The Programmer's Guide
  • About
  • Algorithm
    • Big O Notation
      • Tree
      • Problems
    • Basic Notes
    • Data Structure Implementation
      • Custom LinkedList
      • Custom Stack
      • Custom Queue
      • Custom Tree
        • Binary Tree Implementation
        • Binary Search Tree Implementation
        • Min Heap Implementation
        • Max Heap Implementation
        • Trie Implementation
      • Custom Graph
        • Adjacency List
        • Adjacency Matrix
        • Edge List
        • Bidirectional Search
    • Mathematical Algorithms
      • Problems - Set 1
      • Problems - Set 2
    • Bit Manipulation
      • Representation
      • Truth Tables
      • Number System
        • Java Program
      • Problems - Set 1
    • Searching
    • Sorting
    • Array Algorithms
    • String Algorithms
    • Tree
      • Tree Traversal Techniques
      • Tree Implementation
      • Applications of Trees
      • Problems - Set 1
    • Graph
      • Graph Traversal Techniques
      • Shortest Path Algorithms
      • Minimum Spanning Tree (MST) Algorithms
    • Dynamic Programming
      • Problems - Set 1
    • Recursion
    • Parallel Programming
    • Miscellaneous
      • Problems - Set 1
  • API
    • API Basics
      • What is an API?
      • Types of API
        • Comparison - TBU
      • Synchronous vs Asynchronous API
    • API Architecture
      • Synchronous & Asynchronous Communication
    • API Specification
      • OpenAPI - TBD
    • API Design Principles - TBU
      • RESTful API Principles
      • Rate Limiting & Pagination - TBU
      • Idempotency & Statelessness - TBU
    • API Security & Authentication - TBU
      • OAuth 2.0, JWT, API Keys - TBU
      • Rate Limiting & Throttling - TBU
      • CORS in API - TBU
    • REST API - TBD
      • HTTP Status Code
      • HTTP Verbs or Methods
      • HTTP Headers
      • Query Parameters & Path Parameters - TBU
      • Content Types - TBU
  • Cloud Computing
    • Cloud Fundamentals
      • Cloud Terminology
      • Core Terminology
      • Cloud Models
      • Cloud Service Models
      • Benefits, Challenges and Risk of Cloud Computing
      • Cloud Ecosystem
  • Database
    • DBMS
      • Types of DBMS
        • Relational DBMS (RDBMS)
        • NoSQL DBMS
        • Object-Oriented DBMS (OODBMS)
        • Columnar DBMS
        • In-Memory DBMS
        • Distributed DBMS
        • Cloud-Based DBMS
        • Hierarchical DBMS
      • DBMS Architecture
      • DBMS Structure
    • SQL Databases
      • Terminology
      • RDBMS Concepts
        • Entity Relationship Diagram (ERD)
          • ERD Examples
        • Normalization
        • Denormalization
        • ACID & BASE Properties
          • ACID Properties
          • BASE Properties
      • SQL Fundamentals
        • SQL Commands
          • DDL (Data Definition Language)
          • DML (Data Manipulation Language)
          • DCL (Data Control Language)
          • TCL (Transaction Control Language)
          • DQL (Data Query Language)
        • SQL Operators
          • INTERSECT
          • EXCEPT
          • MINUS
          • IN and NOT IN
          • EXISTS and NOT EXISTS
        • SQL Clauses
          • Joins
          • OVER
          • WITH
          • CONNECT BY
          • MODEL
          • FETCH FIRST
          • KEEP
          • OFFSET with FETCH
        • SQL Functions
          • Oracle Specific
        • Others
          • Views
          • Indexing - TBU
          • Transactions - TBU
          • Triggers - TBU
      • Vendor-Specific Concepts
        • Oracle Specific
          • Rownum vs Rowid
          • Order of Execution of the query
          • Keys
          • Tablespace
          • Partition
      • Best Practice
      • Resources & References
        • O’Reilly SQL Cookbook (2nd Edition)
          • 1. Retrieving Records
          • 2. Sorting Query Results
          • 3. Working with Multiple Tables
          • 4. Inserting, Updating, and Deleting
          • 5. Metadata Queries
          • 6. Working with Strings
          • 7. Working with Numbers
          • 8. Date Arithmetic
          • 9. Date Manipulation
          • 10. Working with Ranges
          • 11. Advanced Searching
          • 12. Reporting and Reshaping
          • 13. Hierarchical Queries
          • 14. Odds 'n' Ends
    • NoSQL Databases -TBU
      • Concepts
      • Types of NoSQL
        • Document Stores
        • Key-Value Stores
        • Column-Family Stores
        • Graph Databases
    • SQL vs NoSQL
    • Best Practices
  • Git
    • Internals of Git [TBD]
    • Commands
      • Setup and Configuration Commands
      • Getting and Creating Projects
      • Tracking Changes
      • Branching and Merging
      • Sharing and Updating Projects
      • Inspection and Comparison
      • Debugging
      • Patching
      • Stashing and Cleaning
      • Advanced Manipulations
      • Other Commands
    • Workflows
  • Java
    • Java Installation
    • Java Overview
      • OOP Principles
        • Encapsulation
        • Inheritance
        • Polymorphism
        • Abstraction
          • Abstract Class & Method
          • Interface
            • Functional Interfaces
            • Marker Interfaces
          • Abstract Class vs Interface
      • OOP Basics
        • What is a Class?
          • Types of Classes
        • What is an Object?
          • Equals and HashCode
            • FAQ
          • Shallow Copy and Deep Copy
          • Ways to Create Object
          • Serialization & Deserialization
        • Methods & Fields
          • Method Overriding & Overloading
          • Method Signature & Header
          • Variables
        • Constructors
        • Access Modifiers
      • Parallelism and Concurrency
        • Ways to Identify Thread Concurrency or Parallelism
        • Thread Basics
          • Thread vs Process
          • Creating Threads
          • Thread Context Switching
          • Thread Lifecycle & States
          • Runnable & Callable
          • Types of Threads
          • Thread Priority
        • Thread Management & Synchronisation
          • Thread Resource Sharing
          • Thread Synchronization
            • Why is Synchronization Needed?
            • Synchronized Blocks & Methods
          • Thread Lock
            • Types of Locks
            • Intrinsic Lock (Monitor Lock)
            • Reentrant Lock
          • Semaphore
          • Thread Starvation
          • Thread Contention
          • Thread Deadlock
          • Best Practices for Avoiding Thread Issues
      • Keywords
        • this
        • super
        • Access Modifiers
      • Data Types
        • Default Values
        • Primitive Types
          • byte
          • short
          • int
          • long
          • float
          • double
          • char
          • boolean
        • Non-Primitive (Reference) Types
          • String
            • StringBuilder
            • StringBuffer
              • Problems
            • Multiline String
            • Comparison - String, StringBuilder & StringBuffer
          • Array
          • Collections
            • List
              • Array vs List
              • ArrayList
              • Vector
                • Stack
                  • Problems
              • LinkedList
            • Queue
              • PriorityQueue
              • Deque (Double-Ended Queue)
                • ArrayDeque
                • ConcurrentLinkedDeque - TBU
                • LinkedBlockingDeque - TBU
            • Map
              • HashMap
              • Hashtable
              • LinkedHashMap
              • ConcurrentHashMap
              • TreeMap
              • EnumMap
              • WeakHashMap
            • Set
              • HashSet
              • LinkedHashSet
              • TreeSet
              • EnumSet
              • ConcurrentSkipListSet
              • CopyOnWriteArraySet
        • Specialized Classes
          • BigInteger
          • BigDecimal
            • Examples
          • BitSet
          • Date and Time
            • Examples
          • Optional
          • Math
          • UUID
          • Scanner
          • Formatter
            • Examples
          • Properties
          • Regex (Pattern and Matcher)
            • Examples
          • Atomic Classes
          • Random
          • Format
            • NumberFormat
            • DateFormat
            • DecimalFormat
        • Others
          • Object
          • Enum
            • Pre-Defined Enum
            • Custom Enum
            • EnumSet and EnumMap
          • Record
          • Optional
          • System
          • Runtime
          • ProcessBuilder
          • Thread and ThreadGroup - TBU
          • Class
          • Void
          • Throwable
            • Error
            • Exception
              • Custom Exception Handling
              • Best Practice
            • Error vs Exception
            • StackTraceElement
          • Logger - TBU
          • ResourceBundle - TBU
    • Java Features by Version
      • How New Java Features are Released ?
      • Java Versions
        • Java 8
        • Java 9
        • Scoped Values
        • Unnamed Variables & Patterns
      • Java Distributions
      • FAQ
    • Concepts
      • Set 1
        • Streams
          • flatmap
          • Collectors Utility Class
          • Problems
        • Functional Interfaces
          • Standard Built-In Interfaces
          • Custom Interfaces
        • Annotation
          • Custom Annotation
          • Meta Annotation
        • Generics
          • Covariance and Invariance
        • Asynchronous Computation
          • Future
          • CompletableFuture
          • Future v/s CompletableFuture
          • ExecutorService
            • Thread Pool
            • Types of Work Queues
            • Rejection Policies
            • ExecutorService Implementations
            • ExecutorService Usage
          • Locks, Atomic Variables, CountDownLatch, CyclicBarrier - TBU
          • Parallel Streams, Fork/Join Framework,Stream API with Parallelism - TBU
      • Set 2
        • ISO Standards
        • Localization - TBD
        • Operator Precedence
      • Set 3
        • Date Time Formatter
      • Set 4
        • Input from User
        • Comparison & Ordering
          • Object Equality Check
          • Comparable and Comparator
            • Comparator Interface
          • Sorting of Objects
          • Insertion Ordering
    • Core Packages
      • java.lang
        • java.lang.System
        • java.lang.Thread
    • Code Troubleshoot
      • Thread Dump
      • Heap Dump
    • Code Style
      • Naming Convention
    • Tools
      • IntelliJ IDEA
        • Shortcuts for MAC
      • Apache JMeter
        • Examples
      • Thread Dump Capture
        • jstack
        • VisualVM - TBU
        • jcmd - TBU
        • JConsole - TBU
        • YourKit Java Profiler - TBU
        • Eclipse MAT - TBU
        • IntelliJ IDEA Profiler - TBU
        • AppDynamics - TBU
        • Dynatrace - TBU
        • Thread Dump Analyzers - TBU
      • Heap Dump Capture
        • jmap
        • VisualVM - TBU
        • jcmd - TBU
        • Eclipse MAT (Memory Analyzer Tool) - TBU
        • IntelliJ IDEA Profiler - TBU
        • YourKit Java Profiler - TBU
        • AppDynamics - TBU
        • Dynatrace - TBU
        • Kill -3 Command - TBU
        • jhat (Java Heap Analysis Tool) - TBU
        • JVM Options - TBU
      • Wireshark
        • Search Filters
    • Best Practices
      • Artifact and BOM Versioning
  • Maven
    • Installation
    • Local Repository & Configuration
    • Command-line Options
    • Build & Lifecycle
    • Dependency Management
      • Dependency
        • Transitive Dependency
        • Optional Dependency
      • Dependency Scope
        • Maven Lifecycle and Dependency Scope
      • Dependency Exclusions & Overrides
      • Bill of Materials (BOM)
      • Dependency Conflict Resolution
      • Dependency Tree & Analysis
      • Dependency Versioning Strategies
    • Plugins
      • Build Lifecycle Management
      • Dependency Management
      • Code Quality and Analysis
      • Documentation Generation
      • Code Generation
      • Packaging and Deployment
      • Reporting
      • Integration and Testing
      • Customization and Enhancement
        • build-helper-maven-plugin
        • properties-maven-plugin
        • ant-run plugin
        • exec-maven-plugin
        • gmavenplus-plugin
      • Performance Optimization
    • FAQs
      • Fixing Maven SSL Issues: Unable to Find Valid Certification Path
  • Spring
    • Spring Basics
      • What is Spring?
      • Why Use Spring
      • Spring Ecosystem
      • Versioning
      • Setting Up a Spring Project
    • Core Concepts
      • Spring Core
        • Dependency Injection (DI)
        • Stereotype Annotation
      • Spring Beans
        • Bean Lifecycle
        • Bean Scope
          • Singleton Bean
        • Lazy & Eager Initialization
          • Use Case of Lazy Initialization
        • BeanFactory
        • ApplicationContext
      • Spring Annotations
        • Spring Boot Specific
        • Controller Layer (Web & REST Controllers)
        • Service Layer (Business Logic)
        • Repository Layer (Data Access)
        • Dependency Injection & Configuration
        • Validation & Binding
        • Caching
        • AOP (Aspect-Oriented Programming)
        • Scheduling
        • Testing - TBU
        • Security
    • Spring Features
      • Spring Caching
        • In-Memory Caching
      • Spring AOP
        • Before Advice
        • After Returning Advice
        • After Throwing Advice
        • After (finally) Advice
        • Around Advice
      • Spring File Handling
        • Apache Camel - TBU
          • Local Docker Setup for SFTP Server
      • Reactive Programming
        • Reactive System
        • Reactive Stream Specification
        • Project Reactor
          • Mono & Flux
      • Asynchronous Computation
        • @Async annotation
        • Context Propagation - TBU
      • Spring Security
        • Authentication
          • Core Components
            • Security Filter Chain
              • HttpSecurity
              • Example
            • AuthenticationManager
            • AuthenticationProvider
            • UserDetailsService
              • UserDetails
              • PasswordEncoder
            • SecurityContext
            • SecurityContextHolder
            • GrantedAuthority
            • Security Configuration (Spring Security DSL)
          • Authentication Models
            • One-Way Authentication
            • Mutual Authentication
          • Authentication Mechanism
            • Basic Authentication
            • Form-Based Authentication
            • Token-Based Authentication (JWT)
            • OAuth2 Authentication
            • Multi-Factor Authentication (MFA)
            • SAML Authentication
            • X.509 Certificate Authentication
            • API Key Authentication
            • Remember-Me Authentication
            • Custom Authentication
          • Logout Handling
        • Authorization
        • Security Filters and Interceptors
        • CSRF
          • Real-World CSRF Attacks & Prevention
        • CORS
        • Session Management and Security
        • Best Practices
      • Spring Persistence
        • JDBC
          • JDBC Components
          • Best Practices in JDBC Usage
        • JPA (Java Persistence API)
          • JPA Fundamentals
          • ORM Mapping Annotations
            • 1. Entity and Table Mappings
            • 2. Field/Column Mappings
            • 3. Relationship Mappings
            • 4. Inheritance Mappings
            • 5. Additional Configuration Annotations
          • Querying Data
            • JPQL
            • Criteria API
            • JPA Specification
              • Example - Employee Portal
            • Native SQL Queries
            • Named Queries
            • Query Return Types
            • Pagination & Sorting
              • Example - Employee Portal
            • Projection
          • Fetch Strategies in JPA
        • JPA Implementation
          • Hibernate
            • Properties
            • Example
        • Spring Data JPA
          • Repository Abstractions
          • Entity-to-Table Mapping
          • Derived Query Methods
        • Examples
          • Employee Portal
            • API
    • Distributed Systems & Communication
      • Distributed Scheduling
      • Distributed Tracing
      • Inter-Service Communication
        • 1. RestTemplate
        • 2. WebClient
        • 3. OpenFeign
        • Retry Mechanism
          • @Retryable annotation
            • Example
    • Security & Data Protection
      • Encoding | Decoding
        • Types
          • Base Encoding
            • Base16 - TBD
              • Encoding and Decoding in Java - TBD
            • Base32
              • Encoding and Decoding in Java
            • Base64 -TBD
              • Encoding and Decoding in Java - TBD
          • Text Encoding - TBD
            • Extended ASCII
              • Encoding and Decoding in Java - TBD
                • ISO-8859-1
                • Windows-1252 - TBD
                • IBM Code Pages - TBD
            • ASCII
              • Encoding and Decoding in Java
        • Java Guidelines
          • Text Encoding Decoding Examples
          • Base Encoding Decoding Examples
          • Best Practices and Concepts
          • Libraries
      • Cryptography
        • Terminology
        • Java Cryptography Architecture (JCA)
        • Key Management
          • Key Generation
            • Tools and Libraries
              • OpenSSL
              • Java Keytool
                • Concept
                • Use Cases
            • Key & Certificate File Formats
          • Key Distribution
          • Key Storage
          • Key Rotation
          • Key Revocation
        • Encryption & Decryption
          • Symmetric Encryption
            • Algorithm
            • Modes of Operation
            • Examples
          • Asymmetric Encryption
            • Algorithm
            • Mode of Operation
            • Examples
    • Utilities & Libraries
      • Apache Libraries
        • Apache Camel
          • Camel Architecture
            • Camel Context
            • Camel Endpoints
            • Camel Components
            • Camel Exchange & MEP
          • Spring Dependency
          • Different Components
            • Camel SFTP
        • Apache Commons Lang
      • MapStruct Mapper
      • Utilities by Spring framework
        • FileCopyUtils
    • General Concepts
      • Spring Boot Artifact Packaging
      • Configuration: Mapping Properties to Java Class
    • Best Practice
  • Software Testing
    • Software Testing Methodologies
      • Functional Testing
      • Non Functional Testing
    • Software Testing Life Cycle (STLC)
    • Integration Test
      • Dynamic Property Registration
    • Java Test Framework
      • JUnit
        • JUnit 4
          • Examples
        • JUnit 5
          • Examples
        • JUnit 4 vs JUnit 5
  • System Design
    • Low-Level Design (LLD)
      • Programming Paradigms
      • Design Pattern
        • Creational Pattern
        • Structural Pattern
        • Behavioral Pattern
        • Examples
          • Data Collector
          • Payment Processor
      • Object-Oriented Design
        • SOLID Principles
        • GRASP Principles
        • Composition
        • Aggregation
        • Association
      • Design Enhancements
        • Fluent API Design
          • Examples
    • High-Level Design (HLD)
      • CAP Theorem
      • Load Balancer
        • Load Balancer Architecture
        • Load Balancing in Java Microservices
          • Client-Side Load Balancing Example
          • Server-Side Load Balancing Example
        • Load Balancer Monitoring Tool
      • Architecture
        • Event Driven Architecture
          • Event-Driven Microservices
          • Handling Failures & Retry Mechanisms
          • Event Schema Design (Avro, JSON, Protobuf)
          • Persistence & Non-Persistence Queues
          • Technologies & Frameworks
            • ActiveMQ - TBU
            • Kafka - TBU
      • Scaling
        • Vertical Scaling (Scaling Up)
        • Horizontal Scaling (Scaling Out)
        • Auto-Scaling
        • Database Scaling via Sharding
      • Networking Metrics
        • Types of Delay
        • Scenario
      • System Characteristics
      • Workload Types
      • Resilience & Failure Handling
    • Security
      • Security by Design
      • Zero Trust Security Model
      • Zero Trust Architecture
      • Principles
        • CIA
        • Least Privilege Principle
        • Defense in Depth
      • Security Threats & Mitigations
        • OWASP
          • Top 10 Security Threats
          • Application Security Verification Standard
          • Software Assurance Maturity Model
          • Dependency Check
          • CSRFGuard
          • Cheat Sheets
          • Security Testing Guide
          • Threat Dragon
        • Threat Modeling
      • Compliance & Regulation
        • PCI DSS
    • Deployment Patterns
    • Diagrams
      • UML Diagrams
        • PlantUML
          • Class Diagram
          • Object Diagram
          • Sequence Diagram
          • Use Case Diagram
          • Activity Diagram
          • State Diagram
          • Architecture Diagram
          • Component Diagram
          • Timing Diagram
          • ER Diagram (Entity-Relationship)
          • Network Diagram
    • Common Terminologies
  • Web Communication and Security
    • IT Security
      • IAM (Identity and Access Management)
        • Authentication
        • Keycloak
          • Terminologies
          • Token Verification
    • Server in Java
      • Application Server
      • Web Server
    • User Flows
  • Interview Guide
    • Non-Technical
      • Behavioural or Introductory Guide
      • Project Specific
    • Technical
      • Java Interview Companion
        • Java Key Concepts
          • Set 1
          • Set 2
        • Java Code Snippets
        • Java Practice Programs
          • Set 1 - Maths theory & Pattern
          • Set 2 - Arrays
          • Set 3 - Strings
          • Set 4 - Search
          • Set 5 - Streams and Collection
      • SQL Interview Companion
        • SQL Practice Problems
          • Set 1
      • Spring Interview Companion
        • Spring Key Concepts
          • Set 1 - General
          • Set 2 - Core Spring
        • Spring Code Snippets
      • Application Server
      • Maven
      • Containerized Application
      • Microservices
    • General
      • Applicant Tracking System (ATS)
      • General Interview Preparation Tips - TBU
      • Flowchart - How to Solve Coding Problem?
  • Personal Projects
    • Hackathon
Powered by GitBook
On this page
  • About
  • What is the Local Repository?
  • Global & User Level Settings
  • 1. Global settings.xml
  • 2. User settings.xml
  • 3. Precedence and Override Behavior
  • The .m2 Directory
  • Structure of .m2 Directory
  • Local Repository (repository/)
  • About
  • Usage
  • Default Location
  • Customizing Location
  • Maintenance
  • User-Specific Configuration File (settings.xml)
  • About
  • Default Location
  • Key Configurable Elements
  • Security
  • Sample settings.xml File
  • Security Configuration (settings-security.xml)
  • About
  • Default Location
  • How It Works ?
  • Purpose
  • Sample settings-security.xml File

Was this helpful?

  1. Maven

Local Repository & Configuration

About

Apache Maven uses a local repository and configuration files to manage dependencies, plugins, and build settings. Understanding the structure and customization options of Maven's local repository and configuration files is essential for effectively managing Maven-based projects.

What is the Local Repository?

The local repository is a directory on the developer's machine where Maven stores all the project dependencies, plugins, and artifacts that it downloads from remote repositories such as Maven Central.

Default Location

  • Windows: C:\Users\<username>\.m2\repository

  • macOS/Linux: /Users/<username>/.m2/repository or ~/.m2/repository

Purpose

  • Acts as a cache to avoid downloading dependencies multiple times.

  • Improves build performance and offline capabilities.

  • Custom-built artifacts and third-party JARs not available in public repositories can also be installed here using the mvn install command.

Global & User Level Settings

Maven supports two levels of configuration files: global settings and user-specific settings.

Understanding the difference between them is essential when managing shared environments or customizing Maven for individual developers.

1. Global settings.xml

  • Location: <MAVEN_HOME>/conf/settings.xml (e.g., /opt/apache-maven-3.9.6/conf/settings.xml on Unix-based systems or C:\Program Files\Apache\maven-x.y.z\conf\settings.xml on Windows)

  • Scope: Applies system-wide, meaning it affects all users on the machine who run Maven using that installation.

  • Purpose:

    • Define default configurations for all users (e.g., corporate mirrors, proxies).

    • Useful in enterprise setups or build environments (e.g., CI/CD agents).

    • Avoid putting user-specific credentials or local paths here.

  • Editing Notes: Requires admin or write access to the Maven installation directory. Avoid making unnecessary changes to prevent affecting all builds globally.

2. User settings.xml

  • Location: ~/.m2/settings.xml (e.g., /Users/john/.m2/settings.xml on macOS/Linux or C:\Users\john\.m2\settings.xml on Windows)

  • Scope: Applies only to the current user. Overrides corresponding values in the global settings.xml.

  • Purpose:

    • Customize Maven behavior for a specific developer.

    • Store personal repository credentials, custom profiles, proxies, or environment-specific configurations.

    • Keeps user-level customizations isolated and easy to manage.

  • Editing Notes: Does not require admin access. Safe to modify. If the file does not exist, it can be created manually.

3. Precedence and Override Behavior

When both files are present:

  • Maven first reads the global settings.xml.

  • Then it overlays values from the user-level settings.xml.

  • This means values in the user file take priority over the global settings if both define the same element (e.g., mirrors, servers, profiles).

The .m2 Directory

.m2 is a hidden directory in our user’s home folder created by Maven. It stores configuration files and the local repository of downloaded Maven dependencies.

Default Location

  • Windows: C:\Users\<username>\.m2\

  • macOS/Linux: /Users/<username>/.m2/ or ~/.m2/repository

Structure of .m2 Directory

.m2/
├── repository/          # Local cache of all downloaded dependencies
├── settings.xml         # Optional user-specific Maven configuration
└── settings-security.xml  # Encrypted passwords (optional)

repository/

  • Contains all Maven artifacts (JARs, POMs) that Maven has downloaded.

  • Helps avoid downloading dependencies repeatedly from the internet.

  • We can safely delete this folder to force Maven to re-download all dependencies.

settings.xml

  • This file is used to override default Maven settings.

  • It is not created by default - we need to create it manually if customization is needed.

  • Full path:

    • Windows: C:\Users\<username>\.m2\settings.xml

    • macOS/Linux: ~/.m2/settings.xml

settings-security.xml

  • This file is used by Maven to securely store the master password, which is required to decrypt encrypted passwords stored in the settings.xml file. It enhances security by avoiding plain text credentials.

  • It is not created by default - we must generate it manually when using encrypted passwords in settings.xml.

  • Full path:

    • Windows: C:\Users\<username>\.m2\settings-security.xml

    • macOS/Linux: ~/.m2/settings-security.xml

Local Repository (repository/)

About

The repository/ directory is Maven’s local artifact cache. It stores all dependencies, plugins, and project-specific artifacts resolved during Maven builds. It contains -

  • Downloaded Dependencies: JARs, POMs, sources, and javadocs pulled from remote repositories like Maven Central.

  • Project Artifacts: If we run mvn install, our project’s JAR or WAR is saved here.

  • Directory Structure:

    • Maven uses a groupId-path layout. For example:

      com/
  google/
    guava/
      guava/
        30.1.1-jre/
          guava-30.1.1-jre.jar
          guava-30.1.1-jre.pom

Usage

  • Maven checks this directory before downloading anything from a remote repo.

  • Speeds up builds by caching artifacts locally.

  • Enables offline builds (mvn -o or --offline).

Default Location

  • Windows: C:\Users\<your-username>\.m2\repository

  • Linux/macOS: /Users/<your-username>/.m2/repository or ~/.m2/repository

Customizing Location

We can change the default location by:

  1. Adding this to ~/.m2/settings.xml:

    <localRepository>/custom/path/to/repository</localRepository>

  2. Or using the CLI:

    mvn clean install -Dmaven.repo.local=/custom/path

Maintenance

  • Clean unused artifacts periodically.

  • Use:

    mvn dependency:purge-local-repository

User-Specific Configuration File (settings.xml)

About

This is an optional XML configuration file for Maven that allows us to override default behaviors, set profiles, proxies, server credentials, mirrors, and more - specific to our user.

Default Location

  • Windows: C:\Users\<username>\.m2\settings.xml

  • Linux/macOS: ~/.m2/settings.xml

Note: If not present, Maven uses only the global settings from MAVEN_HOME/conf/settings.xml.

Key Configurable Elements

a. localRepository

  • Override the default location of the local repository.

b. mirrors

  • Redirect all Maven traffic to a mirror, e.g., internal Artifactory or Nexus:

    <mirrors>
  <mirror>
    <id>internal-repo</id>
    <mirrorOf>*</mirrorOf>
    <url>https://repo.mycompany.com/maven2</url>
  </mirror>
</mirrors>

c. proxies

  • Needed in corporate environments where internet access is behind a proxy:

    <proxies>
  <proxy>
    <id>example-proxy</id>
    <active>true</active>
    <protocol>http</protocol>
    <host>proxy.company.com</host>
    <port>8080</port>
  </proxy>
</proxies>

d. servers

  • Store credentials for repositories or deployment servers:

    <servers>
  <server>
    <id>my-private-repo</id>
    <username>admin</username>
    <password>encrypted-password</password>
  </server>
</servers>

Use id values that match repository definitions in pom.xml.

e. profiles and activeProfiles

  • Define environment-specific properties and configurations:

    <profiles>
  <profile>
    <id>dev</id>
    <properties>
      <env>development</env>
    </properties>
  </profile>
</profiles>

<activeProfiles>
  <activeProfile>dev</activeProfile>
</activeProfiles>

Security

  • Avoid plain text passwords. Use settings-security.xml for encryption (explained below).

Sample settings.xml File

<?xml version="1.0" encoding="UTF-8"?>
<settings xmlns="http://maven.apache.org/SETTINGS/1.1.0"
          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
          xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.1.0 
                              https://maven.apache.org/xsd/settings-1.1.0.xsd">

  <!--
    Optional: Override the default local repository location.
    If not specified, Maven uses ~/.m2/repository.
  -->
  <localRepository>/Users/your-username/.m2/custom-repo</localRepository>

  <!--
    Optional: Define proxies if you are behind a corporate firewall.
    This allows Maven to access the internet through your proxy server.
  -->
  <proxies>
    <proxy>
      <id>corporate-proxy</id>
      <active>true</active>
      <protocol>http</protocol>
      <host>proxy.company.com</host>
      <port>8080</port>
      <username>proxyUser</username>         <!-- Optional -->
      <password>proxyPassword</password>     <!-- Optional -->
      <nonProxyHosts>localhost|127.0.0.1</nonProxyHosts>
    </proxy>
  </proxies>

  <!--
    Optional: Define mirrors to redirect Maven downloads.
    Useful for using internal repositories or caching proxies (like Nexus/Artifactory).
  -->
  <mirrors>
    <mirror>
      <id>internal-central</id>
      <mirrorOf>central</mirrorOf>
      <url>https://nexus.company.com/repository/maven-public/</url>
    </mirror>
  </mirrors>

  <!--
    Define server credentials for authentication with private repositories or deployment targets.
    The password can be encrypted using settings-security.xml.
  -->
  <servers>
    <server>
      <id>internal-repo</id> <!-- Match the repository id in your POM file -->
      <username>deploymentUser</username>
      <password>{encrypted-password}</password>
    </server>

    <server>
      <id>github</id> <!-- Used when deploying to GitHub Packages -->
      <username>your-github-username</username>
      <password>{your-github-token}</password>
    </server>
  </servers>

  <!--
    Optional: Define custom build profiles.
    Profiles can include different properties, repositories, plugin configurations, etc.
    You can activate them manually or automatically based on environment.
  -->
  <profiles>

    <!-- Development profile -->
    <profile>
      <id>dev</id>
      <activation>
        <activeByDefault>true</activeByDefault>
      </activation>
      <properties>
        <env.name>development</env.name>
      </properties>
    </profile>

    <!-- Production profile -->
    <profile>
      <id>prod</id>
      <properties>
        <env.name>production</env.name>
      </properties>
    </profile>

  </profiles>

  <!--
    Define which profiles should be active.
    You can also activate profiles using the command line (-P).
  -->
  <activeProfiles>
    <activeProfile>dev</activeProfile>
    <!-- Uncomment below to activate production profile by default -->
    <!-- <activeProfile>prod</activeProfile> -->
  </activeProfiles>

</settings>

Security Configuration (settings-security.xml)

About

settings-security.xml allows you to store the master password that Maven uses to decrypt encrypted passwords in settings.xml.

Default Location

  • Windows: C:\Users\<username>\.m2\settings-security.xml

  • Linux/macOS: ~/.m2/settings-security.xml

How It Works ?

  1. Generate Encrypted Password:

    mvn --encrypt-password yourPassword

    Example output:

    {COQLCEewfjfSJLkfH39js38s=}

  2. Use Encrypted Password in settings.xml:

    <server>
  <id>private-repo</id>
  <username>your-username</username>
  <password>{COQLCEewfjfSJLkfH39js38s=}</password>
</server>

  3. Generate Master Password:

    mvn --encrypt-master-password myMasterPass

    Save the output in settings-security.xml:

    <settingsSecurity>
  <master>{someEncryptedMasterPassword}</master>
</settingsSecurity>

Maven will automatically use this master password to decrypt the encrypted password at runtime.

Purpose

  • Secure sensitive credentials without hardcoding them in plain text.

  • Required for organizations or CI systems dealing with private repositories.

Sample settings-security.xml File

<?xml version="1.0" encoding="UTF-8"?>
<settingsSecurity xmlns="http://maven.apache.org/SETTINGS/1.0.0"
                  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                  xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 
                                      https://maven.apache.org/xsd/settings-security-1.0.0.xsd">

  <!--
    The master password used to encrypt/decrypt other passwords 
    in settings.xml (in <server><password>...</password> fields).

    This master password is itself encrypted using Maven's built-in 
    tool (`mvn --encrypt-master-password`) and stored here.

    Maven uses this encrypted master password to decrypt other
    encrypted values found in your settings.xml.

    Example usage:
      mvn --encrypt-master-password your-master-pass
      # Copy output to <master>...</master> below
  -->
  <master>{ENCRYPTED-MASTER-PASSWORD}</master>

</settingsSecurity>
PreviousInstallationNextCommand-line Options

Last updated 23 hours ago

Was this helpful?