Version 2

    This page documents the limitations of the current system and describes some requirements for the future system.


    Current Authentication Mechanism


    The old Maven repository ( used svn ( to deploy and track artifacts.  User access was controlled by the Apache authz_svn module.


    In order to maintain compatibility with the previous system, Nexus is configured to use a custom plugin which validates user credentials against the old svn server over https.  The main limitation of this configuration is that users are granted access to the server via a single role in Nexus.  This means that only a single set of permissions can be applied to users authenticated via svn.



    Requirements for the New Security System


    The team is currently in the process of designing a new security system.  The new system should meet the following requirements to better support the Maven repository.


    • There system must support multiple levels of authorization.  For example user groups which map to security roles in Nexus.  Currently Nexus only supports LDAP for mapping external groups to roles.
    • The management of users must be decentralized (i.e. the Maven repository admin is able to grant/deny access to the Maven repo, but not access security settings for other systems in
    • The Maven repository (Nexus) must send all authentication requests over a secure channel such as SSL.