Menu
I am using maven 3 with the Enforcer plugin configured to force version convergence. I am using Spring 3.1.2 and Spring Security 3.1.3.
The problem is that Spring 3.1.3 POM declares dependencies on Spring 3.0.7 because that is the minimum version need for spring security. This means that the enforcer plugin complains because the transitive dependency graph has both Spring 3.1.2 and Spring 3.0.7 in it.
The fix is to explicitly exclude spring 3.0.7 as a dependency of spring security so that the enforcer plugin in happy.
The code snippet below does just that, the problem with it is that I am having to repeat the same snippet over and over gain for each jar of spring security, this is tedious and makes the pom hard to read, is there a way to tell maven something along the lines.
for the dependency org.springframework.security no matter what artificatId ignore the dependency of the security framework on the spring framework?
<dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-acl</artifactId> <version>${spring.security.version}</version> <exclusions> <exclusion> <artifactId>spring-tx</artifactId> <groupId>org.springframework</groupId> </exclusion> <exclusion> <artifactId>spring-asm</artifactId> <groupId>org.springframework</groupId> </exclusion> <exclusion> <artifactId>spring-core</artifactId> <groupId>org.springframework</groupId> </exclusion> <exclusion> <artifactId>spring-aop</artifactId> <groupId>org.springframework</groupId> </exclusion> <exclusion> <artifactId>spring-beans</artifactId> <groupId>org.springframework</groupId> </exclusion> <exclusion> <artifactId>spring-jdbc</artifactId> <groupId>org.springframework</groupId> </exclusion> <exclusion> <artifactId>spring-expression</artifactId> <groupId>org.springframework</groupId> </exclusion> <exclusion> <artifactId>spring-context</artifactId> <groupId>org.springframework</groupId> </exclusion> </exclusions> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-web</artifactId> <version>${spring.security.version}</version> <exclusions> <exclusion> <artifactId>spring-aop</artifactId> <groupId>org.springframework</groupId> </exclusion> <exclusion> <artifactId>spring-core</artifactId> <groupId>org.springframework</groupId> </exclusion> <exclusion> <artifactId>spring-expression</artifactId> <groupId>org.springframework</groupId> </exclusion> <exclusion> <artifactId>spring-beans</artifactId> <groupId>org.springframework</groupId> </exclusion> <exclusion> <artifactId>spring-context</artifactId> <groupId>org.springframework</groupId> </exclusion> <exclusion> <artifactId>aopalliance</artifactId> <groupId>aopalliance</groupId> </exclusion> <exclusion> <artifactId>spring-web</artifactId> <groupId>org.springframework</groupId> </exclusion> <exclusion> <artifactId>spring-jdbc</artifactId> <groupId>org.springframework</groupId> </exclusion> <exclusion> <artifactId>spring-tx</artifactId> <groupId>org.springframework</groupId> </exclusion> </exclusions> </dependency> 
619
Multiple transitive dependencies can be excluded by using the <exclusion> tag for each of the dependency you want to exclude and placing all these exclusion tags inside the <exclusions> tag in pom. xml. You will need to mention the group id and artifact id of the dependency you wish to exclude in the exclusion tag.
Exclusions are set on a specific dependency in your POM, and are targeted at a specific groupId and artifactId. When you build your project, that artifact will not be added to your project's classpath by way of the dependency in which the exclusion was declared.
In order to exclude these special dependencies from the main project, we can apply Maven's <optional> tag to them. This forces any user who wants to use those dependencies to declare them explicitly. However, it does not force those dependencies into a project that doesn't need them.
This probably won't help you much, but there is a feature request to allow wildcards in exclusions, however it is not in the current release version of Maven (3.0.4). (Edit: this feature is now present in Maven 3.2.1)
https://issues.apache.org/jira/browse/MNG-3832
Interesting is a comment in this JIRA issue:
Not sure what's going on, but this seems to work in Maven 3.0.3, using this:
<exclusion> <groupId>*</groupId> <artifactId>*</artifactId> </exclusion> However, this produces these warnings:
[WARNING] 'dependencies.dependency.exclusions.exclusion.groupId' for my.groupid:my.artifactid:ejb-client with value '*' does not match a valid id pattern. @ line 31, column 30
[WARNING] 'dependencies.dependency.exclusions.exclusion.artifactId' for my.groupid:my.artifactid:ejb-client with value '*' does not match a valid id pattern. @ line 32, column 33
So I probably shouldn't be doing it, but it does work.
So you might be able to use an artifactId wildcard in Maven 3.0.3 or later and have it work, but with warnings and with no guarantee of compatibility with later versions.
110
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
