My pom references a parent pom with a lot of declared dependencies in the dependenyManagement section. This overwrites the version of a transitive dependency and causes runtime problems.
To solve this I now declare the transitive dependency as an explicit dependency, but it took me a while to figure out the problem. I would have noticed much sooner, if mvn dependency:tree would have shown me that the version was overwritten, but it did not.
Can you tell me how I can quickly see, where the versions of my dependency originate from and how I can see whether a transitive dependency was affected by the parent pom or not?
mvn dependency:tree -Dverbose=true
ought to do the trick. Alternativ, you can use:
mvn dependency:tree -X
Using Maven 3.3.9 and 3.5.2 (Both default to version 2.10 of maven-dependency-plugin:
[INFO] --- maven-dependency-plugin:2.10:tree (default-cli) # xxx ---
[WARNING] Using Maven 2 dependency tree to get verbose output, which may be inconsistent with actual Maven 3 resolution
[INFO] xxx:jar:1.0.0-SNAPSHOT
[INFO] +- com.sun.mail:javax.mail:jar:1.5.6:runtime
[INFO] | \- (javax.activation:activation:jar:1.1:runtime - omitted for conflict with 1.1.1)
[INFO] +- org.eclipse.jgit:org.eclipse.jgit.junit:jar:4.7.0.201704051617-r:test
[INFO] | \- (org.eclipse.jgit:org.eclipse.jgit:jar:3.5.3.201412180710-r:test - version managed from 4.7.0.201704051617-r; omitted for conflict with 4.7.0.201704051617-r)
[INFO] +- org.eclipse.jgit:org.eclipse.jgit.junit.http:jar:4.7.0.201704051617-r:test
[INFO] | +- (org.eclipse.jgit:org.eclipse.jgit:jar:3.5.3.201412180710-r:test - version managed from 4.7.0.201704051617-r; omitted for conflict with 4.7.0.201704051617-r)
[INFO] | +- org.eclipse.jgit:org.eclipse.jgit.http.server:jar:4.7.0.201704051617-r:test
[INFO] | | \- (org.eclipse.jgit:org.eclipse.jgit:jar:3.5.3.201412180710-r:test - version managed from 4.7.0.201704051617-r; omitted for conflict with 4.7.0.201704051617-r)
[INFO] | +- (org.eclipse.jgit:org.eclipse.jgit.junit:jar:4.7.0.201704051617-r:test - omitted for duplicate)
[INFO] | \- org.eclipse.jetty:jetty-servlet:jar:9.4.7.v20170914:test (version managed from 9.3.17.v20170317)
[INFO] | \- (org.eclipse.jetty:jetty-security:jar:9.4.7.v20170914:test - omitted for conflict with 9.3.19.v20170502)
[INFO] +- org.eclipse.jetty:jetty-security:jar:9.3.19.v20170502:test
[INFO] | \- org.eclipse.jetty:jetty-server:jar:9.4.7.v20170914:test (version managed from 9.3.19.v20170502)
[INFO] | +- javax.servlet:javax.servlet-api:jar:3.1.0:test
[INFO] | +- org.eclipse.jetty:jetty-http:jar:9.4.7.v20170914:test
[INFO] | | +- org.eclipse.jetty:jetty-util:jar:9.4.7.v20170914:test
[INFO] | | \- (org.eclipse.jetty:jetty-io:jar:9.4.7.v20170914:test - omitted for duplicate)
[INFO] | \- org.eclipse.jetty:jetty-io:jar:9.4.7.v20170914:test
[INFO] | \- (org.eclipse.jetty:jetty-util:jar:9.4.7.v20170914:test - omitted for duplicate)
[INFO] \- org.springframework.boot:spring-boot-starter-data-ldap:jar:1.5.8.RELEASE:compile
[INFO] \- (org.slf4j:jcl-over-slf4j:jar:1.7.25:compile - scope updated from runtime; omitted for duplicate)
If you are using Eclipse with the M2 plugin, the tab "Dependency Hierarchy" on the POM will display omitted versions as well.
Use these plugins
https://maven.apache.org/plugins/maven-dependency-plugin/list-mojo.html
https://maven.apache.org/plugins/maven-help-plugin/effective-pom-mojo.html
Run command
mvn dependency:list
and
help:effective-pom
then compare two lists.
Related
As part Log4jshell problem, we are trying to analyze which projects use which version of Log4j. I did try the following maven commands
mvn dependency:list | grep log4j
mvn dependency:tree -Dverbose
mvn dependency:tree -Dverbose | grep log4
But it lists information only like this
mvn dependency:tree | grep log4
[INFO] \- org.apache.logging.log4j:log4j-api:jar:2.13.1:provided
[INFO] +- org.apache.logging.log4j:log4j-api:jar:2.13.1:provided
[INFO] | | +- log4j:log4j:jar:1.2.16:compile
[INFO] | | +- log4j:log4j:jar:1.2.16:compile
[INFO] | +- log4j:log4j:jar:1.2.17:provided
[INFO] +- log4j:log4j:jar:1.2.17:compile
[INFO] +- org.apache.logging.log4j:log4j-api:jar:2.13.1:compile
[INFO] \- org.apache.logging.log4j:log4j-core:jar:2.13.1:compile
[INFO] +- org.apache.logging.log4j:log4j-api:jar:2.13.1:compile
[INFO] +- org.apache.logging.log4j:log4j-core:jar:2.13.1:compile
[INFO] +- org.springframework.boot:spring-boot-starter-log4j2:jar:2.1.8.RELEASE:compile
[INFO] | +- org.apache.logging.log4j:log4j-slf4j-impl:jar:2.11.2:compile
[INFO] | +- org.apache.logging.log4j:log4j-jul:jar:2.11.2:compile
[INFO] +- org.springframework.boot:spring-boot-starter-log4j2:jar:2.1.8.RELEASE:compile
I cannot find which project in our workspace it points to. Can anyone please help on this?
Note: There are several maven projects and there is a parent pom.xml for all the pom.xml files. So want to identify which maven projects are using log4j along with the name.
Use the includes option
mvn dependency:tree -Dincludes=org.apache.logging.log4j
example output:
[INFO] com.test:test:jar:0.0.1-SNAPSHOT
[INFO] \- org.springframework.boot:spring-boot-starter-security:jar:2.5.3:compile
[INFO] \- org.springframework.boot:spring-boot-starter:jar:2.5.3:compile
[INFO] \- org.springframework.boot:spring-boot-starter-logging:jar:2.5.3:compile
[INFO] \- org.apache.logging.log4j:log4j-to-slf4j:jar:2.14.1:compile
[INFO] \- org.apache.logging.log4j:log4j-api:jar:2.14.1:compile
documentation
Thanks for the answer. Yes it did answer my question. I used the command below and got the result.
mvn dependency:tree -Dincludes=org.apache.logging.log4j -DoutputFile=`pwd`/maven-report-log4j.txt -DappendOutput=true
I have a Java project which has a dependency of SpringBoot version 2.3.6.RELEASE. However, I'm in trouble trying to upgrade to 2.4.0 version. In the project nothing else was changed, only version of SpringBoot. Since then the application throws the following error message:
Caused by: java.lang.ClassCastException: com.nimbusds.jose.shaded.json.JSONObject cannot be cast to net.minidev.json.JSONObject
I did some comparison of maven dependency tree (mvn dependency:tree) and found out that probably some significant changes have been done for nimbus-jose-jwt and json-smart libs.
2.3.6.RELEASE
[INFO] +- org.springframework.security:spring-security-oauth2-jose:jar:5.3.5.RELEASE:compile
[INFO] | +- com.nimbusds:nimbus-jose-jwt:jar:8.19:compile (version managed from 8.20.1)
[INFO] | | +- com.github.stephenc.jcip:jcip-annotations:jar:1.0-1:compile
[INFO] | | \- net.minidev:json-smart:jar:1.3.1:provided (scope managed from compile)
[INFO] | +- org.springframework.security:spring-security-core:jar:5.3.5.RELEASE:compile
2.4.0
[INFO] +- org.springframework.security:spring-security-oauth2-jose:jar:5.4.1:compile
[INFO] | +- com.nimbusds:nimbus-jose-jwt:jar:9.1.2:compile (version managed from 9.0.1)
[INFO] | | \- com.github.stephenc.jcip:jcip-annotations:jar:1.0-1:compile
[INFO] | +- org.springframework.security:spring-security-core:jar:5.4.1:compile
As can be seen above nimbus-jose-jwt has been updated from 8.19 to 9.1.2. Moreover, json-smart is not anymore part of nimbus-jose-jwt in 2.4.0.
The root cause is probably this change https://connect2id.com/blog/nimbus-jose-jwt-9
However, what should be done in order to prevent this exception?
You could override the default versions of jars nimbus-jose-jwt and json-smart, by adding the older version explicitly in your pom.
Please refer here : https://github.com/Azure/azure-sdk-for-java/issues/14898
In my case - I had to upgrade to 2.5.7 Springboot version and the nimbus-jose-jwt:jar version came with SB-2.5.7 is 9.10.1.
org.springframework.security:spring-security-oauth2-jose:jar:5.5.3:compile
[INFO] | +- (org.springframework.security:spring-security-core:jar:5.5.3:compile - version managed from 4.2.15.RELEASE; omitted for duplicate)
[INFO] | +- (org.springframework.security:spring-security-oauth2-core:jar:5.5.3:compile - omitted for duplicate)
[INFO] | +- (org.springframework:spring-core:jar:5.3.13:compile - version managed from 5.3.11; omitted for duplicate)
[INFO] | \- com.nimbusds:nimbus-jose-jwt:jar:9.10.1:compile
After downgrading the nimbus-jose-jwt to 8.20 the app started working.
I have following dependency tree.
[INFO] +- net.sf.jasperreports:jasperreports:jar:6.5.1:compile
[INFO] | +- org.eclipse.jdt.core.compiler:ecj:jar:4.4.2:compile
[INFO] | +- org.codehaus.castor:castor-xml:jar:1.3.3:compile
[INFO] | | +- org.codehaus.castor:castor-core:jar:1.3.3:compile
[INFO] | | +- commons-lang:commons-lang:jar:2.6:compile
When I add dependency "commons-lang" as top level dependency in the pom file it automatically removes the transitive dependency for common-lang even without exclude it from pom file.
[INFO] +- net.sf.jasperreports:jasperreports:jar:6.5.1:compile
[INFO] | +- org.eclipse.jdt.core.compiler:ecj:jar:4.4.2:compile
[INFO] | +- org.codehaus.castor:castor-xml:jar:1.3.3:compile
[INFO] | | +- org.codehaus.castor:castor-core:jar:1.3.3:compile
[INFO] | | +- javax.inject:javax.inject:jar:1:compile
What is expected is it should exclude common-lang when we exclude it from jasperreports.
Dependency Mediation is the rule which you are talking about. It is one of the rule which maven follows to manage transitive dependencies.
It will put commons-lang in the dependency tree according to its nearest definition in the pom.
You can read about all the rules here :
https://maven.apache.org/guides/introduction/introduction-to-dependency-mechanism.html
So to quote them :
Dependency mediation - this determines what version of an artifact will be chosen when multiple versions are encountered as dependencies. Maven picks the "nearest definition". That is, it uses the version of the closest dependency to your project in the tree of dependencies. You can always guarantee a version by declaring it explicitly in your project's POM.
And the dependency of commons-lang is never removed, its place in the transitive tree has changed. Now it has become a Level 1 dependency.
[INFO] +- commons-lang:commons-lang:jar:2.6:compile
[INFO] \- net.sf.jasperreports:jasperreports:jar:6.5.1:compile
[INFO] +- org.eclipse.jdt.core.compiler:ecj:jar:4.4.2:compile
[INFO] +- org.codehaus.castor:castor-xml:jar:1.3.3:compile
[INFO] | +- org.codehaus.castor:castor-core:jar:1.3.3:compile
[INFO] | +- javax.inject:javax.inject:jar:1:compile
[INFO] | +- stax:stax:jar:1.2.0:compile
[INFO] | | \- stax:stax-api:jar:1.0.1:compile
[INFO] | \- javax.xml.stream:stax-api:jar:1.0-2:compile
[INFO] +- com.fasterxml.jackson.core:jackson-core:jar:2.1.4:compile
When a dependency is declared in your projects pom maven will use that declaration instead of the transitive dependency.
Omitted dependencies are not displayed in the maven dependency tree, and I just learned that since maven-dependency-plugin version 3.0 the verbose option is no longer supported - which would show the omitted dependency.
I see this when I tried to provide -Dverbose option at maven command line (for "mvn dependency:tree -Dverbose=true"):
Verbose not supported since maven-dependency-plugin 3.0
See comments on answer in Display omitted versions in maven dependency:tree?
I've an exception in my maven project:
class "javax.servlet.HttpConstraintElement"'s signer information does not match signer information of other classes in the same package
Question:
How to resolve this problem?
PS:
As I understand, I use two jars, both contains HttpConstraintElement. And those maven dependencies have two different versions. So I tried to:
$ mvn dependency:tree -Dverbose |grep servlet
[INFO] +- javax.servlet:servlet-api:jar:2.5:compile
[INFO] +- javax.servlet.jsp:jsp-api:jar:2.2:compile
[INFO] +- javax.servlet:jstl:jar:1.2:compile
[INFO] | +- org.apache.tiles:tiles-servlet-wildcard:jar:2.2.2:compile
[INFO] | | +- (org.apache.tiles:tiles-servlet:jar:2.2.2:compile - omitted for duplicate)
[INFO] | | +- (org.apache.tiles:tiles-servlet:jar:2.2.2:compile - omitted for duplicate)
[INFO] | | +- (org.apache.tiles:tiles-servlet:jar:2.2.2:compile - omitted for duplicate)
[INFO] +- org.apache.tiles:tiles-servlet:jar:2.2.2:compile
[INFO] | +- (org.apache.tiles:tiles-servlet:jar:2.2.2:compile - omitted for duplicate)
[INFO] \- org.eclipse.jetty:jetty-servlet:jar:9.0.0.M4:compile
[INFO] +- org.eclipse.jetty.orbit:javax.servlet:jar:3.0.0.v201112011016:compile
This answer worked for me, using Servlet API 3.0.
The solution was to take the explicit dependency on servlet-api, and change it from provided to compile scope.
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>javax.servlet-api</artifactId>
<version>3.0.1</version>
<scope>compile</scope>
</dependency>
Two JDKs in path or classpath can create a similar problem.
I have a standalone spring app that contains mainly aspecj aspects and few other spring managed beans and bundled in a jar with maven-assembly plugin with all the spring dependencies bundled inside the jar and added to weblogic classpath.
the goal is to have he aspects inside the library woven into all the running applications inside weblogic in run time using aspectJ agent.
The problem is that when I add my jar file in the classpath and restart the server I get ClassNotFoundException when the existing web app is deployed.
I know it is not a jar file not in the lib folder, since the app deploys fine without my jar file in classpath.
Note: I also get classNotFoundException when I just drop the spring jar files in the domain/lib folder.
Can you shade some light on why the running applications are impacted by my spring based library?
Please see stacktrace below: i m pretty sure javax.validation.ValidatorFactory is in the validation-api inside the WEB-INF\lib folder. as i only get this exception when I add my custom jar file to weblogic classpath.
Caused By: org.springframework.beans.factory.CannotLoadBeanClassException: Error loading class [org.springframework.validation.beanvalidation.LocalValidatorFactoryBean] for bean with name 'jsr303Validator' defined in ServletContext resource [/WEB-INF/config/webmvc-config.xml]: problem with class file or dependent class; nested exception is java.lang.NoClassDefFoundError: javax/validation/ValidatorFactory
at org.springframework.beans.factory.support.AbstractBeanFactory.resolveBeanClass(AbstractBeanFactory.java:1272)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.predictBeanType(AbstractAutowireCapableBeanFactory.java:578)
at org.springframework.beans.factory.support.AbstractBeanFactory.isFactoryBean(AbstractBeanFactory.java:1338)
at org.springframework.beans.factory.support.DefaultListableBeanFactory.doGetBeanNamesForType(DefaultListableBeanFactory.java:356)
at org.springframework.beans.factory.support.DefaultListableBeanFactory.getBeanNamesForType(DefaultListableBeanFactory.java:335)
at org.springframework.beans.factory.BeanFactoryUtils.beanNamesForTypeIncludingAncestors(BeanFactoryUtils.java:187)
at org.springframework.beans.factory.support.DefaultListableBeanFactory.findAutowireCandidates(DefaultListableBeanFactory.java:895)
at org.springframework.beans.factory.support.DefaultListableBeanFactory.doResolveDependency(DefaultListableBeanFactory.java:853)
at org.springframework.beans.factory.support.DefaultListableBeanFactory.resolveDependency(DefaultListableBeanFactory.java:768)
at org.s
Caused By: java.lang.ClassNotFoundException: javax.validation.ValidatorFactory
at java.net.URLClassLoader$1.run(URLClassLoader.java:202)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:190)
at java.lang.ClassLoader.loadClass(ClassLoader.java:306)
at java.lang.ClassLoader.loadClass(ClassLoader.java:247)
at java.lang.ClassLoader.defineClass1(Native Method)
at java.lang.ClassLoader.defineClassCond(ClassLoader.java:631)
at java.lang.ClassLoader.defineClass(ClassLoader.java:615)
at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:141)
at java.net.URLClassLoader.defineClass(URLClassLoader.java:283)
at java
Here is the dependency tree of my WAR file.
[INFO] [dependency:tree {execution: default-cli}]
[INFO] com.company.project:eCom4jWeb:war:1.0.0-SNAPSHOT
[INFO] +- com.company.project:eCom4jCore:jar:1.0.0-SNAPSHOT:compile
[INFO] | +- org.springframework:spring-jdbc:jar:3.1.2.RELEASE:compile
[INFO] | +- org.hsqldb:com.springsource.org.hsqldb:jar:1.8.0.9:runtime
[INFO] | +- mysql:mysql-connector-java:jar:5.1.9:compile
[INFO] | +- org.hibernate:com.springsource.org.hibernate:jar:3.3.2.GA:compile
[INFO] | | +- net.sourceforge.cglib:com.springsource.net.sf.cglib:jar:2.2.0:compile
[INFO] | | +- org.antlr:com.springsource.antlr:jar:2.7.6:compile
[INFO] | | +- org.apache.commons:com.springsource.org.apache.commons.collections:jar:3.2.1:compile
[INFO] | | +- org.dom4j:com.springsource.org.dom4j:jar:1.6.1:compile
[INFO] | | +- org.jboss.javassist:com.springsource.javassist:jar:3.9.0.GA:compile
[INFO] | | \- org.objectweb.asm:com.springsource.org.objectweb.asm:jar:1.5.3:compile
[INFO] | +- org.hibernate:com.springsource.org.hibernate.annotations:jar:3.4.0.GA:compile
[INFO] | | \- org.hibernate:com.springsource.org.hibernate.annotations.common:jar:3.3.0.ga:compile
[INFO] | +- org.hibernate:hibernate-validator:jar:4.2.0.Final:compile
[INFO] | | +- javax.validation:validation-api:jar:1.0.0.GA:compile
[INFO] | | \- org.slf4j:slf4j-api:jar:1.6.1:compile
[INFO] | +- javax.transaction:com.springsource.javax.transaction:jar:1.1.0:compile
[INFO] | +- commons-beanutils:commons-beanutils:jar:1.8.3:compile
[INFO] | +- net.sf.dozer:dozer:jar:5.3.1:compile
[INFO] | \- org.apache.xmlbeans:xmlbeans:jar:2.4.0:runtime
[INFO] | \- stax:stax-api:jar:1.0.1:runtime
[INFO] +- com.company.project:eCom4jWS:jar:1.0.0-SNAPSHOT:compile
[INFO] | +- com.company.project:eCom4jRemixDomain:jar:1.0.0-SNAPSHOT:compile
[INFO] | | \- org.jvnet.jaxb2_commons:jaxb2-basics-runtime:jar:0.6.2:compile
[INFO] | \- org.springframework:spring-oxm:jar:3.1.2.RELEASE:compile
[INFO] +- javax.servlet:jstl:jar:1.2:compile
[INFO] +- org.springframework.security:spring-security-web:jar:3.1.2.RELEASE:compile
[INFO] | \- aopalliance:aopalliance:jar:1.0:compile
[INFO] +- org.springframework.security:spring-security-taglibs:jar:3.1.2.RELEASE:compile
[INFO] | \- org.springframework.security:spring-security-acl:jar:3.1.2.RELEASE:compile
[INFO] +- org.springframework:spring-webmvc:jar:3.1.2.RELEASE:compile
[INFO] | +- org.springframework:spring-asm:jar:3.1.2.RELEASE:compile
[INFO] | \- org.springframework:spring-context-support:jar:3.1.2.RELEASE:compile
[INFO] +- javax.servlet:servlet-api:jar:2.5:provided
[INFO] +- org.springframework:spring-beans:jar:3.1.2.RELEASE:compile
[INFO] +- org.springframework.webflow:spring-binding:jar:2.2.1.RELEASE:compile
[INFO] +- org.springframework.webflow:spring-js:jar:2.2.1.RELEASE:compile
[INFO] | \- org.springframework.webflow:spring-js-resources:jar:2.2.1.RELEASE:compile
[INFO] +- org.springframework.webflow:spring-webflow:jar:2.2.1.RELEASE:compile
[INFO] +- org.springframework.security:spring-security-config:jar:3.1.2.RELEASE:compile
[INFO] +- org.springframework.security:spring-security-core:jar:3.1.2.RELEASE:compile
[INFO] +- org.springframework:spring-tx:jar:3.1.2.RELEASE:compile
[INFO] +- org.springframework:spring-web:jar:3.1.2.RELEASE:compile
[INFO] +- org.springframework:spring-aop:jar:3.1.2.RELEASE:compile
[INFO] +- commons-logging:commons-logging:jar:1.1.1:compile
[INFO] +- org.springframework:spring-core:jar:3.1.2.RELEASE:compile
[INFO] +- org.springframework:spring-orm:jar:3.1.2.RELEASE:compile
[INFO] +- org.springframework:spring-context:jar:3.1.2.RELEASE:compile
[INFO] +- javax.el:el-api:jar:1.0:provided
[INFO] +- org.jboss.el:com.springsource.org.jboss.el:jar:2.0.0.GA:compile
[INFO] +- org.apache.tiles:tiles-core:jar:2.1.4:compile
[INFO] | +- commons-digester:commons-digester:jar:1.8.1:compile
[INFO] | \- commons-logging:commons-logging-api:jar:1.1:compile
[INFO] +- org.apache.tiles:tiles-jsp:jar:2.1.4:compile
[INFO] +- org.apache.tiles:tiles-api:jar:2.1.4:compile
[INFO] +- org.apache.tiles:tiles-servlet:jar:2.1.4:compile
[INFO] +- org.springframework:spring-test:jar:3.1.2.RELEASE:test
[INFO] +- org.springframework:spring-expression:jar:3.1.2.RELEASE:compile
[INFO] +- org.springframework:spring-test-mvc:jar:1.0.0.BUILD-SNAPSHOT:test
[INFO] +- org.powermock:powermock-module-junit4:jar:1.4.12:test
[INFO] | \- org.powermock:powermock-module-junit4-common:jar:1.4.12:test
[INFO] | +- org.powermock:powermock-core:jar:1.4.12:test
[INFO] | | \- org.javassist:javassist:jar:3.16.1-GA:test
[INFO] | \- org.powermock:powermock-reflect:jar:1.4.12:test
[INFO] +- org.powermock:powermock-api-easymock:jar:1.4.12:test
[INFO] | \- org.powermock:powermock-api-support:jar:1.4.12:test
[INFO] +- org.codehaus.jackson:jackson-mapper-asl:jar:1.5.3:compile
[INFO] | \- org.codehaus.jackson:jackson-core-asl:jar:1.5.3:compile
[INFO] +- com.jayway.jsonpath:json-path:jar:0.8.1:test
[INFO] | \- net.minidev:json-smart:jar:1.1.1:test
[INFO] +- org.aspectj:com.springsource.org.aspectj.weaver:jar:1.6.8.RELEASE:compile
[INFO] +- org.slf4j:com.springsource.slf4j.api:jar:1.5.6:compile
[INFO] +- org.slf4j:com.springsource.slf4j.org.apache.commons.logging:jar:1.5.6:runtime
[INFO] +- org.slf4j:com.springsource.slf4j.log4j:jar:1.5.6:runtime
[INFO] +- org.apache.log4j:com.springsource.org.apache.log4j:jar:1.2.15:compile
[INFO] +- org.apache.commons:com.springsource.org.apache.commons.dbcp:jar:1.2.2.osgi:runtime
[INFO] +- org.apache.commons:com.springsource.org.apache.commons.pool:jar:1.5.3:runtime
[INFO] +- org.hamcrest:hamcrest-all:jar:1.3:compile
[INFO] +- junit:junit:jar:4.8.1:test (scope not updated to compile)
[INFO] +- org.easymock:easymock:jar:3.1:test
[INFO] | +- cglib:cglib-nodep:jar:2.2.2:test
[INFO] | \- org.objenesis:objenesis:jar:1.2:test
[INFO] +- commons-lang:commons-lang:jar:2.6:compile
[INFO] +- org.apache.struts:struts2-core:jar:2.2.1:compile
[INFO] | +- org.apache.struts.xwork:xwork-core:jar:2.2.1:compile
[INFO] | +- org.freemarker:freemarker:jar:2.3.16:compile
[INFO] | +- ognl:ognl:jar:3.0:compile
[INFO] | +- commons-fileupload:commons-fileupload:jar:1.2.1:compile
[INFO] | +- commons-io:commons-io:jar:1.3.2:compile
[INFO] | \- com.sun:tools:jar:1.5.0:system
[INFO] +- org.apache.struts:struts2-tiles-plugin:jar:2.2.1:compile
[INFO] +- org.apache.struts:struts2-spring-plugin:jar:2.2.1:compile
[INFO] +- javax.mail:mail:jar:1.4:compile
[INFO] | \- javax.activation:activation:jar:1.1:compile
[INFO] \- net.tanesha.recaptcha4j:recaptcha4j:jar:0.0.7:compile
[INFO] -------
Thanks
If you are using maven to build your jar, try to build your jar file with the dependencies embedded and test it, the below link can help you to do so:
How can I create an executable JAR with dependencies using Maven?
The dependency tree shows:
two versions of commons-logging: 1.1 and 1.1.1
two versions of slf4j: 1.5.6 and 1.6.1
javax.transaction has scoped compiled instead of provided
various versions of Hibernate artifacts from different sources org.hibernate:com.springsource.org.hibernate:jar:3.3.2.GA:compile org.hibernate:com.springsource.org.hibernate.annotations:jar:3.4.0.GA:compile org.hibernate:hibernate-validator:jar:4.2.0.Final:compile
As ClassLoader loads resources without any determined or predefined order, adding a jar file may have changed this order and class conflicts are now visible - either inside the EAR/WAR itself or between the application server and the application.
It is not obvious to point the conflict source with information provided but it is probably org.hibernate:hibernate-validator and you should align its version with core package, so 3.3.2.GA from com.springsource too.
To get the diagnostic clear, run WebLogic JVM with -verbose:class option and look at stderr output. The latest loaded resources before the failure and log of previously loaded related classes are the best clues to eliminate such a conflict created by packaging.
If conflict comes from a application server package and you cannot align to that same version, WebLogic allows you to set class loading filtering by package to force your own version to be loaded. Please refer to section Using a Filtering Classloader from classloading documentation.
It sounds like a Jar Hell... If you have different versions of the same jar, your container only loads the first one... now, imagine if it loads version 5 of jar 1, and version 2 of the dependent jar 2 (but the correct was version 5 too)... and can get a big crash in your system... to prevent it, some container just don't load none versions, and give some messages like ClassNotFoundException.