I have created simple project from maven-achetype-quickstart under Eclipse Indigo, then I went to pom.xml gui editor and in dependencies tab added dependency log4j by search in appropriate dialog. Now my pom.xml looks like
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org xsd/maven-.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>mygroup</groupId>
<artifactId>Test_Maven_03</artifactId>
<version>0.0.1-SNAPSHOT</version>
<packaging>jar</packaging>
<name>Test_Maven_03</name>
<url>http://maven.apache.org</url>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
</properties>
<dependencies>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
<version>1.2.15</version>
</dependency>
</dependencies>
<dependencyManagement>
<dependencies>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>3.8.1</version>
</dependency>
</dependencies>
</dependencyManagement>
</project>
Eclipse says my POM have many problems like
Missing artifact javax.jms:jms:jar:1.1 pom.xml /Test_Maven_03 line 2 Maven Dependency Problem
What does it mean and how to see maven feature of automatic jar downloading.
EDIT 1
If I select log4j 1.2.16 instead of 1.2.15, I get another error: Missing artifact log4j:log4j:bundle:1.2.16. So I see no automatic jar management at all.
It's not included anymore due to licensing issues if I remember correctly. If you don't need jms functionality you can exclude jms from log4j dependency:
<dependency>
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
<version>1.2.15</version>
<exclusions>
<exclusion>
<groupId>com.sun.jmx</groupId>
<artifactId>jmxri</artifactId>
</exclusion>
<exclusion>
<groupId>com.sun.jdmk</groupId>
<artifactId>jmxtools</artifactId>
</exclusion>
<exclusion>
<groupId>javax.jms</groupId>
<artifactId>jms</artifactId>
</exclusion>
</exclusions>
</dependency>
Change the version of log4j to 1.2.16.
The metadata for 1.2.15 is bad, as you have discovered, because the dependencies are missing from the central repository. However, there is a policy of not changing artifacts or metadata in the central maven repository, because this can lead to builds being unrepeatable. That is, a build might behave differently if an artifact or its metadata changed.
The reasoning is that it's better to work around bad metadata than cause unreproducible builds.
It's better, of course, if project maintainers are more careful about the metadata that they upload to central.
Use Log4J 1.2.16 (the one I linked to in your earlier question); it doesn't have the older JMX dependency and gets it from Geronimo instead.
The answers above (excluding JMX) are fine, so long as you don't need any of the JMX dependencies. However, you will never be able to download the JMX dependencies' .jar files from a standard maven repository. To quote Jörg Schaible-3 at nabble.com:
This is normal and it will stay so, because Sun/Oracle never granted
distribution rights for those artifacts as separate downloads. You will have
to download them from Oracle, accepting their license, and add them to a
local repository manager.
Therefore, if you want to use JMX, you will need to download the respective jmx zip folder from Oracle's website.
Related
I am using Apache Maven 3.6.3 & Spring boot 1.5 without micro service Architecture. I am working on a task to remediate vulnerable dependencies currently present in the dependency tree of our project. logback-classic is one of those dependencies. I can change the version of top-level dependencies (in top level pom) but I am not able to upgrade its version from 1.11.1 to 1.2.3 for logback-dependency present in spring-boot-starter-web starter used in one of child POM.
I am able to exclude such versions as-
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
<version>2.2.0.RELEASE</version>
<exclusions>
<exclusion>
<groupId>ch.qos.logback</groupId>
<artifactId>logback-classic</artifactId>
</exclusion>
</exclusions>
</dependency>
However, I am not able to update the version of same dependency present in dependency tree of spring-boot-starter-web starter of one of JAR in project. I tried to provide update of version using < dependencyManagement > tag as-
<project>
......
<dependencyManagement>
<dependencies>
<dependency>
<groupId>ch.qos.logback</groupId>
<artifactId>logback-classic</artifactId>
<version>1.2.3</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
<version>2.2.0.RELEASE</version>
<exclusions>
<exclusion>
<groupId>ch.quos.logback</groupId>
<artifactId>logback-classic</artifactId>
</exclusion>
</exclusions>
</dependency>
........
</dependencies>
......
<project>
Note- In < dependencyManagement >, initially I tried without < type > & < scope > tags as well but anyhow I am only able to exclude vulnerable logback-classic dependency but I can't update this to 1.2.3 inside spring-boot-starter-web present in that particular child pom.
The Library You Mentioned (Logback-classic) Has Many Compatability Problems Reported
As You Can See Here In The Related Issue On Its Repository
I Recommend That You Try Different Version Of Spring (Newer Ones) And Check The Result
Search Around In The Github Issues For Versions And Updates You Might Find Something
I have faced with a little problem, I have added next dependency in my project:
<dependency>
<groupId>net.sourceforge.htmlunit</groupId>
<artifactId>htmlunit</artifactId>
<version>2.19</version>
</dependency>
And my project enlarges from 330kb to 12.1mb . I know that HTMLUnit based on Apache Http Client that weights much, but maybe Maven has some feature to exclude libraries/packages that doesn't used in sources? (not manual excluding)
How should Maven know that? You might using some kind of DI which is during runtime ? You can of course exclude dependencies if you know that they are not used...and of course handle the dependencies correct for their purpose as already mentioned to use <scop>test</scope> if it's something which is used only for testing.
<project>
<modelVersion>4.0.0</modelVersion>
<groupId>sample.ProjectA</groupId>
<artifactId>Project-A</artifactId>
<version>1.0-SNAPSHOT</version>
<packaging>jar</packaging>
...
<dependencies>
<dependency>
<groupId>sample.ProjectB</groupId>
<artifactId>Project-B</artifactId>
<version>1.0-SNAPSHOT</version>
<exclusions>
<exclusion>
<groupId>sample.ProjectD</groupId>
<artifactId>Project-D</artifactId>
</exclusion>
</exclusions>
</dependency>
</dependencies>
</project>
Since this is a testing dependency, you can always add <scope>test</scope> to keep it from being packaged in your build.
currently I'm working on a project in my company that imports XML data to our database. While doing this I rely on some basic configuration projects which have been already created and used in other Projects, i.e. an EntityManagerBuilder or other utility classes that are used in order to create a connection to our oracle database. And it seems to me that those dependencies are creating some problems for me.
My project runs perfectly fine if I start it within eclipse. And when I create the project with mvn clean install -DskipTests it builds all fine.
But when I want to run it from the command line the application starts and after a few lines of code just stops, without throwing any errors or exceptions.
The reason why I think that it has something to do with some dependencies is that by logging I managed to find the point where the application stops. Since it stopped at a point I could investigate, I just did that. I downloaded the sources an only added some logging and suddenly my application had no problems at all with that class, instead it just stopped with the next static call to an other class.
I have no idea at all where to search for the error. Since this is an application that has to run by it self as a monthly task, executing it from eclipse is not an option.
Hopefully someone can give me a hint how to solve this.
Here is my POM:
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>com.company.infrastructure.foo</groupId>
<artifactId>foo</artifactId>
<version>1.0.0-SNAPSHOT</version>
</parent>
<artifactId>foo-import</artifactId>
<packaging>jar</packaging>
<name>FooImport</name>
<properties>
<company.consoleapp.main.class>com.company.infrastructure.foo.import.FooImporter</company.consoleapp.main.class>
</properties>
<dependencyManagement>
<dependencies>
<dependency>
<groupId>com.company.maven</groupId>
<artifactId>company-standalone-dm</artifactId>
<version>${company.parent.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>
<dependencies>
<!-- Logging -->
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-log4j12</artifactId>
</dependency>
<!-- Utilities -->
<dependency>
<groupId>args4j</groupId>
<artifactId>args4j</artifactId>
</dependency>
<dependency>
<groupId>com.sun.xml.bind</groupId>
<artifactId>jaxb-impl</artifactId>
<version>2.2.11</version>
</dependency>
<dependency>
<groupId>com.sun.xml.bind</groupId>
<artifactId>jaxb-core</artifactId>
<version>2.2.11</version>
</dependency>
<!-- Using foo-dataaccess -->
<dependency>
<groupId>com.company.infrastructure.marken</groupId>
<artifactId>foo-dataaccess</artifactId>
<version>1.0.0-SNAPSHOT</version>
<scope>compile</scope>
</dependency>
</dependencies>
<build>
<finalName>foo-import</finalName>
<plugins>
<!-- Consoleapp-Mixin -->
<plugin>
<groupId>com.github.odavid.maven.plugins</groupId>
<artifactId>mixin-maven-plugin</artifactId>
<configuration>
<mixins>
<mixin>
<groupId>com.company.maven</groupId>
<artifactId>company-consoleapp-mixin</artifactId>
<version>${company.parent.version}</version>
</mixin>
</mixins>
</configuration>
</plugin>
</plugins>
</build>
I think this might be something to do with your dependency management in maven, since you haven't specified the versions and maven figures out those versions automatically.
However when you run the application, you need those jars to be in your classpath otherwise you might end up getting a ClassNotFoundException because the jars are not available. So unless you figure out what your dependencies are like you mentioned and add them to your classpath you would end up seeing the error.
It might be worth enabling a further level of logging in your application to give you some indication of where the error is. You could also try and see if at the point of failure is referenced to an external library, which is the one that is not available in your classpath.
Could you also please share how your running your application through CLI.
I have a fairly large legacy project that I'm adding a component to. This component uses HtmlUnit. I can compile it ok with Maven but when I run it I get:
java.lang.NoSuchMethodError:
org.apache.http.conn.ssl.SSLConnectionSocketFactory.<init>
(Ljavax/net/ssl/SSLContext;[Ljava/lang/String;[Ljava/lang/String;Ljavax/net/ssl/HostnameVerifier;)
So it's missing the correct constructor. I think this is almost certainly a version conflict in httpclient but I'm not sure how to resolve it. Here's the relevant part of my pom.xml (note all the games I've been trying to play with exclusions and dependency management):
<dependencies>
<dependency>
<groupId>com.mycompany.mine</groupId>
<artifactId>my-base-project</artifactId>
<version>${project.version}</version>
<exclusions>
<exclusion>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>com.mycompany</groupId>
<artifactId>base-project</artifactId>
<version>${project.version}</version>
<scope>provided</scope>
<exclusions>
<exclusion>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
<version>4.5.2</version>
</dependency>
</dependencies>
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
<version>4.5.2</version>
</dependency>
</dependencies>
</dependencyManagement>
Any ideas?
Edit: it's been suggested that this question is a duplicate of this one, but it's not since the dependency type in this case is not war.
In order to identify conflicting dependecies, use mvn dependency:tree. I like to pipe it to a text file for ease of use:
mvn dependency:tree > tree.txt
Then, use your favorite text editor to look for multiple versions of a depedency.
Alternatively, if you are looking for a specific groupId or artifactId, use the -Dincludes flag:
mvn dependency:tree -Dincludes=<groupId>:<artifactId>:<version>:<packaging>
mvn dependency:tree -Dincludes=org.springframework <<< get all dependencies with by groupId
mvn dependency:tree -Dincludes=:spring-web <<< get all dependencies by artifactId
You might also want to add the -Dverbose flag here.
To resolve dependency conflicts, there are two ways:
1) Exclude the one you don't want
<depdency>
<groupId>some.stuff</groupId>
<artifactId>with.transitive.depdency</artifactId>
<exclusions>
<exclusion>
<groupId>something</groupId>
<artifactId>unwanted</artifactId>
<exclusion>
<exclusions>
<depdency>
With this way, you will have to exclude on every dependency that brings in a transitive one. For this reason I like the other one better.
2) Explicitly add the version you want
<dependency>
<groupId>something</groupId>
<artifactId>with.version.conflict</artifactId>
<version>what I want</version>
</dependency>
This will make sure that any transitive dependency will be swapped with this exact version. This might also lead to errors though, if some framework actually needs an older version. For using this strategy safely, your dependencies will need to be fairly close to the newest available version (or versions released at the same time).
I asked this question yesterday and it turned out to be a Maven issue. Although I was able to find a workaround (going with Geronimo instead of Java JMS) I was unable to figure out why the Java JMS solution isn't working.
I don't like to duplicate questions, but I don't believe this is a dupe because it is an entirely different original question.
So, I am trying to get JMS working with my application so I can push messages to a local queue. In my Maven pom.xml I add the following dependency declaration:
<dependencies>
<dependency>
<groupId>javax.jms</groupId>
<artifactId>jms</artifactId>
<version>1.1</version>
<scope>provided</scope>
</dependency>
</dependencies>
And right off the bat get a (red) highlighted error (using Eclipse) stating:
Missing artifact javax.jms:jms:jar:1.1
When I replace this with another JMS API, such as Geronimo, the error goes away. Is this a problem with the reference (Java) JMS dependency? Or is something configured wrong in my sandbox?
You can see in maven repo browser here http://mvnrepository.com/artifact/javax.jms/jms that size of artifact is 0 bytes. Seems some problems or special policy for that artifact.
The jms 1.1 jar is not available in the default maven repository - you need to add a reference to one of other public repositories (jboss one for eg)
This answer has details
https://stackoverflow.com/a/5272660/672586
The error might come because of the log4j transitive dependencies. You can exclude such dependencies as given below.
<dependency>
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
<version>1.2.17</version>
<exclusions>
<exclusion>
<artifactId>jms</artifactId>
<groupId>javax.jms</groupId>
</exclusion>
<exclusion>
<artifactId>jmxri</artifactId>
<groupId>com.sun.jmx</groupId>
</exclusion>
<exclusion>
<artifactId>jmxtools</artifactId>
<groupId>com.sun.jdmk</groupId>
</exclusion>
</exclusions>
</dependency>