Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Upgrade J2ee project to latest libraries

Tags:

java

dependencies

maven

jar

I got a task to tidy up a j2ee application and upgrade all its libraries for security purposes (some older jars got on a security concern report)

we are using maven and I have couple of questions :
Is it possible to find unused jars?
How to go about upgrading the libraries?
If library A is upgraded how to find related libraries minimum version? 

m2/aopalliance/aopalliance/1.0/aopalliance-1.0.jar
m2/asm/asm/3.3.1/asm-3.3.1.jar
m2/cglib/cglib-nodep/2.2.2/cglib-nodep-2.2.2.jar
m2/cglib/cglib/2.2.2/cglib-2.2.2.jar
m2/com/google/code/gson/gson/2.7/gson-2.7.jar
m2/com/ibm/icu/icu4j/53.1/icu4j-53.1.jar
m2/com/thoughtworks/proxytoys/proxytoys/1.0/proxytoys-1.0.jar
m2/commons-beanutils/commons-beanutils/1.9.2/commons-beanutils-1.9.2.jar
m2/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar
m2/commons-fileupload/commons-fileupload/1.3.1/commons-fileupload-1.3.1.jar
m2/commons-io/commons-io/2.4/commons-io-2.4.jar
m2/commons-logging/commons-logging/1.2/commons-logging-1.2.jar
m2/junit/junit/4.11/junit-4.11.jar
m2/org/apache/commons/commons-collections4/4.0/commons-collections4-4.0.jar
m2/org/apache/commons/commons-digester3/3.2/commons-digester3-3.2.jar
m2/org/apache/commons/commons-email/1.3.3/commons-email-1.3.3.jar
m2/org/apache/commons/commons-lang3/3.3.2/commons-lang3-3.3.2.jar
m2/org/apache/logging/log4j/log4j-api/2.1/log4j-api-2.1.jar
m2/org/apache/logging/log4j/log4j-core/2.1/log4j-core-2.1.jar
m2/org/apache/taglibs/taglibs-standard-impl/1.2.1/taglibs-standard-impl-1.2.1.jar
m2/org/apache/taglibs/taglibs-standard-spec/1.2.1/taglibs-standard-spec-1.2.1.jar
m2/org/mongodb/mongo-java-driver/2.12.4/mongo-java-driver-2.12.4.jar
m2/org/mongodb/morphia/morphia/1.3.2/morphia-1.3.2.jar
m2/org/slf4j/jcl-over-slf4j/1.7.7/jcl-over-slf4j-1.7.7.jar
m2/org/slf4j/slf4j-api/1.7.7/slf4j-api-1.7.7.jar
m2/org/springframework/data/spring-data-commons/1.8.0.RELEASE/spring-data-commons-1.8.0.RELEASE.jar
m2/org/springframework/data/spring-data-mongodb/1.5.0.RELEASE/spring-data-mongodb-1.5.0.RELEASE.jar
m2/org/springframework/spring-aop/4.0.5.RELEASE/spring-aop-4.0.5.RELEASE.jar
m2/org/springframework/spring-beans/4.0.5.RELEASE/spring-beans-4.0.5.RELEASE.jar
m2/org/springframework/spring-context/4.0.5.RELEASE/spring-context-4.0.5.RELEASE.jar
m2/org/springframework/spring-core/4.0.5.RELEASE/spring-core-4.0.5.RELEASE.jar
m2/org/springframework/spring-expression/4.0.5.RELEASE/spring-expression-4.0.5.RELEASE.jar
m2/org/springframework/spring-tx/3.2.9.RELEASE/spring-tx-3.2.9.RELEASE.jar
m2/org/springframework/spring-web/4.0.5.RELEASE/spring-web-4.0.5.RELEASE.jar
m2/org/springframework/spring-webmvc/4.0.5.RELEASE/spring-webmvc-4.0.5.RELEASE.jar
m2/xalan/serializer/2.7.1/serializer-2.7.1.jar
m2/xalan/xalan/2.7.1/xalan-2.7.1.jar
m2/xml-apis/xml-apis/1.3.04/xml-apis-1.3.04.jar
like image 585
JavaSheriff Avatar asked Aug 10 '17 13:08

JavaSheriff

1 Answers

  • Is it possible to find unused jars?

    Yes!, you can use the Apache Maven Dependency Plugin.

    You can do a mvn dependency:analyze -DignoreNonCompile to find unused but declared and used but undeclared dependencies. Please check the full documentation because you can customize exclusions, in what phase you want to execute the verification and other topics within this plugin.

    You can be as strict as you want, check the goals available for this plugin, using <goal>analyze-duplicate</goal> you can also catch duplicated dependencies, for example if you want your build to fail on "dependency errors" you can define this plugin in your pom.xml like:

    <plugin>
  <groupId>org.apache.maven.plugins</groupId>
  <artifactId>maven-dependency-plugin</artifactId>
  <executions>
    <execution>
      <id>analyze-dependencies</id>
      <goals>
        <goal>analyze-duplicate</goal>
        <goal>analyze-only</goal>
      </goals>
    </execution>
  </executions>
  <configuration>
    <failBuild>true</failBuild>
  </configuration>
</plugin>

  • How about upgrading the libraries?

    Yes! For this task you can use the Versions Maven Plugin.

    To find new dependency updates you can use mvn versions:display-dependency-updates, it will give you a list of the latest versions for the dependencies in your pom.xml

    You can also do a mvn versions:display-plugin-updates to find plugin updates.

    By default this will be performed recursively, in case you don't want to have it recursive you can use the -N flag.

    Putting it all together: mvn -N versions:display-dependency-updates versions:display-plugin-updates

like image 54
imTachu Avatar answered Oct 09 '22 01:10

imTachu
Sign in to Comment

Related questions

How to get Array List Object From Firebase
How to reference Stage in controller class? [duplicate]
Specializing method arguments in subclasses in Java
Dropbox V2 uploadBuilder: "String 'path' does not match pattern"
Find a file in a directory and sub directories using Java 8
RecyclerView within ScrollView wrap_content height not working as intended
DEADLOCK with C3P0 on java se application
Listening for activity button clicks from inside a fragment
Mocking java.lang.reflect.Method using Mockito
Using repository annotation when implementing JpaRepostiory in Spring
Update to IntelliJ 2017.1 causes JAVA_TOOL_OPTIONS to print
java.util.zip.ZipException: duplicate entry with firebase
spring cloud feign hystrix fallback not work
How can I found where I defined JAVA_HOME
How to send JSON as a parameter in url using Spring RestTemplate?
HashSet.contains returns false when it shouldn't
SonarQube rule Classes from "com.sun.*" and "sun.*" packages should not be used
Sonar violation: Invoke method(s) only conditionally
Kafka: Single consumer group in multiple instances
java.lang. RuntimeException No Retrofit annotation found. (parameter #3)

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!