Agreed. No direct downloads from external repositories should be allowed in your release builds.
The specific answer to your question is the second part of my answer 🙂
Setup a repository manager
I’d recommend setting up a local Maven repository manager. Good options are the following:
All of these are capable of acting as a caching proxy for the externally available Maven central jars.
You might also be interested in the Profession version of Nexus. It includes a Procurement suite for managing external libraries. It also provides Maven plugins for centrally managing the Maven settings file, which is the second part of my answer…
Local Maven settings
Update the settings file located in the following directory:
$HOME/.m2/settings.xml
Specify that all central requests should be redirected to the local Maven repository:
<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0
http://maven.apache.org/xsd/settings-1.0.0.xsd">
...
<mirrors>
<mirror>
<id>central-proxy</id>
<name>Local proxy of central repo</name>
<url>http://<hostname>/central</url>
<mirrorOf>central</mirrorOf>
</mirror>
</mirrors>
...
</settings>