Disable Sonar rule using pom.xml? - spring-boot

I am using Spring Boot and Spring Jpa example and looking to disabled below Sonar rule through Maven mainly using pom.xml file. I don't have access or can't go and disable that rule in SonarQube as it's configured for the Org level.
Methods should not have too many parameters (squid:S00107)
I already went through web many times and did not find any promising solutions yet. This is what I look at : Configure Sonar to exclude files from Maven pom.xml too.

There seem to be a way of doing it but it may not be supported i.e.
<properties>
<sonar.issue.ignore.multicriteria>e1</sonar.issue.ignore.multicriteria>
<sonar.issue.ignore.multicriteria.e1.ruleKey>squid:S00107</sonar.issue.ignore.multicriteria.e1.ruleKey>
<sonar.issue.ignore.multicriteria.e1.resourceKey>**/*.java</sonar.issue.ignore.multicriteria.e1.resourceKey>
</properties>
Refer to : https://community.sonarsource.com/t/documentation-about-ignore-issues-seems-to-be-wrong-or-outdated/3353
but they do state :
We recommend users to use the UI to configure this, for best
experience. Consider the configuration via sonar-project.properties as
an undocumented hack, not official supported that may or may not work
reliably, use at your own risk.

Related

Can't find Maven surefire security settings property

When configuring the Surefire Maven plugin for Quarkus, I have come accross the following in the doc
<maven.settings>${session.request.userSettingsFile.path}</maven.settings>
For my project I would also need to do the same thing for the settings-security.xml file because we use password encryption.
In Quarkus this can be done using
<settings.security>
I can define this with a project property in the pom.xml with the hard-coded path of the settings-security.xml file in my CI/CD environment (it is not the default one). But ideally I would like to extract it from the Maven execution environment using something similar to ${session.request.userSettingsFile.path}
I have 2 questions (I still have a very limited experience of Maven for the moment, so please bear with me)
I have found plenty of examples with the ${session.request.userSettingsFile.path} property, but no documentation. Anyone know where these properties are documented? It is not at all clear to me where they come from.
Is there an equivalent to ${session.request.userSettingsFile.path} for the settings-security.xml file, or do I have to define the path in the project properties?
Thanks

spring 4 security jars are missing for offline download

while working on spring mvc 4, how to find the jar for offline project like the jar Spring Security Config,spring-security-web for spring 4 ... etc as thet are not available with default package of jars and I do not want to use maven at this time so where one can find the jar for spring 4
?
First of all, foregoing proper dependency management is a bad idea and will make development that much harder, especially when it comes to transitive dependency resolving.
However, if you really want to do it then you can download .jars straight from Maven Repository or any other online repo that hosts them.
If that fails then a Google search will give you some source to download them from.
Trying to avoid a dependency management tool that to with a framework like Spring which complements many other frameworks is a bad idea in the long run. It will be painful to upgrade the versions in future.
But if you still don't want to use maven/gradle kind of build tool, just use pom.xml/build.gradle just for onetime use and let maven/gradle download all the dependencies and copy all those jars in some folder of your code.
Again I strongly suggest to use a build tool, especially for Spring. Maven/Gradle are not that bad if you don't want to do crazy things!!

Configuration of duplicate-finder-maven-plugin to scan only specific location and excluding everything else

Is there a way to configure Maven duplicate-finder-maven-plugin plugin to scan only specific location and excluding everything else? Because in this moment, the results shows myriads of conflict that come from project dependencies.
From the configuration, it looks that the way to do it is explicitly excluding every dependency I don't want to scan.
Question: Is there a better practice? How to scan - for example - only the code that is under my direct responsibility, like com.my-company.my-project?
From the official documentation your case is already documented as following:
Ignore all classes that aren't from my company:
<configuration>
<ignoredClassPatterns>
<ignoredClassPattern>^((?!com[/.]mycompany).*)$</ignoredClassPattern>
</ignoredClassPatterns>
</configuration>
Note that the configuration option above is only available from plugin version 1.2.1 and later.

Is it possible to exclude or ignore junit test during a certain maven profile build?

Imagine that I have two profiles, one is for production, the other one is for test environment. The thing is, I just want to execute some tests only for development environment, not production.
I tried to put #ignore, but I cannot tell just ignore it ONLY during prod build. I tried to use sure-fire plugin of maven, but again I couldn't get it worked with different behaviour per profile.
(PS: It is a spring-hibernate project featured by such different tech.s like hazelcast, jms (activeMq), scheduler (quartz), else..)
Any help would be appreciated.
We have a system where we have three test sizes (Small, Medium and Large). We have created an annotation that allows us to mark tests with these sizes. We also created a Rule that will check a particular env variable and will skip tests based on size. Sorry, but I don't have the ability to post the code, but that is how we did it.
Here are some posts on how Google does it (we based our stuff on Google)
http://blog.utest.com/how-google-tests-software-small-medium-and-large/2011/04/
You can ignore junit test using maven.test.skip parameter as it is described in the documentation. You can also set the parameter as part of as profile.
<profile>
<id>noTest</id>
...
<properties>
<maven.test.skip>true</maven.test.skip>
...
</properties>
...
</profile>
Maven's Surefire Plugin: Inclusions and Exclusions of Tests

Runtime dependency (e.g. connection pooling) and classpath?

I have a Maven 3 project that uses Hibernate 3. In the Hibernate properties file, there is an entry for hibernate.connection.provider_class with the class corresponding to the C3P0 connection provider (org.hibernate.connection.C3P0ConnectionProvider). Obviously, this class is only used at runtime, so I don't need to add the corresponding dependency in my POM with the compile scope. Now, I want to give the possibility to use any connection pooling framework desired, so I also don't add a runtime dependency to the POM.
What is the best practice?
I thought about adding an entry to the classpath corresponding to the runtime dependency (in this case, hibernate-c3p0) when the application is run (for example, using the command line). But, I don't know if it's possible.
This is almost (maybe exactly) the same problem as with SLF4J. I don't know if Hibernate also uses the facade pattern for connection pooling.
Thanks
Since your code doesn't depend on the connection pooling (neither the main code nor the tests need it), there is no point to mention the dependency anywhere.
If anyone should mention it, then that would be Hibernate because Hibernate offers this feature in its config.
But you can add it to your POM with optional: true to indicate:
I support this feature
If you use it, then I recommend this framework and this version
That will make life slightly more simple for consumers of your project.
But overall, you should not mention features provided/needed by other projects unless they have some impact on your code (like when you offer a more simple way to configure connection pooling for Hibernate).
[EDIT] Your main concern is probably how to configure the project for QA. The technical term for this new movement is "DevOps" - instead of producing a dump WAR which the customer (QA) has to configure painstakingly, configuration is part of the development process just like everything else. What you pass on is a completely configured, ready-to-run setup.
To implement this, create another Maven module called "project-qa" which depends on your project and everything else you need to turn the dead code into a running application (so it will depend on DBCP plus it will contain all the necessary config files).
Maven supports overlayed WARs which will allow you to implement this painlessly.
You can mark your dependency as optional. In this case it will not be packaged into archives. In this case you have to ensure that your container provides required library.
You could use a different profile for each connection provider. In each profile you put the runtime dependency that correspond to the connection provider you want to use and change the hibernate.connection.provider_class property accordingly.
For more details about how to configure dependencies in profiles, see Different dependencies for different build profiles in maven.
To see how to change the value of the hibernate.connection.provider_class property see How can I change a .properties file in maven depending on my profile?

Resources