I came to a grinding halt in trying to debug a problem I am having with Spring 3.1 ( I put a bounty on it FWIW ). So, I would like to take the spring-security and spring-ldap source code, put my own log4j statments in, compile it and run my webapp in Tomcat 6.
What is the most sensible way to do this?
Include my "customized" libraries in the WEB-INF/lib of my Maven based project or do I put the altered libs in the tomcat\lib dir?
Can I do this using only Maven? I recently learned Maven to fix a proble and I would like to catch my breath before learning gradle if I can.
I don't want to do this for all of Spring and all of Spring-Security.
How would I set it up in maven/my pom.xml?
I realize the new tools make all of this easier than it probably feels to me, but compiling libraries from source has been a terror most of my life so I would like some tips and instructions to make it as easy/fast as possible.
Thanks
You can do this using only maven:
Either: Use the same POM as the spring people do. That way the new jar that falls out of your code will overwrite the one delivered by spring.
Or: Use the same POM, but increase the Version Number (to the next SNAPSHOT ) and change the dependency in your pom to that version. (EDIT: read Roy-Truelove 's comment below, its very correct indeed.)
I would recommend the latter variant.
Related
Dependency issues, we've all dealt with them, but I'm mostly used to C# and now working in Java so I have some questions.
Let's say I add a library to my project, called ExtLib.
ExtLib has a certain library included in its lib-folder, let's call it LogLib-1.0.
I'm using Eclipse and I've made a User Library for ExtLib, included its main jar file and all of the files in its lib-folder. So far so good.
But now I want to do some logging of my own, so I make another User Library and add the newer LogLib-1.1 to it, because it has some new features I want to use.
Can I ever be sure I'm not breaking ExtLib this way?
I know .NET uses the Global Assembly Cache and methods like that, but I have no clue how Java handles this. I tried Googling, but didn't find much, a few mentions of the Classloader here and there, but nothing helpful.
Can anyone tell me what a proper way to deal with this issue is? Or is it no issue at all?
In this specific case (LogLib-1.0 and LogLib-1.1) we're dealing with the same library that is both a direct dependency of your application, and a "transitive" dependency via the ExtLib. In this situation, dependency management can come to help.
It will probably reason that LogLib-1.1 is a backward compatible release of LogLib-1.0, and it will decide that your application can run fine using only LogLib-1.1.
In the Java world, tools like Maven, Gradle or SBT exist to help you in this. Maven is the most widespread, and other tools often are compatible with Maven.
Usage
To solve this situation using Maven, you would add a file called pom.xml to your application, stating it depends on LogLib version 1.1. That might look like this (note that this example is pure fiction):
<dependency>
<groupId>org.loglib</groupId>
<artifactId>loglib</artifactId>
<version>1.1</version>
</dependency>
The ExtLib you're using also has a pom.xml shipped with it, and it might state
<dependency>
<groupId>org.loglib</groupId>
<artifactId>loglib</artifactId>
<version>1.0</version>
</dependency>
Maven (or any other tool) would decide that including LogLib-1.1 is sufficient to get your application running. When using Maven, mvn depedency:tree helps you visualise that.
Deployment
With respect to the packaging / deployment question: mvn package will package your application to a jar, war or ear archive, including only the dependencies you need (and not two versions of the same lib). This makes you don't have to worry about the order in which your application server reads the jar files.
I'm new to Maven, using the m2e plugin for Eclipse. I'm still wrapping my head around Maven, but it seems like whenever I need to import a new library, like java.util.List, now I have to manually go through the hassle of finding the right repository for the jar and adding it to the dependencies in the POM. This seems like a major hassle, especially since some jars can't be found in public repositories, so they have to be uploaded into the local repository.
Am I missing something about Maven in Eclipse? Is there a way to automatically update the POM when Eclipse automatically imports a new library?
I'm trying to understand how using Maven saves time/effort...
You picked a bad example. Portions of the actual Java Library that come with the Java Standard Runtime are there regardless of Maven configuration.
With that in mind, if you wanted to add something external, say Log4j, then you would need to add a project dependency on Log4j. Maven would then take the dependency information and create a "signature" to search for, first in the local cache, and then in the external repositories.
Such a signature might look like
groupId:artifactId:version
or perhaps
groupId:artifactId:version:classifier
This identifies a maven "module" which will then be downloaded and configured into your system. Once in place it adds all of the classes within the module to your configured project.
Maven principally saves time in downloading and organizing JAR files in your build. By defining a "standard" project layout and a "standard" build order, Maven eliminates a lot of the guesswork in the "why isn't my project building" sweepstakes. Also, you can use neat commands like "mvn dependency:tree" to print out a list of all the JARs your project depends on, recursively.
Warning note: If you are using the M2E plugin and Eclipse, you may also run into problems with the plugin itself. The 1.0 version (hosted at eclipse.org) was much less friendly than the previous 0.12 version (hosted at Sonatype). You can get around this to some extent by downloading and installing the "standalone" version of Maven from apache (maven.apache.org) and running Maven from the command line. This is actually much more stable than trying to run Maven inside Eclipse (in my personal experience) and may save you some pain as you try to learn about Maven.
I'm trying to check out slf4j-simple-1.6.2 from a trusted repository (preferably, SLF4J's official repo) and pull it down into an Eclipse project. I'm doing this because I need to tweak SLF4J Simple's code so that it binds to my own logging implementation.
I'm hoping there is a way to do this without having to use Maven, because I've never used Maven before and feel much more comfortable running Ant builds.
Nevertheless, I've searched SLF4J's site high and low and cannot find any trusted links to their repository.
Even once I get the project imported into Eclipse, I still need to figure out how to get it building with Ant.
Could someone please help me:
Find the repo
Confirm whether an Ant build is possible
Thanks in advance!
The zip download here also contains the sources.
The official source code repository is hosted on GitHub. However, I believe you are doing it the wrong way.
The idea of SLF4J is to have a dependency on slf4j-api and let the developer to add exactly one binding. Instead of tweaking original bindings just write your own one. Of course you can use simple binding a starting point, but modifying existing open source libraries and maintaining patched versions is a lot of work.
As you said, slf4j is present in the official Maven repository.
So basically, you have 2 simple solutions without using Maven:
Download the JAR / sources / javadocs from this Maven repository, and copy them in your own project directory.
Use Ivy. This is an extension of Ant to give a better dependencies management. It can connect to Maven repositories. So you will be able to retrieve your slf4j dependency without having to use Maven.
What is the easiest way to see the libraries dependencies in Java project (eclipse)?
I am using Spring MVC and Hibernate so right now there are a lot of jar files and I even do not remember which one of them are responsible for what.
check out tattletale.
http://www.jboss.org/tattletale
See them how?
If you're using maven, use the dependency plugin's dependency:tree to get a hierarchical representation of what depends on what.
If you're not, ew; manual management of transitive dependencies sucks! You can use something like Dependency Finder or JDepend to provide similar info.
Not sure if this is what you mean, but to start with you can right-click the project (in Eclipse) and look at Properties -> Java Build Path. The Libraries tab should list what libraries you're using on your build path. (But you probably knew that.)
If it's a simple standalone project, you could of course always remove a library and see what interesting new errors pop up ;-)
For more complicated projects with interdependencies, it can take quite a bit of fiddling to get all your dependencies right. I generally recommend setting up a "core" project which holds (and exports) most of your third-party JARs (better yet, use user libraries, and putting that project on the build path of your other projects.
Edit after reading your comment: Ah, gotcha... you might be interested in the Plug-in Dependency Visualisation incubator project then - haven't used it myself but it sounds like it could do what you're after. Hope that helps!
I have a bit of an issue with Spring 3 and it involves its dependencies or better said "their lack of...".
When you download Spring 2.5.x for example you get a spring-framework-2.5.6-with-dependencies.zip file containing the Spring distribution as well as its dependencies.
For Spring 3 there isn't one. You only get the distro while dependencies are managed in Maven repository and retrieved with Ivy. That was the decision springsource fellows took. Which brings me to my problem.
At work Maven repository has "forbidden access" written all over it and we don't use Ivy. We use Maven but with a local enterprise repository and nothing beyond that is allowed (security concerns yada yada which ultimately makes sense but makes my job as a developer harder). To put something in the local repository means approvals, deployments of resources, configurations, acces rights, time, money etc.
It is OK with a few JARS here and there but I imagine Spring dependencies mean more than a few JARs. So that will be approved and installed over o long period of time. Meanwhile we can't develop in Spring 3 (while everything is set up in the local repository) so we need the dependencies.
I found this page here:
http://static.springsource.org/downloads/nightly/snapshot-download.php?project=SPR
which contains some dependencies but i need it for release 3.0.5 not for nightly builds.
In short, I need a spring-framework-3.0.5-RELEASE-with-dependencies.zip file. Ho do I get one?
P.S. I must mention that I can't just download something home and bring everything on a stick which is the first suggestion that pops in mind. Other rules apply for this :D, so I need an official release to download.
Steps:
Go to http://s3.amazonaws.com/dist.springframework.org/release/SPR/spring-framework-3.0.5.RELEASE.zip
When you hit the URL, your download for jar files starts automatically
After unzipping, there is a folder called dist which contains the following jar files for spring 3.0.5
org.springframework.aop-3.0.5.RELEASE.jar
org.springframework.asm-3.0.5.RELEASE.jar
org.springframework.aspects-3.0.5.RELEASE.jar
org.springframework.beans-3.0.5.RELEASE.jar
org.springframework.context.support-3.0.5.RELEASE.jar
org.springframework.context-3.0.5.RELEASE.jar
org.springframework.core-3.0.5.RELEASE.jar
org.springframework.expression-3.0.5.RELEASE.jar
org.springframework.instrument.tomcat-3.0.5.RELEASE.jar
org.springframework.instrument-3.0.5.RELEASE.jar
org.springframework.jdbc-3.0.5.RELEASE.jar
org.springframework.jms-3.0.5.RELEASE.jar
org.springframework.orm-3.0.5.RELEASE.jar
org.springframework.oxm-3.0.5.RELEASE.jar
org.springframework.test-3.0.5.RELEASE.jar
org.springframework.transaction-3.0.5.RELEASE.jar
org.springframework.web.portlet-3.0.5.RELEASE.jar
org.springframework.web.servlet-3.0.5.RELEASE.jar
org.springframework.web.struts-3.0.5.RELEASE.jar
org.springframework.web-3.0.5.RELEASE.jar
NOTE : You can download any release of spring framwork just by modifying the release version to 3.0.1 or 3.2.5(any other versions according to your need)in the above mentioned URL
One of the main reasons that there isn't a big “Spring 3 with everything” build is that you probably don't need it. (It's absolutely huge!) Instead, you're supposed to identify the parts that you actually need and only include them. The problem is that this makes it hard for you.
Alas, the best way I see long-term for you is to get Spring 3 and its dependencies into your institutional Maven repository (switching to Ivy wouldn't really help; the institutional problem is not with Maven but with depending on unvetted external libraries). Yes, it's awkward but that's what you've got to work with. Sneaking things in the back-door won't help! Perhaps it would be reasonable to inquire whether there is a relatively rapid method to get things approved where previous versions have been found acceptable (which might be “yes, subject to there being no license surprises”)?
You'll probably need to use Maven (or Ivy, but I don't know it) to get the full list of dependencies first, so that you can describe exactly what changes are actually involved, and be aware that some of the dependencies might already be approved.
(I just wish I had a better idea for how to deal with your process, but working against both its spirit and letter is a way to get a corporate bureaucrat very upset. Life's not worth such things.)
I've shared the very origin file from Spring official site:
http://kuai.xunlei.com/d/QBEMGYUXOOKN
http://s3.amazonaws.com/dist.springframework.org/release/SPR/spring-framework-3.0.5.RELEASE-dependencies.zip
Create a project at home, add what you need in spring 3 to that, open the project with eclipse+m2eclipse and view the dependency hierarchy. That will then tell you what you need as dependencies on spring.
Chances are a lot of the dependencies are the same as they were in spring 2.5 as a lot of the spring 3 stuff didn't change.
You can ask your maven at home to download all the dependencies... and you'll have your own version of spring+dependencies