Maven Dependencies Failing With a 501 Error “HTTPS Required” – Maven 依赖项出现 501 错误 “需要 HTTPS”

最后修改: 2024年 1月 15日

中文/混合/英文(键盘快捷键:t)

1. Overview

1.概述

In this tutorial, we’ll learn about the error “Return code is: 501, ReasonPhrase: HTTPS Required”. We’ll start by understanding what this error means, and then explore the steps to resolve it.

在本教程中,我们将了解错误 “Return code is:501, ReasonPhrase: HTTPS Required”。我们将首先了解该错误的含义,然后探讨解决该错误的步骤。

2. Maven Moving to HTTPS

2.Maven 迁移到 HTTPS

Maven ensures the automatic download of external libraries from the Maven central repository. However, downloading over HTTP raises security concerns, such as the risk of man-in-the-middle (MITM) attacks. During this attack, malicious code may be injected during the build phase, which can infect the downstream components and their end-users.

Maven 可确保从 Maven 中央资源库自动下载外部库。但是,通过 HTTP 下载会引发安全问题,例如中间人(MITM)攻击的风险。在这种攻击中,恶意代码可能会在构建阶段被注入,从而感染下游组件及其终端用户。

To maintain data integrity and encryption, the Maven Central Repository from January 15, 2020, has stopped communication over HTTP. It means any attempts to access the central repository with HTTP will result in an error “Return code is: 501, ReasonPhrase: HTTPS Required”. To fix this, we need to ensure that dependencies are fetched using HTTPS instead of HTTP.

为保持数据完整性和加密,Maven 中央资源库自 2020 年 1 月 15 日起停止通过 HTTP 通信。这意味着任何通过 HTTP 访问中央资源库的尝试都将导致错误 “Return code is:501, ReasonPhrase: HTTPS Required”。要解决这个问题,我们需要确保使用 HTTPS 而不是 HTTP 抓取依赖项。

3. Update Maven Version

3.更新 Maven 版本

From Maven version 3.2.3, the central repository is, by default, accessed via HTTPS. If we’re using an older version of Maven, we can update the Maven version to 3.2.3 or later to fix the error.

从 Maven 3.2.3 版开始,中央资源库默认通过 HTTPS 访问。如果我们使用的是旧版本的 Maven,可以将 Maven 版本升级到 3.2.3 或更高版本,以修复错误。

To update the Maven version, we can download the latest stable build version from the official Apache Maven download page.

要更新 Maven 版本,我们可以从官方 Apache Maven 下载页面下载最新的稳定构建版本。

4. Restrict the Current Maven Version to Use HTTPS Links

4.限制当前 Maven 版本使用 HTTPS 链接

Maven provides a settings file, settings.xml, which we can use to configure the Maven installation. This settings.xml file contains all the local and remote repositories links. To fix this error, we need to make sure that we’re using HTTPS in Maven settings. Here are the steps to verify and update the Maven settings:

Maven 提供了一个设置文件settings.xml,我们可以用它来配置 Maven 安装。该settings.xml文件包含所有本地和远程版本库链接。要修复这个错误,我们需要确保在 Maven 设置中使用 HTTPS。以下是验证和更新 Maven 设置的步骤:

4.1. Fix mirrors Section in settings.xml

4.1.修复 settings.xml 中的 mirrors 部分

If a <mirrors> section exists in the settings.xml file, we need to make sure the URL for the mirror is https://repo.maven.apache.org/maven2/. If the section doesn’t exist, we can add it like this:

如果 settings.xml 文件中存在 部分,我们需要确保镜像的 URL 是 https://repo.maven.apache.org/maven2/。如果该部分不存在,我们可以这样添加:

<mirrors>
    <mirror>
        <id>central</id>
        <url>https://repo.maven.apache.org/maven2/</url>
        <mirrorOf>central</mirrorOf>
    </mirror>
</mirrors>

4.2. Fix pluginRepositories Section in settings.xml

4.2.修复 settings.xml 中的 pluginRepositories 部分

Similar to the mirrors section, we may also have a pluginRepositories section where we need to use the URL with HTTPS:

与镜像部分类似,我们可能也需要在 pluginRepositories 部分使用 HTTPS URL:

<pluginRepositories>
    <pluginRepository>
        <id>central</id>
        <url>https://repo.maven.apache.org/maven2/</url>
    </pluginRepository>
</pluginRepositories>

4.3. Fix repositories Section in pom.xml

4.3.修复 pom.xml 中的 repositories 部分

The pom.xml file also contains a repository section where we need to use the URL with HTTPS:

pom.xml 文件还包含一个版本库部分,我们需要在其中使用 HTTPS URL:

<repositories>
    <repository>
        <id>central</id>
        <name>Central Repository</name>
        <url>https://repo.maven.apache.org/maven2</url>
        <layout>default</layout>
        <snapshots>
            <enabled>false</enabled>
        </snapshots>
    </repository>
</repositories>

After making these changes, Maven should download the dependencies over HTTPS.

作出这些更改后,Maven 将通过 HTTPS 下载依赖项。

5. Fix When the Build Environment Doesn’t Support HTTPS

5.修复构建环境不支持 HTTPS 的问题

Sometimes, we may face technical constraints, such as using JDK6 in the build environments or lacking HTTPS support. These limitations can impede our transition to HTTPS.

有时,我们可能会面临技术限制,例如在构建环境中使用 JDK6 或缺乏 HTTPS 支持。这些限制可能会阻碍我们向 HTTPS 过渡。

To support such scenarios, the Maven team has established a dedicated domain for insecure traffic. We can replace all the existing references with this URL to facilitate downloads over HTTP.

为支持此类场景,Maven 团队为不安全流量建立了一个专用域。我们可以用该 URL 替换所有现有引用,以方便通过 HTTP 下载。

6. Conclusion

6.结论

In this tutorial, we explored the different ways to resolve the “Return code is: 501, ReasonPhrase: HTTPS Required” error. First, we explored the basic details of the error.

在本教程中,我们探讨了解决 “Return code is:501, ReasonPhrase: HTTPS Required “错误的不同解决方法。首先,我们探讨了该错误的基本细节。

Afterward, we looked at the fix by updating the Maven version or fixing the settings.xml file.

之后,我们通过更新 Maven 版本或修复 settings.xml 文件来查看修复情况。