Created by James Hurrell, last modified on Sep 22, 2023

Introduction

When analyzing an Application that includes Maven based source code, Console (i.e. the Nodes) need to know where to find any required Maven local or remote HTTP/S repositories. The location of the repositories is crucial to ensure that any associated JAR files can be automatically discovered and that POM dependencies can also be located during the analysis. See Configuring source code delivery for Maven for more information.

To tell Console (and your configured Nodes) where any required repositories are located, use this panel. Out of the box several public repositories will be predefined - https://repo.maven.apache.org/maven2 is marked as the primary repository (i.e. the most complete repository) which will always be search first:

  • Any repository added in this panel is valid for all Nodes (and therefore all applications) managed in Console. If you configure multiple large repositories in this panel, the source code delivery action can take a significant amount of time to process through all the repositories when only some may be relevant for a specific Application. To counter this, you can ALSO define repositories at Application level (see Application - Config - Maven configuration settings) - these are specific to the Application and won't be valid for any other Application/Node.
  • Repositories discovered in the uploaded source code and any repositories defined at Application level (see Application - Config - Maven configuration settings) always take priority over any repositories defined in this options panel.

Options

You can remove an existing repository if you do not use it via the trash icon (1), edit an existing repository using the edit icon (2), add additional repositories by clicking the ADD button (3) as shown below:

Adding a new repository

When adding a new repository, the following dialog is displayed:

Repository URL/Path

Enter the URL or path to the Maven repository you want to add. For example:

  • Remote repository: enter the URL to the repository (e.g.: Google's repository https://maven.google.com)
  • Local repository: enter the path to the  ".m2" file, e.g.: C:/my_repo/.m2

Note that the Maven repository URL will be validated when the ADD button is clicked, and if it is found not to be accessible, an error will be displayed and the repository will not be saved.

Username / PasswordEnter the credentials for the repository - leave blank if the repository is public or does not require credentials.

Changing the order of repositories

You can change the order of the repositories by dragging and dropping them in to the correct position (this is the order in which the repositories are scanned for artifacts). The repository at the top of the list is marked as the "primary", i.e. this repository is the most complete and is always scanned first:

Troubleshooting issues accessing remote HTTPS repositories

In certain situations, an error may be registered in the Delivery log when the Node attempts to access an HTTPS repository. For example, in the log located at delivery\{app-guid}\data\{guid}\{guid}\{guid}\DMTDeliveryReport.CastLog2:

ERROR cast.dmt.engine.extractor.jee.maven.http.connectionFailed Unkown format id: cast.dmt.engine.extractor.jee.maven.http.connectionFailed =>  %URL%="https://my.maven.repo/artifactory/maven-release/"
%MESSAGE%="sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"           
javax.net.ssl.SSLHandshakeException:sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alerts.getSSLException(:0).

The error reported in the log is generated by the DeliveryManagerTool-CLI.exe tool located on the AIP Node. This tool uses the Java JRE delivered with AIP Core in the following location:

%PROGRAMFILES%\CAST\<release>\jre\

This error usually occurs if the remote HTTPS repository you have defined is using an SSL certificate:

  • where the signing authority is not listed in the Java JRE cacerts file located at %PROGRAMFILES%\CAST\<release>\jre\security\cacerts

  • that is self-signed

Resolving the issue involves importing the required SSL certificates into the Java JRE delivered with AIP Core - this is out of the scope of this document.