乐趣区

关于java:如何关闭mavendefaulthttpblocker

最近降级 Maven 到 3.8.1 后,mvn 编译的时候总是提醒拉不到依赖,报错如下:

Could not validate integrity of download from http://0.0.0.0/...

全副报错如下:

[WARNING] Could not validate integrity of download from http://0.0.0.0/com/alibaba/nacos/nacos-client-mse-extension/1.4.2-SNAPSHOT/maven-metadata.xml
org.eclipse.aether.transfer.ChecksumFailureException: Checksum validation failed, expected <!doctype but is 18420d7f1430a348837b97a31a80e374e3b00254
    at org.eclipse.aether.connector.basic.ChecksumValidator.validateExternalChecksums (ChecksumValidator.java:174)
    at org.eclipse.aether.connector.basic.ChecksumValidator.validate (ChecksumValidator.java:103)
    at org.eclipse.aether.connector.basic.BasicRepositoryConnector$GetTaskRunner.runTask (BasicRepositoryConnector.java:460)
    at org.eclipse.aether.connector.basic.BasicRepositoryConnector$TaskRunner.run (BasicRepositoryConnector.java:364)
    at org.eclipse.aether.util.concurrency.RunnableErrorForwarder$1.run (RunnableErrorForwarder.java:75)
    at org.eclipse.aether.connector.basic.BasicRepositoryConnector$DirectExecutor.execute (BasicRepositoryConnector.java:628)
    at org.eclipse.aether.connector.basic.BasicRepositoryConnector.get (BasicRepositoryConnector.java:235)
    at org.eclipse.aether.internal.impl.DefaultMetadataResolver$ResolveTask.run (DefaultMetadataResolver.java:573)
    at org.eclipse.aether.util.concurrency.RunnableErrorForwarder$1.run (RunnableErrorForwarder.java:75)
    at java.util.concurrent.ThreadPoolExecutor.runWorker (ThreadPoolExecutor.java:1130)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run (ThreadPoolExecutor.java:630)
    at java.lang.Thread.run (Thread.java:832)
[WARNING] Checksum validation failed, expected <!doctype but is 18420d7f1430a348837b97a31a80e374e3b00254 from maven-default-http-blocker for http://0.0.0.0/com/alibaba/nacos/nacos-client-mse-extension/1.4.2-SNAPSHOT/maven-metadata.xml
Downloaded from maven-default-http-blocker: http://0.0.0.0/com/alibaba/nacos/nacos-client-mse-extension/1.4.2-SNAPSHOT/maven-metadata.xml (63 kB at 19 kB/s)

从关键字 maven-default-http-blocker 能够找到相干材料。

简而言之,如果应用 HTTP 协定下载依赖,可能会导致中间人攻打。比方,原本想下载一个 nacos-client 的,后果下载的后果中被插入了恶意代码,而后开发人员运行了一下,黑客就能取得开发人员的计算机控制权了。

所以 Maven 3.8.1 就禁止了所有 HTTP 协定的 Maven 仓库。

详情见 Maven 3.8.1 的公布日志。

问题是在日常开发中,咱们常常会用到公司外部的 maven 仓库。这些仓库个别都是 http 协定,Maven 3.8.1 禁止了 http 协定,那么就会导致结尾的报错。

于是查了下,能够依照如下形式敞开:

批改全局的 settings.xml 文件(个别在零碎门路下,比方 mac 就在 /usr/local/Cellar/maven/3.8.1/libexec/conf/pom.xml/usr/local/Cellar/maven/3.8.2/libexec/conf/settings.xml), 删除如下局部即可:

<mirror>
    <id>maven-default-http-blocker</id>
    <mirrorOf>external:http:*</mirrorOf>
    <name>Pseudo repository to mirror external repositories initially using HTTP.</name>
    <url>http://0.0.0.0/</url>
    <blocked>true</blocked>
</mirror>

而后就能够持续失常应用 Maven 了。

P.S. 对于内部仓库,还是倡议应用 HTTPS 协定拜访,防止出现针对性的中间人攻打。

退出移动版