When you are in a corporate network, you might be behind an authenticating http proxy server. Indications that you are: timeouts when maven tries to download a dependency from maven central.

There is one big pitfall: Since Java8 Update 111, basic authentication for proxy requests is disabled by default. See this stackoverflow question: Java Web Start unable to tunnel through proxy since java 8 update 111.

You could configure the proxy, that java uses, globally in your $JAVA_HOME/conf/net.properties file (see also Networking Properties). But I tend to configure it explicitly for maven (see below) - that way, if I update the java runtime, I don’t need think about this. In the file net.properties, you find also the new property jdk.http.auth.tunneling.disabledSchemes which disables Basic Authentication. Disabling Basic Authentication results in the requests being rejected with a “HTTP/1.1 407 Proxy Authentication Required” code.

Here’s the full stacktrace, in case someone searches it:

Exception in thread "main" java.io.IOException: Unable to tunnel through proxy. Proxy returns "HTTP/1.1 407 Proxy Authentication Required"
	at java.base/sun.net.www.protocol.http.HttpURLConnection.doTunneling(HttpURLConnection.java:2162)
	at java.base/sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:183)
	at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1581)
	at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1509)
	at java.base/sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:245)
	at org.apache.maven.wrapper.DefaultDownloader.downloadInternal(DefaultDownloader.java:73)
	at org.apache.maven.wrapper.DefaultDownloader.download(DefaultDownloader.java:60)
	at org.apache.maven.wrapper.Installer.createDist(Installer.java:64)
	at org.apache.maven.wrapper.WrapperExecutor.execute(WrapperExecutor.java:121)
	at org.apache.maven.wrapper.MavenWrapperMain.main(MavenWrapperMain.java:55)

The maven wrapper sets the authentication details in DefaultDownloader.java, but these are ignored, if the Basic Authentication scheme is disabled.

There are two configuration files, which need to be setup up, so that the maven wrapper and maven itself work correctly behind a proxy server:

  1. ~/.mavenrc: This file is included by the maven wrapper. You’ll need to configure the proxy settings there, so that plain java can access the internet:
MAVEN_OPTS="-Dhttp.proxyHost=localhost -Dhttp.proxyPort=3128 -Dhttps.proxyHost=localhost -Dhttps.proxyPort=3128 -Dhttp.proxyUser=proxy_user -Dhttp.proxyPassword=secret -Djdk.http.auth.tunneling.disabledSchemes="
  1. ~/.m2/settings.xml: This configuration file is used by maven, once maven is running. You’ll need to configure your proxy there:
<proxies>
 <proxy>
    <id>local-proxy</id>
    <active>true</active>
    <protocol>http</protocol>
    <host>localhost</host>
    <port>3128</port>
    <username>proxy_user</username>
    <password>secret</password>
    <nonProxyHosts>localhost|*.example.com</nonProxyHosts>
  </proxy>
</proxies>

After you have set up these two files, ./mvnw clean install works as expected.

References: