I'm migrating a maven project to ant + ivy (it's an arbitrary decision, and it has to be done ).
The thing is that comparing both WAR files, the ant and the maven one, the former has a lot more 3rd party jars than the first one...
At first I thought that they were transitive dependencies but when I run mvn dependency:tree they don't appear there.
Any ideas?
EDIT:
Just for the record, I'm aware of the scope attribute of maven. I'm excluding all the provided and test dependencies in the ivy.xml file
You can use the ivy:report Ant task to generate a report of the dependencies resolved by Ivy. In this report, you can see where the extra dependencies are comming from.
Maarten
Related
I have a (long) list of what should not be included in my uber-jar, and I would like the list of what is included, so that I can work on the configuration and remove duplicates.
I looked at the output printed by mvn package that lists a lot of
[INFO] Including aaa.bbb:ccc.ddd:jar:x.y.z in the shaded jar
but I am pretty sure some of those were not included when I used the minimizeJar option. And looking into the output jar only allows to know the included classes (very difficult to track w.r.t the dependencies)
Question: Which ever configuration I use, how can I get a list of the dependencies that are actually merged into the uberjar?
I'm not familiar with the maven-shade-plugin, but have you tried out mvn dependency:tree? It should list all dependencies and its subdependencies of your project.
Edit: I re-read your question and it seems that you need a full dependency tree of your final uber-jar. A quick look at the maven-shade-plugin page told me that any dependency will be packed into the uber-jar. This should be what mvn dependency:tree outputs, but you can list the jar's contents aswell with jar tf <uber-jar>.jar. You may have to filter out parent dirs (e. g. com/) and the manifest file.
This is not the answer I am looking for, but for the sake of information sharing, here is what I did to find which dependency to remove from the shaded-jar:
use mvn dependency:list > dep.list
then manually remove lines that are not dependencies
and sort it
visually make a diff with the list of jar present on the deployment cluster
use mvn dependency:tree and my head to find the parent most dependencies that can be removed
mark them as <scope>provided<scope/>
use <keepDependenciesWithProvidedScope>false</keepDependenciesWithProvidedScope> in the shade plugin configuration
Tedious...
I use both Intellij IDEA (2018.3.5) & Eclipse IDEs, but I prefer Intellij. I have a maven based Java project with multiple poms. I added some dependencies to one of the pom files. I need to find out if there are any dependency conflicts which could prevent the build from running when its deployed, and then exclude them. I tried the steps given below to find conflicts which could cause problems. Are they enough or do I need to do more ?
Check if there are any compile time dependency conflicts with mvn clean install -DskipTests. Build was successful with no errors.
Check if Intellij shows no problems under File > Project Structure > Problems. There are no problems.
I also saw the dependency tree with mvn dependency:tree -Dverbose. It has a lot of "omitted for duplicate" and "omitted for conflict with" items, but the build was successful. I don't see any errors though. Does this mean that everything is okay or do I have to do something more about these conflicts ?
The best way to tell if everything is fine with your application is to have good tests.
However normally one doesn't exclude transitive dependencies from project's <dependency> libraries. Doing it can potentially break the dependency in a subtle and hard to notice way. It's usually safer to remove the whole <dependency>.
There are few scenario when one should use <exclude>:
Dealing with incompatible transitive dependencies between different libraries e.g. A requires library C-1.0 but library B requires library C-2.0 while C-1.0 and C-2.0 can't coexist on the classpath.
Having transitive dependencies already provided by system e.g. deploying to Tomcat with additional JARs in the TOMCAT_HOME/lib directory.
If you decide to exclude a dependency it's important that you check the final artifact because sometimes plugins do weird things e.g. there were versions of maven-assembly-plugin affected by a bug that resulted in different dependencies being resolved during shaded JAR creation than maven-dependency-plugin used for compilation.
I am new to Maven and I faced a problem when I tried to convert my current project from using Ant -> using Maven.
That project requires many Jars, and I look up those jars on mvnrepository and add all to POM.xml.
I don't know if some dependency is redundant.
Do you guy know any way to check if which dependency which I really need?
The Maven dependency analyzer plugin is just what you're looking for.
Just run
mvn install dependency:analyze
(on some platforms, for some reason, the full notation is required:)
mvn install org.apache.maven.plugins:maven-dependency-plugin:2.9:analyze
And review the report it produces.
I am working in a Maven project which has about 250 jar dependencies. Approximately Four out of five dependecies are not direct dependencies, I mean, they are dependencies of our dependencies (i.e jasperreport has about 8 dependencies).
Also, I suspect that there are some jar which we don't need to the project because they were old dependencies of old tool that we needed in the past but they were replaced by others.
What I need is:
To detect what jars of my pom.xml are not needed by the
project.
A way of removing the indirect jars from my pom.xml.
*Note: I'd swear that some time ago I manage to the indirect jars were downloaded by the direct dependencias, but I can't find how.
You're after mvn dependency:analyze:
Analyzes the dependencies of this project and determines which are: used and declared; used and undeclared; unused and declared.
This will let you remove any dependency which is not directly used from your pom. The dependencies that are used will still bring in their transitive (indirect) dependencies, as required.
I'm not really sure if you need to remove some dependencies of any of your direct dependencies or just want to clean jars downloaded.
If your problem is the first one, you can use "exclude" for that dependencies -> http://maven.apache.org/guides/introduction/introduction-to-optional-and-excludes-dependencies.html
If it's the second one, just remove your .m2/repository content and rebuild again your project
I have a webapp that consists of multiple projects. We assemble using Ant and we suspect that some of the jars in /java directory are unneeded.
To find unneeded jars I ran
mvn dependency:analyze -DignoreNonCompile
to get a list of unused declared jars for each project. However it is possible that a jar unused by one project is still used by another. To check this, I ran
mvn dependency:tree
to get the dependency structure of all projects.
Using information from these commands, I will now use a script to check if a jar exists such that it is unused in all projects that declare it. Is this a reasonable approach for compile-scoped jars? What about jars in other scopes?
Thanks.
However it is possible that a jar unused by one project is still used
by another.
I recommend to declare all needed dependencies as direct dependencies and not rely on transitive dependencies which might get removed in a newer version.
Define the versions of the dependencies in the DependencyManagement section of the common parent POM and omit the versions later when declaring the dependcies. Like this you can make sure you're using the same version of the dependencies in all your projects.