gnodet commented on issue #11856: URL: https://github.com/apache/maven/issues/11856#issuecomment-4185072816
_Claude Code on behalf of Guillaume Nodet_ ## Analysis The behavior change between Maven 3.9.x and 4.x is due to **Remote Repository Filtering (RRF)**, a new feature in Maven Resolver 2.x (used by Maven 4.x). Resolver 1.x (used by Maven 3.9.x) does not have this infrastructure at all. ### How it works When Maven 4.x starts, it auto-discovers prefix files by requesting `/.meta/prefixes.txt` from each remote repository. If the server returns this file, Maven uses it to skip requests for artifacts whose group isn't listed — reducing load on servers and improving build speed. In the Maven codebase, both `PrefixesRemoteRepositoryFilterSource` and `GroupIdRemoteRepositoryFilterSource` are registered as DI components in `RepositorySystemSupplier.java` and are automatically injected into `DefaultRemoteRepositoryFilterManager`. The `FilteringPipelineRepositoryConnectorFactory` is always registered in the connector pipeline, so filtering is enabled by default with no opt-in required. ### Why it fails with virtual/group repositories The problem occurs when a repository manager (e.g., JFrog Artifactory) serves a prefix file for virtual/group repositories that is **incomplete** — it "leaks" a prefix file from one member repository instead of computing the union of all members' prefixes. Artifacts available from other member repos get rejected because their groups aren't in the leaked prefix list. ### The UX problem The error message `Prefix dhbcore/dhbcore/7.0.1.3/dhbcore-7.0.1.3.jar NOT allowed from my-server-id (...)` is cryptic. Users don't know: - What a "prefix" is - That this is a client-side filtering decision, not a server rejection - How to work around it (`-Daether.remoteRepositoryFilter.prefixes=false`) - Where to find documentation ### Proposed fix Improve `DefaultExceptionHandler` in `maven-core` to detect `ArtifactFilteredOutException` in the cause chain and append actionable guidance: - Explain that the remote repository's prefix file doesn't list the artifact's group - Note this commonly happens with repository managers using virtual/group repositories - Provide the workaround property `-Daether.remoteRepositoryFilter.prefixes=false` - Link to https://maven.apache.org/resolver/remote-repository-filtering.html Draft PR incoming. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
