Collectives™ on Stack Overflow

Find centralized, trusted content and collaborate around the technologies you use most.

Learn more about Collectives

Teams

Q&A for work

Connect and share knowledge within a single location that is structured and easy to search.

Learn more about Teams

I'm trying to publish a project with multiple modules to artifactory (oss.jfrog.org). When I run artifactoryPublish I get a 403 error but I know it's not a permissions issue because it works with a single module. It only fails trying publish multiple modules.

Some modules are aars and others are jars and all include sources. I can publish them all to Bintray, but can't publish to artifactory (for snapshots).

So the question is, how do I configure a multi-module project to publish snapshots to oss.jfrog.org.

I've figured out that if I change it to publish a single module and make the artifact name the same as the last part of the group, it works, but a different name doesn't work (gives 403 error).

So if group is com.example.foo I can publish foo.jar ( com/example/foo/foo/1.0.0-SNAPSHOT/foo-1.0.0.jar ). But I can't publish bar.jar ( com/example/foo/bar/1.0.0-SNAPSHOT/bar.jar ).

This gradle is included in every project's build.gradle

afterEvaluate {
    publishing {
        publications {
            mavenPublication(MavenPublication) {
                artifact sourcesJar
            if (project.plugins.hasPlugin("com.android.library")) {
                artifact("$buildDir/outputs/aar/${project.name}-debug.aar")
            } else {
                artifact("$buildDir/libs/${project.name}-${version}.jar")
            groupId "com.example.foo"
            artifactId project.name // changing this to "foo" works for a single project
            version version
            pom {
                name.set(project.name)
                url.set(POM_URL)
                packaging POM_PACKAGING
                version version
                licenses {
                    license {
                        name.set(POM_LICENSE_NAME)
                        url.set(POM_LICENSE_URL)
                developers {
                    developer {
                        name.set(POM_DEVELOPER)
                    scm {
                        url.set(POM_SCM_URL)
                        connection.set(POM_SCM_CONNECTION)
                        developerConnection.set(POM_SCM_DEV_CONNECTION)
    bintray {
        user = project.findProperty('bintrayUser') ?: System.getenv('BINTRAY_USER')
        key = project.findProperty('bintrayApiKey') ?: System.getenv('BINTRAY_API_KEY')
        configurations = ['archives']
        publish = true
        dryRun = true
        pkg {
            name = project.name
            repo = BINTRAY_REPO
            userOrg = BINTRAY_ORG
            licenses = [POM_LICENSE_NAME]
            vcsUrl = POM_SCM_URL
            version {
                name = project.name
                released = new Date()
    artifactory {
        contextUrl = 'http://oss.jfrog.org'
        publish {
            repository {
                repoKey = 'oss-snapshot-local'
                username = project.findProperty('bintrayUser') ?: System.getenv('BINTRAY_USER')
                password = project.findProperty('bintrayApiKey') ?: System.getenv('BINTRAY_API_KEY')
            defaults {
                publications('mavenPublication')
                publishArtifacts = true
                publishPom = true
        resolve {
            repoKey = 'jcenter'
                what actually is your question? what does it have to do with the gradle script? 403 means access denied i.e. some authentication error. I don't know what you are expecting as an answer other than to use the correct authentication parameters
– smac89
                Jun 26, 2020 at 18:10
                @smac89 I've clarified the question, which is "how do I configure a multi-module project to publish snapshots to oss.jfrog.org.?"
– Jamie
                Jun 29, 2020 at 15:35

Artifactory returns a 403 whenever you're trying to publish an artefact that already exists. In your case, if you've previously published snapshot artefacts from your multi module build, whenever you will try doing that again, you will get a 403. I know you can configure the user access to provide delete permissions to the account you are using to deploy, as indicated here. However, overwriting history is not considered a good practice.

Regarding renaming your groups and artefacts, I don't think that will provide a solution, as it's not your GAV coordinates that are the issue, but rather the fact that artefacts with matching GAV already exist.

If I may ask, why do you want to use SNAPSHOT artefacts? Can you not achieve the same behaviour with dynamic dependencies and dependency locking?

I'm using SNAPSHOT because we have a new major update that we don't want to publish to the normal (bintray) source while we're ironing out the bugs. I think my issue was setting the defaults section in my artifactory config for each module, instead of just the root build.gradle. I still get a 403 failure the first time I publish but it works after that so I haven't completely figured it out but it is working. It also seems like I can publish the same version repeatedly so I must have that permission. I don't see a way to view permissions on oss.jfrog.org so but it's good on bintray. – Jamie Jun 30, 2020 at 16:27 I see. We've used 2 separate Artifactory repositories, one for branch, and one for release builds, so we don't mix the two, and can just look at separate releases. – afterburner Jun 30, 2020 at 16:30

Thanks for contributing an answer to Stack Overflow!

  • Please be sure to answer the question. Provide details and share your research!

But avoid

  • Asking for help, clarification, or responding to other answers.
  • Making statements based on opinion; back them up with references or personal experience.

To learn more, see our tips on writing great answers.