:28 CET schrieb ranjithmnair:
> Hi,
> I am using Archiva, and when i include a dependency uploaded in archiva in a
> maven project, the security is working fine and it is allowing only if the
> credentials are provided in settings.xml.
> But the problem is anyone is able to access the repository
> (internal/snapshot), /using the url we mention in the settings/pom to
> download using maven install/, directly in browser and download the jars. Is
> there a way to prevent that.. *I am talking about this url:
> http://localhost:8080/repository/internal/*.
> Is there a way to password protect this url from accessing externally?
> something like it ask for password which i configured in archiva while
> clicking on http://localhost:8080/repository/internal/
> 
> Thanks very much..
> 
> With Best Regards,
> Ranjith
> 
> 
> 
> --
> Sent from: http://archiva.996284.n3.nabble.com/User-f10698.html
> 
> 



Mime
View raw message