Maven 403 Forbidden on Deploy - Fix Repository Permissions
The repository authenticated you but refused the upload with a 403. The token is valid yet lacks deploy rights, or you are trying to overwrite a release version that the repository does not allow to be redeployed.
What this error means
mvn deploy fails with status code: 403, ReasonPhrase: Forbidden while uploading. Unlike a 401, you got past authentication - the server is rejecting the action, not your identity.
[ERROR] Failed to execute goal org.apache.maven.plugins:maven-deploy-plugin:
deploy ... Could not transfer artifact com.example:app:jar:1.0.0
to company-releases (...): status code: 403, ReasonPhrase: ForbiddenCommon causes
Token lacks deploy/write permission
A read-only token resolves dependencies fine but cannot publish. Deploy requires a write-scoped credential on the target repository.
Redeploying an immutable release
Most release repositories reject re-uploading an existing release version. Deploying 1.0.0 twice returns 403 because releases are immutable by policy.
How to fix it
Use a deploy-scoped credential and the right target
- Confirm the CI token has write/deploy permission on the target repository.
- Deploy snapshots to the snapshots repo and releases to the releases repo - they have different policies.
- Verify the
distributionManagementURL matches a repository you can write to.
Bump the version instead of redeploying
Release repositories are immutable. To publish a change, increment the version rather than overwriting an existing release.
<version>1.0.1</version> <!-- new release, not a redeploy of 1.0.0 -->How to prevent it
- Separate read tokens (resolve) from write tokens (deploy) and scope each minimally.
- Use
-SNAPSHOTversions for iterative builds; reserve release versions for final, immutable artifacts. - Match
distributionManagementrepositories to the snapshot vs release policy.