From users-return-4475-archive-asf-public=cust-asf.ponee.io@archiva.apache.org Wed Nov 28 21:04:23 2018 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by mx-eu-01.ponee.io (Postfix) with SMTP id 8AE17180658 for ; Wed, 28 Nov 2018 21:04:23 +0100 (CET) Received: (qmail 22220 invoked by uid 500); 28 Nov 2018 20:04:22 -0000 Mailing-List: contact users-help@archiva.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@archiva.apache.org Delivered-To: mailing list users@archiva.apache.org Received: (qmail 22209 invoked by uid 99); 28 Nov 2018 20:04:22 -0000 Received: from mail-relay.apache.org (HELO mailrelay1-lw-us.apache.org) (207.244.88.152) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 28 Nov 2018 20:04:22 +0000 Received: from golgafrichnam.localnet (p54A07B5B.dip0.t-ipconnect.de [84.160.123.91]) by mailrelay1-lw-us.apache.org (ASF Mail Server at mailrelay1-lw-us.apache.org) with ESMTPSA id D4B8CF69 for ; Wed, 28 Nov 2018 20:04:21 +0000 (UTC) From: Martin To: users@archiva.apache.org Subject: Re: Archiva Security Date: Wed, 28 Nov 2018 21:04:20 +0100 Message-ID: <11612143.pIWM930K7c@golgafrichnam> In-Reply-To: <1543299928867-0.post@n3.nabble.com> References: <1543299928867-0.post@n3.nabble.com> MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" Hi Ranjith, could you please check the permissions of the guest user? The guest user is the one which is assigned, if the user is not authenticated. Other possibility is, that you are already logged in with your browser (there are authentication cookies stored in the browser), because you used the web ui before. Please logout before testing with your browser. The better alternative is to test with curl or wget, both do not send cookies by default. Regards Martin Am Dienstag, 27. November 2018, 07:25:28 CET schrieb ranjithmnair: > Hi, > I am using Archiva, and when i include a dependency uploaded in archiva in a > maven project, the security is working fine and it is allowing only if the > credentials are provided in settings.xml. > But the problem is anyone is able to access the repository > (internal/snapshot), /using the url we mention in the settings/pom to > download using maven install/, directly in browser and download the jars. Is > there a way to prevent that.. *I am talking about this url: > http://localhost:8080/repository/internal/*. > Is there a way to password protect this url from accessing externally? > something like it ask for password which i configured in archiva while > clicking on http://localhost:8080/repository/internal/ > > Thanks very much.. > > With Best Regards, > Ranjith > > > > -- > Sent from: http://archiva.996284.n3.nabble.com/User-f10698.html > >