An error similar to the following is shown when the build fails:[ERROR] Some problems were encountered while processing the POMs: [ERROR] Non-resolvable import POM: Could not transfer artifact org.glassfish.grizzly:grizzly-bom:pom:2.3.36-forgerock-0 from/to maven-default-http-blocker (http://0.0.0.0/): Blocked mirror for repositories: [forgerock-internal-releases (http://maven.forgerock.org/repo/internal-releases, default, releases), forgerock-internal-snapshots (http://maven.forgerock.org/repo/internal-snapshots, default, snapshots)] @ org.forgerock.commons:commons-bom:24.0.44, /Users/jdoe/.m2/repository/org/forgerock/commons/commons-bom/24.0.44/commons-bom-24.0.44.pom, line 318, column 25
Upgraded Maven to 3.8.1 or later.
Maven 3.8.1 removes support for accessing Maven repositories over HTTP for security reasons. See Maven Release Notes - CVE-2021-26291 for further information.
Pre-7.1 releases in the ForgeRock Maven repositories use HTTP, which means they won't build using Maven 3.8.1 or later. However, ForgeRock redirects all HTTP requests for Maven repositories to HTTPS, which allows mirror repositories to be safely used.
This issue can be resolved by adding mirror repositories (using mirrorOf) to the ~/.m2/settings.xml file to redirect the mirrors referenced in the Maven error to HTTPS. You will also need to add corresponding server entries for the new mirror repositories.
The following example adds the most commonly needed mirrors, however, you may need additional mirrors (for example, forgerock-third-party) depending on what you are building. Check what mirrors are referenced in the Maven error, and add any additional mirror repositories and server entries needed to allow you to build successfully.
- Add the following mirrors to your settings.xml file:<mirrors> <mirror> <id>forgerock-internal-releases-mirror</id> <name>ForgeRock Internal Releases Repository mirror</name> <url>https://maven.forgerock.org/repo/internal-releases</url> <mirrorOf>forgerock-internal-releases</mirrorOf> </mirror> <mirror> <id>forgerock-internal-snapshots-mirror</id> <name>ForgeRock Internal Snapshots Repository mirror</name> <url>https://maven.forgerock.org/repo/internal-snapshots</url> <mirrorOf>forgerock-internal-snapshots</mirrorOf> </mirror> </mirrors>
- Add the following server entries to your settings.xml file for these new ids (replacing the username/password fields with your username and encrypted password strings from the settings.xml file):<server> <username>xxxx</username> <password>xxxx</password> <id>forgerock-internal-releases-mirror</id> </server> <server> <username>xxxx</username> <password>xxxx</password> <id>forgerock-internal-snapshots-mirror</id> </server>