Welcome to the weekly roundup of blog posts that mention Nexus, Maven, and other projects that Sonatype developers contribute to.
DZone: Maven Repository Nexus Pro Upgrades to 1.4
“The newly announced 1.4 version of Nexus Professional, a Maven repository manager, introduces a full plugin model with improved capabilities.”
October 28, 2009
Nexus Maven Repository Manager Users List: Nexus 1.4.0 Released
“Nexus 1.4.0 has been released. This was a rather substantial release, and contains a lot of new functionality and bug fixes.”
October 28, 2009
Mosabuam: Company Super POM – A Maven Practice
“Soon after the initial install of Maven you will hopefully like it and use it on a bunch of projects. You will notice that there are a bunch of things in the POM that are the same from project to project. Normally that is where the concept of a company or organisation POM appears. On the other hand internally Maven always uses the Super POM as well. Once multiple projects are involved things quickly get confusing, so lets look at this a bit closer and then get to my hybrid approach of a Company Super POM.”
By Manfred Moser, on 29 Oct 2009
The Nexus Professional 1.4 release offers a wide array of features
- Proxy Repository Browsing – With Nexus 1.4, the local cache and logical index views have been separated into separate tabs. We found that the previous single tab with a combo box to select the source was confusing.
- Publishing Web Sites to Nexus Professional – Nexus Professional 1.4 provides you with a WebDAV endpoint for publishing a web site. You can configure a Site repository that can be used as a publishing destination for project documentation. This means you don’t have to worry about providing some alternate solution to host your reports. The full support of Nexus security applies to this new type of repository, so you can control access at a very fine grained level.
- Repository Configuration Changes
- Fine-grained control of Redeployment for Hosted Repositories: Nexus 1.4 provides administrators a simplied way to control how a hosted repository deals with the redeployment of artifacts. You can configure a repository to allow for the redeployment of previously deployed artifacts, allow for one-time deployment, or to provide a read-only interface for clients.
- Improvements to the Staging Plugin – The staging plugin had numerous improvements in the 1.4 release to increase usability and provide new functions for staging artifact bundle and verifying that staging repositories follow user configurable rule sets.
- Support for Staging Rulesets: Nexus Professional 1.4 provides administrators with the ability to define a set of rules to apply to staging repositories before they can be promoted. The 1.4 release can validate that staging repositories contain valid POMs, valid PGP signatures, javadocs, and sources for all artifacts. The rules are pluggable and we expect to add more rules in the near future to support the Apache repository and our OSS hosting repository
- Support for Uploading Artifact Bundles: The staging plugin now accepts artifact bundle uploads. Artifact bundles are archives which contain one or more associated artifacts, they are used to publish artifacts to the Central Maven repository, and you can use Artifact bundles to validate artifacts uploaded to Nexus.
- General Usability Improvements in the Staging Plugin: This release of the Staging plugin focused on usability, the Staging plugin is full of improvements that make the user interface more intuitive and easier to use.
- User Account Plugin – The User Account Plugin in Nexus Professional gives unauthenticated Nexus users the ability to sign-up for a Nexus account. When this feature is enabled, a new user would click a sign-up link, fill out a simple profile form, read a captcha, and then activate a new account via an email confirmation message. Nexus Administrators can configure the default roles and permissions that are granted to newly signed up users.
- Repository Summary Panel – The repository summary panel provides statistics and configuration information for a specific repository. Users can consult the repository summary panel to gather the necessary distribution management settings for Maven configuration.
- Security Improvements – Many improvements to the user security model. In general, it is now easier to configure custom role mappings for externally managed users, and Sonatype has paid close attention to the user interface for managing users and roles. It is easier than ever to configure and secure a Nexus repository.
- New User Role Tree: Click on a user and then click on the user role tree to see how each role contributes to the permissions for a particular user.
- New User Privilege Trace feature: this features allows Nexus administrators to pinpoint which roles contribute which permissions to a particular user. While the user role tree provides an intuitive interface that lists role in a hierarchy, the privilege trace panel under user administration provides an alternate view. Click on a particular permission to find the roles contribute that permission to a user.
- New Role Tree: Since a Nexus role can consist of both roles and privileges, we’ve provided an intuitive tree browser that allows an administrator to browse the hierarchy of roles and privileges associated with a Nexus Role.
- Fine-grained control of View Repository Privilege: Nexus added the ability to configure a role to prevent users from browsing particular repositories. This is used to provide a cleaner view to users, for example to show them only groups they use via Maven and not confuse them with all the repositories aggregated by that group.
- Integration with Atlassian Crowd – Atlassian Crowd is a capable user and directory management system that can consolidate authorization and authentication to a central server. Nexus Professional’s Atlassian Crowd plugin provides seamless integration between Nexus and Atlassian’s Crowd server.
- Automated Nexus Error Reporting – Nexus 1.4 ships with an automated error repository system which can be configured to report Nexus exceptions and errors to the Nexus Issue Tracker. If configured, the system will send data to Sonatype’s Jira instance. The information contained includes the configuration (all passwords are obfuscated) as well as a file list of the repositories and exception traces. All of this data is encrypted using public-key cryptography so only Sonatype can view the contents. We expect that this information will allow us to further refine the stability of Nexus.
- Upgrades to the Nexus Book
- A new chapter on Nexus Best Practices.
- A new chapter on publishing web sites to Nexus.
- Over 100 corrections and clarifications.
- Over 80 new figures and diagrams.
- Addition of a New Nexus Book Cover with the Nexus Logo
On larger projects, additional dependencies often tend to creep into a POM as the number of dependencies grow. As dependencies change, you are often left with dependencies that are not being used, and just as often, you may forget to declare explicit dependencies for libraries you require. Because Maven 2.x includes transitive dependencies in the compile scope, your project may compile properly but fail to run in production. Consider a case where a project uses classes from a widely used project such as Jakarta Commons BeanUtils. Instead of declaring an explicit dependency on BeanUtils, your project simply relies on a project like Hibernate that references BeanUtils as a transitive dependency. Your project may compile successfully and run just fine, but if you upgrade to a new version of Hibernate that doesn’t depend on BeanUtils, you’ll start to get compile and runtime errors, and it won’t be immediately obvious why your project stopped compiling. Also, because you haven’t explicitly listed a dependency version, Maven cannot resolve any version conflicts that may arise.
Continuing the series of articles, let’s check how we do integration tests for nexus plugins.
The kungfu virus scanner
The kungfu virus scanner is a simple nexus plugin. It will prevent nexus from caching infected files (it will still serve the file, but won’t cache it). To know if a file is infected or not, there is a “sophisticated” algorithm that checks if the file has the word “infected” in its name. It is used for demonstration purposes only and is useless for everything else. You can download its source files here.
To run our test, first of all, we will need a Nexus instance that will be launched and used to hold the plugin being tested. Originally we used the maven-dependency-plugin to unpack the Nexus bundle. Then, we used the same to copy the plugin under test to nexus plugin-repository directory. This alone would mean about 20 lines in the POM and no potential for reuse between different plugins, so we decided to write a specific testing plugin to create the environment required by Nexus plugins. Thus was born the nexus-test-environment-maven-plugin (we should come up with a shorter name =D ).
If you’re in the area, come visit us at the ApacheCon. We will be having a free Apache Maven meetup in Room 5.
The agenda will be driven by the attendees. I will come prepared to talk about the changes to Maven 3 and how we’ll get there from where we are today.
The meeting will begin at 8pm (doors open @ 7:30) on Tuesday, November 3rd 2009
See who’s coming, add your name and agenda ideas to the page here: https://docs.sonatype.org/display/COMM/Maven+Meetup+at+US+Apache+Con+09