Preventing overriding dependency version in Maven child pom

Question

I have a dependencyManagement section in parent pom like

<dependencyManagement>
    <dependency>
        <groupId>org.apache.httpcomponents</groupId>
        <artifactId>httpclient</artifactId>
        <version>4.2.1</version>
    </dependency>
</dependencyManagement>

and a child pom, having it

<dependencies>
    <dependency>
        <groupId>org.apache.httpcomponents</groupId>
        <artifactId>httpclient</artifactId>
        <version>4.0</version>
    </dependency>
</dependencies>

I've tried to prevent this kind of overriding in child poms using enforcer plugin, allowing these only to be set in parent, but haven't been able to. I'd like this to fail the build. Is that possible, with that plugin or some other way?

There is DependencyCovergence, which forces all versions to be the same, but that's too restrictive as I don't want to control all transitive dependencies - just the ones defined explicitly.

I'd be happy if I could just prevent introducing any new dependencies at all in child poms - everything defined should really be defined in the parent pom, and then just mentioned, if needed, in the child.

Answer 1

You could add a dependency:analyze-dep-mgt execution in your parent pom and configure it to fail on version mismatches:

  <build>
    <plugins>
      <plugin>
        <groupId>org.apache.maven.plugins</groupId>
        <artifactId>maven-dependency-plugin</artifactId>
        <version>2.6</version>
        <executions>
          <execution>
            <id>analyze</id>
            <phase>package</phase>
            <goals>
              <goal>analyze-dep-mgt</goal>
            </goals>
            <configuration>
              <failBuild>true</failBuild>
              <ignoreDirect>false</ignoreDirect>
            </configuration>
          </execution>
        </executions>
      </plugin>
    </plugins>
  </build>