Archiva currently keys everything on the POM and considers all derivatives to be associated with the same artifact, so it doesn't handle scenarios where derivatives reside in different repositories to the rest of the POM. This would be a worthwhile feature request - in addition to the one that already exists for allowing some finer grained security on artifacts.
It's a stretch but what might work is this: - deploy only to the private repo - set up a connector between your public and private repo, and set the whitelist to **/*.jar Does that make sense? 2008/7/18 Valerio Angelini <[EMAIL PROTECTED]>: > > Hello list, > > i have an Archiva setup (1.0.2) with two repositories: one is of public > domain (A) and one is a private repository (B). > > Now i have the need to deploy some artifacts that are public in binary form > (jar) but their source should be accessible only for authorized users. > > I tried to make a double deploy of the same artifact: a partial deploy on > repo A (jar + javadoc) and a full deploy on repo B (jar + javadoc + source). > > This solution works well for the use with maven, unauthorized users can > download only jar and authorizer one can download all, but this is not > compatible with the archiva web interface: > - guest users see the souce jar listed (wrong) and cannot download it > (right) > - auth users see the source jar listed (right) and cannot dowload it (wrong) > because the link is wrong (it links to the public repository) > - sometimes the guest user does not see at all the deployed artifact > > Shoud I try to deploy only jar + javadoc in the repo A and only sources in > repo B ? Will this work? > > Is there a better solution to handle this use case? > > Regards > > Valerio > -- > View this message in context: > http://www.nabble.com/Publishing-a-public-artifact-but-with-private-sources-tp18510912p18510912.html > Sent from the archiva-users mailing list archive at Nabble.com. > > -- Brett Porter Blog: http://blogs.exist.com/bporter/
