Auto Settings Generation

The easiest way to set up Maven to use Artifactory is to use the automatic settings generator from the UI, by going to Home:Maven Settings.
Simply generate and save the settings.xml file into your Maven home directory.

The following sections describe in more detail important aspects of the configuration.

Provisioning Dynamic Settings for Users

You can deploy and provision a dynamic settings template for your users.
Once downloaded, settings will be generated on the fly according to your own logic and can automatically include user authentication information.
Please see the Provisioning Build Tool Settings section under Filtered Resources.

The Default Global Repository

The simplest way for setting up Maven to use Artifactory proxy is to configure a Maven repository with the following URL:
<host>:<port>/artifactory/repo
This URL is Artifactory's built-in global virtual repository, and it will make Artifactory look through all repositories (local and remote), for any artifacts maven is fetching.

You can create and use a dedicated virtual (or local) repository to limit Artifactory searches to that specific repository:
The maven repository URL should look like:
<host>:<port>/artifactory/<repo_name>

Overriding the Built-in Repositories

If your Artifactory is configured correctly, you should override the built-in central and snapshots repositories of Maven, so that no request will be ever sent directly to them.
Insert the following into your parent POM or settings.xml (under an active profile):

Additional "Mirror-any" Setup

You can also use the "mirror any" feature on top of the previous setup, and have Artifactory act as a redirecting proxy for any Maven repository, including ones defined inside POMs of plug-ins and of third party dependencies (which is bad practice, but unfortunately, not uncommon). This will make sure no unexpected requests will be made to external repositories introduced by such POMs.

Insert the following into your settings.xml:

Caveat

Don't use "mirror any" by itself, as your only resolution rule. Use it to enforce any artifacts resolution to be made strictly through Artifactory.
The "mirror any" proxying configuration works for defined repositories. It will supersede, but not hide, the built-in central and snapshots repositories, unless overridden by the user. It defines a coarse-grained proxying rule that does not differentiate between releases and snapshots, and relies on the defined repositories to do this resolution filtering.

Configuring Authentication

You can turn off the Global Anonymous Access flag (Admin:Security:General) and use secure downloads with Maven. Users will have to have Read access on repositories they wish to resolve artifacts from.
You will also have to make sure your settings.xml file contains a server definition with the repository id used for artifacts resolution (downloads) and with valid user name and password.
Artifactory offers a unique feature that makes sure you do not have to use clear text passwords in your settings, so it is highly recommended to use this feature.

Synchronizing Authentication Details for Same-URL Repositories When using authenticated downloads Maven will use the user name and password defined in your settings.xml to authenticate against Artifactory repositories. Your settings.xml may contain other server definitions (with different server ids) used for authenticating to deployment repositories or to other download repositories. If you have repository definitions (either for deployment or download) that are using the same URL, Maven will take the authentication details (from the matching server definition) of the first repository encountered and will use it for the life-time of the running build for all repositories with the same URL. This might cause authentication to fail if you are using different authentication details between such repositories, and you might receive 401 errors for your downloads or deployments. Unfortunately, this is an inherent Maven problem which is beyond the control of Artifactory and the only solution is to use the same authentication details in your settings.xml if they are going to be used by same-URL repositories.

Watch the Screencast