Visit my.sonatype.com for documentation on Nexus Repository version 2.
This article describes how to set up some commonly requested Nexus Repository 2 security configurations.
Can I make a repository private without disabling anonymous access?
Yes. You will need to change the roles around a bit.
Note: Assigning access to a group is equivalent to assigning these privileges to all of the repositories in the group.
-
Create a new Privilege that gives access to your public group (or individual repositories)
- Log in to Nexus Repository 2 as an administrator.
- Click on Privileges in the left menu.
- Click Add.
- Use the following values:
- Name: M2 Public Repositories (Group)
- Description: Access to Public Repositories (Group)
- Repository: Public Repositories (Group)
- Repository Target: All (Maven2)
- Repeat the previous step for all your public groups and/or respositories.
- Save.
-
Create a new Role and assign this new privilege to it.
- Click on Roles in the left menu.
- Click Add.
- User the following values:
- Role Id: repo-public-read
- Name: Repo: All Public Repositories (read)
- Description: Read only access to all public repositories.
- Selected Roles / Privileges: M2 Public Repositories (Group) - (read)
- Include all of the group/repo privd you created in the first step.
- Save.
-
Remove the Grant Read all role from the Anonymous user and add the new role.
- Click on Users in the left menu.
- Click on the anonymous user.
- Remove the role ‘Repo: All Repositories (read)’
- Add the role ‘All Public Repositories (read)’
- You may need to create other Privileges to grant users access to your private repositories
- Save.
How do I disable artifact redeployment against a hosted repo.
Important: The steps below are valid, but all current versions of Nexus Repository 2 have a "deployment policy" setting in the hosted repository configuration. Setting this to "disable redeploy" will accomplish the same thing as the steps below and is the preferred approach.
-
Create a new deployment role that does not have an update privilege but has the privilege to update Metadata.
- Create a new Privilege that gives access Maven 2 Metadata
- Login to Nexus Repository 2 as an administrator.
- Click on Privileges in the left menu.
- Click Add. Use the following values:
- Name: All M2 Repositories Metadata
- Description: All M2 Repositories Metadata
- Repository: All Repositories
- Repository Target: All Metadata (Maven2)
- Save.
-
Create a new Deployment Role.
- Click on Roles in the left menu.
- Click Add.
- User the following values:
- Role Id: repo-custom-deploy
- Name: Repo: All Repositories (no update)
- Description: Allows deployment to all M2 Repositores, but does not allow overwriting artifacts.
- Selected Roles / Privileges: All Metadata (Maven2) - (update), Nexus Anonymous Role, All M2 Repositories - (create), All M2 Repositories - (read), All M2 Repositories - (delete). Adding delete is optional.
- Save.
-
Replace the roles assigned to the deployment user.
- Click on Users in the left menu.
- Click on the deployment user.
- Remove the roles ‘Repo: All Repositories (Full Control)’ and ‘Nexus Deployment Role’
- Add the role ‘Repo: All Repositories (no update)’
- Save.