I have a dependency as follows:
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
<version>4.2</version>
<scope>compile</scope>
</dependency>
This is pulling down another dependency httpcore.4.1.4 which throws a ClassDefNotFound, when i deploy httpcore.4.2 everything works.
I added both of the dependencies as follows:
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
<version>4.2</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpcore</artifactId>
<version>4.2</version>
<scope>compile</scope>
</dependency>
and still facing the same issue ie: mvn brings down httpcore.4.1.2 not httpcore.4.2
how can i resolve this?
EDIT:
added;
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpcore</artifactId>
<version>4.2</version>
<scope>compile</scope>
</dependency>
</dependencies>
</dependencyManagement>
You might have a transitive dependency, one your other dependencies depend on the version you don't want.
To get an overview of all dependencies, direct and transitive, try:
mvn dependency:tree
If you find a crash between different versions of the same dependency, the first thing you should do is figure out whether the crash is critical (do you need both?) If not, upgrade so that the lowest dependency version will become equal to the highest. If it is a transitive dependency consider upgrading the version of this.
If you just want to lock on to a specific version of the dependency, you have some choices:
Exclude the transitive dependency:
<dependency>
<groupId>com.something</groupId>
<artifactId>something</artifactId>
<exclusions>
<exclusion>
<groupId>com.somethingElse</groupId>
<artifactId>somethingElse</artifactId>
</exclusion>
</exclusions>
</dependency>
Include a specific version:
<dependency>
<groupId>com.somethingElse</groupId>
<artifactId>somethingElse</artifactId>
<version>2.0</version>
</dependency>
Any dependency version added explicitly in your pom will override the version of any transitive dependency of the same groupId/artifactId.
Although being a bit of a puzzle, you should try to get compatible versions of your dependencies, that being version with the same version transitive dependencies.
Related
I have bouncy castle dependency used in my application and I want this dependency to be excluded in the pom.xml file. Even after removing this dependency from the pom file, it is still appearing in the m2 repository folder. My application is a Spring-MVC 5 framework and running on Tomcat version 9. While deploying there are two different versions of "bcprov". I need to exclude both bcprov-jdk14 and bcprov-jdk15on from the pom.xml file.
Below is the dependency in the pom file.
<dependency>
<groupId>bouncycastle</groupId>
<artifactId>bcprov-jdk14</artifactId>
<version>140</version>
</dependency>
I also tried another link for the exclusion but it did not work - Maven Transitive Dependency issue
Please help how to exclude the above dependencies.
To exclude some transitive dependencies you just have to add <exclusion> tags in your POM file. You need to remove the bcprov-jdk14 artifact from every dependency that uses it (check the dependency tree), e.g.:
<dependency>
<groupId>com.lowagie</groupId>
<artifactId>itext</artifactId>
<version>2.1.7</version>
<exclusions>
<exclusion>
<groupId>bouncycastle</groupId>
<artifactId>bcmail-jdk14</artifactId>
</exclusion>
<exclusion>
<groupId>bouncycastle</groupId>
<artifactId>bcprov-jdk14</artifactId>
</exclusion>
<exclusion>
<groupId>org.bouncycastle</groupId>
<artifactId>bcmail-jdk14</artifactId>
</exclusion>
<exclusion>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk14</artifactId>
</exclusion>
<exclusion>
<groupId>org.bouncycastle</groupId>
<artifactId>bctsp-jdk14</artifactId>
</exclusion>
</exclusions>
</dependency>
Remember however to add the correct versions of those dependencies:
<properties>
...
<bc.version>1.69</bc.version>
</properties>
<dependencies>
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk15on</artifactId>
<version>${bc.version}</version>
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcmail-jdk15on</artifactId>
<version>${bc.version}</version>
</dependency>
</dependencies>
Alternatively don't use the features of the libraries that depend on BouncyCastle (signature verification/encryption).
I have a dependency on Guava in my Maven dependencies:
<dependency>
<groupId>com.google.guava</groupId>
<artifactId>guava</artifactId>
<version>23.3-jre</version>
</dependency>
I also have a dependency to Google API Client in my dependencies:
<dependency>
<groupId>com.google.api-client</groupId>
<artifactId>google-api-client</artifactId>
<version>1.23.0</version>
</dependency>
But for some odd reason, this has the following dependency:
<dependency>
<groupId>com.google.guava</groupId>
<artifactId>guava-jdk5</artifactId>
</dependency>
Now my WAR ends up with two Guava JARs:
guava-23.3-jre.jar
guava-jdk5-17.0.jar
This gives several issues, since the runtime prefers guava-jdk5-17.0.jar while the code is compiled with guava-23.3-jre.jar.
Why does Google API Client have dependency on Guava for JDK5? Wouldn't it make more sense to have two versions, like:
google-api-client which depends on regular Guava, preferably version 23.3 (as of current)
google-api-client-jdk5 which depends on Guava for JDK5
See https://github.com/google/google-api-java-client/issues/903. The following work-around should be possible:
<dependency>
<groupId>com.google.api-client</groupId>
<artifactId>google-api-client</artifactId>
<exclusions>
<exclusion>
<groupId>com.google.guava</groupId>
<artifactId>guava-jdk5</artifactId>
</exclusion>
</exclusions>
</dependency>
I am working on a library for some projects which relies on Spark and HBase.
So the POM of the library looks something link this:
<dependencies>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
<version>2.7.4</version>
</dependency>
<dependency>
<groupId>org.apache.hbase</groupId>
<artifactId>hbase-client</artifactId>
<version>1.1.2</version>
</dependency>
...
</dependencies>
And in the specific project that uses the central library (which is published on an internal Maven repository) I have this:
<dependencies>
<dependency>
<groupId>my.group.id</groupId>
<artifactId>myartifact</artifactId>
<version>LATEST</version>
</dependency>
</dependencies>
This, however does not then automatically include the dependencies that the library itself has. Therefore I would need to copy the dependency section of the library POM into the application POM.
Do you have any advice what might be missing/wrong?
Thanks and regards!
I'm trying to upgrade the EJB module to work with JBoss AS 7 and after including all the libraries I thought might make a difference I'm sitll getting this error:
Error(20,33): package org.jboss.ejb3.annotation does not exist
on:
import org.jboss.ejb3.annotation.TransactionTimeout;
Can anyone tell me how to fix this?
Are you using Maven? If so, adding these dependencies to your POM may be helpful:
<dependency>
<groupId>org.jboss.spec</groupId>
<artifactId>jboss-javaee-6.0</artifactId>
<version>3.0.0.Final</version>
<type>pom</type>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.jboss</groupId>
<artifactId>crc-jboss-client-all</artifactId>
<type>pom</type>
<version>5.1.0.GA</version>
<exclusions>
<exclusion>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
</exclusion>
<exclusion>
<groupId>org.jboss.slf4j</groupId>
<artifactId>slf4j-jboss-logging</artifactId>
</exclusion>
</exclusions>
</dependency>
Although you were using JDeveloper; I had the same issue doing a build with Maven. The dependency comes from jboss-annotations-ejb3.
Jon's answer didn't match the dependencies for jboss-annotations-ejb3. Therefore for Maven I added this to the pom.xml. May help some others.
<dependency>
<groupId>jboss</groupId>
<artifactId>jboss-annotations-ejb3</artifactId>
<version>4.2.2.GA</version>
</dependency>
I am facing the issue described here. I found a dependency to jsp-api.jar, which in fact comes from a dependency to Joda-Time:
<dependency>
<groupId>joda-time</groupId>
<artifactId>joda-time-jsptags</artifactId>
<version>1.0.1</version>
<exclusions>
<exclusion>
<artifactId>jsp-api</artifactId>
<groupId>javax.servlet</groupId>
</exclusion>
</exclusions>
</dependency>
I have tried to exclude it (see above), but the application won't compile. How do I make sure jsp-api is not shipped in my .war?
Instead of excluding this library, add to your dependencies explicitly with provided scope:
<dependency>
<groupId>joda-time</groupId>
<artifactId>joda-time-jsptags</artifactId>
<version>1.0.1</version>
</dependency>
<dependency>
<artifactId>jsp-api</artifactId>
<groupId>javax.servlet</groupId>
<version>2.0</version>
<scope>provided</scope>
</dependency>
Add the appropriate version of the JSP API to the dependencies of your project, with the provided scope. It will be available at compile-time, but Maven will consider that it's provided by the runtime environment and thus don't ship it with the app.