I am working with spring-boot and want to include two different versions of spring-web in my project since one of the APIs in the latest version has been deprecated. In order to continue using that, I have included two dependencies of spring-web with different versions but eclipse is recognizing only of them.
I have tried excluding almost everything from the older version of spring-web but that doesn't seems to work either- any way out please?
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-web</artifactId>
<version>3.0.2.RELEASE</version>
<exclusions>
<exclusion>
<groupId>aopalliance</groupId>
<artifactId>aopalliance</artifactId>
</exclusion>
<exclusion>
<groupId>axis</groupId>
<artifactId>axis</artifactId>
</exclusion>
<exclusion>
<groupId>com.caucho</groupId>
<artifactId>com.springsource.com.caucho</artifactId>
</exclusion>
<exclusion>
<groupId>commons-fileupload</groupId>
<artifactId>commons-fileupload</artifactId>
</exclusion>
<exclusion>
<groupId>javax.el</groupId>
<artifactId>el-api</artifactId>
</exclusion>
<exclusion>
<groupId>javax.faces</groupId>
<artifactId>jsf-api</artifactId>
</exclusion>
<exclusion>
<groupId>javax.xml</groupId>
<artifactId>jaxrpc-api</artifactId>
</exclusion>
<exclusion>
<groupId>javax.xml.ws</groupId>
<artifactId>jaxws-api</artifactId>
</exclusion>
<exclusion>
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
</exclusion>
<exclusion>
<groupId>org.codehaus.jackson</groupId>
<artifactId>jackson-mapper-asl</artifactId>
</exclusion>
<exclusion>
<groupId>org.springframework</groupId>
<artifactId>spring-aop</artifactId>
</exclusion>
<exclusion>
<groupId>org.springframework</groupId>
<artifactId>spring-beans</artifactId>
</exclusion>
<exclusion>
<groupId>org.springframework</groupId>
<artifactId>spring-context</artifactId>
</exclusion>
<exclusion>
<groupId>org.springframework</groupId>
<artifactId>spring-core</artifactId>
</exclusion>
<exclusion>
<groupId>org.springframework</groupId>
<artifactId>spring-oxm</artifactId>
</exclusion>
<exclusion>
<groupId>javax.portlet</groupId>
<artifactId>portlet-api</artifactId>
</exclusion>
</exclusions>
</dependency>
You won't be able to have two different versions of a dependency in your project because of a Maven concept called 'Dependency Mediation'. Have a look at the Maven Introduction to the Dependency Mechanism documentation.
Dependency mediation - this determines what version of a dependency
will be used when multiple versions of an artifact are encountered.
Currently, Maven 2.0 only supports using the "nearest definition"
which means that it will use the version of the closest dependency to
your project in the tree of dependencies. You can always guarantee a
version by declaring it explicitly in your project's POM. Note that if
two dependency versions are at the same depth in the dependency tree,
until Maven 2.0.8 it was not defined which one would win, but since
Maven 2.0.9 it's the order in the declaration that counts: the first
declaration wins.
Related
I am trying to use OWL api and Pellet in an OSGI bundle. The bundle builds successfully but on runtime I am getting the following error: org.osgi.framework.BundleException: Unresolved constraint in bundle smp.lighting.client.osgi [2]: package; (package=org.mindswap.pellet).
These are the dependencies as they are declared in the pom file:
<dependency>
<groupId>edu.stanford.protege</groupId>
<artifactId>org.semanticweb.owl.owlapi</artifactId>
<version>3.4.4</version>
<exclusions>
<exclusion>
<artifactId>org.osgi.core</artifactId>
<groupId>org.apache.felix</groupId>
</exclusion>
<exclusion>
<artifactId>owlapi-apibinding</artifactId>
<groupId>net.sourceforge.owlapi</groupId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>com.github.ansell.pellet</groupId>
<artifactId>pellet-owlapiv3</artifactId>
<version>2.3.3</version>
<exclusions>
<exclusion>
<artifactId>slf4j-api</artifactId>
<groupId>org.slf4j</groupId>
</exclusion>
<exclusion>
<artifactId>log4j</artifactId>
<groupId>log4j</groupId>
</exclusion>
<exclusion>
<artifactId>xercesImpl</artifactId>
<groupId>xerces</groupId>
</exclusion>
</exclusions>
</dependency>
Also, in the launch file of the bundle, I call:
mvn:edu.stanford.protege/org.semanticweb.owl.owlapi/3.4.4
and in the next level:
wrap:mvn:com.github.ansell.pellet/pellet-jena/2.3.3
wrap:mvn:com.github.ansell.pellet/pellet-owlapiv3/2.3.3
I do not know if I a missing something, any help is appreciated. Thank you in advance!
pellet-owlapiv3 is an adapter between Pellet and the OWL API, so it does not, itself, contain the core Pellet classes. From the error, I believe you need to wrap pellet-core as well, and possibly some others of the Pellet modules.
I am creating a webservice which hits existing business code.
The required jar which deals with logging is org.ops4j.pax.logging.
I have include this in the pom
<dependency>
<groupId>org.ops4j.pax.logging</groupId>
<artifactId>pax-logging-api</artifactId>
<version>1.6.0</version>
</dependency>
This jar allows access to a particular log4j method which is used throughout the business layer
LOGGER.debug(object, object);
One of the other required jars is a third party jar.
This jar contains a different version of log4j which does not implement the debug(object, object) method.
When I add this jar to the pom, the JVM finds the log4j classes in this third party jar first and the code falls over.
I have tried to exclude the log4j in the third party jar but to no avail.
<dependency>
<groupId>...</groupId>
<artifactId>...</artifactId>
<version>...</version>
<exclusions>
<exclusion>
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
</exclusion>
</exclusions>
</dependency>
Any thoughts?
This is the correct answer from https://www.baeldung.com/slf4j-classpath-multiple-bindings
<exclusions>
<exclusion>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-log4j12</artifactId>
</exclusion>
<exclusion>
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
</exclusion>
</exclusions>
Sometimes log4j-core also shows up even after excluding log4j.Below configurations worked for me.
<exclusions>
<exclusion>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-log4j12</artifactId>
</exclusion>
<exclusion>
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
</exclusion>
<exclusion>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-core</artifactId>
</exclusion>
</exclusions>
I already did a research, I found one way using <sec:authorize ifNotGranted="ROLE_ANONYMOUS">. but unfortunately sec taglib is not working for me. I tried every single solution in the web but in vain.
Is there any other way to show content depending on user without using taglib ?
Make sure you've added the spring-security-taglibs library to your project.
For example, if you are using maven for resolving the dependencies.
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-taglibs</artifactId>
<version>3.1.3.RELEASE</version>
<exclusions>
<exclusion>
<artifactId>spring-aop</artifactId>
<groupId>org.springframework</groupId>
</exclusion>
</exclusions>
</dependency>
It's working now, obviously there was a conflict, I had to exclude manually each spring-security-taglib dependency.
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-taglibs</artifactId>
<version>3.1.1.RELEASE</version>
<exclusions>
<exclusion>
<artifactId>jsp-api</artifactId>
<groupId>org.springframework</groupId>
</exclusion>
<exclusion>
<artifactId>servlet-api</artifactId>
<groupId>org.springframework</groupId>
</exclusion>
<exclusion>
<artifactId>spring-security-acl</artifactId>
<groupId>org.springframework</groupId>
</exclusion>
<exclusion>
<artifactId>spring-security-core</artifactId>
<groupId>org.springframework</groupId>
</exclusion>
<exclusion>
<artifactId>spring-security-web</artifactId>
<groupId>org.springframework</groupId>
</exclusion>
<exclusion>
<artifactId>spring-aop</artifactId>
<groupId>org.springframework</groupId>
</exclusion>
<exclusion>
<artifactId>spring-beans</artifactId>
<groupId>org.springframework</groupId>
</exclusion>
<exclusion>
<artifactId>spring-context</artifactId>
<groupId>org.springframework</groupId>
</exclusion>
<exclusion>
<artifactId>spring-core</artifactId>
<groupId>org.springframework</groupId>
</exclusion>
<exclusion>
<artifactId>spring-expression</artifactId>
<groupId>org.springframework</groupId>
</exclusion>
<exclusion>
<artifactId>spring-web</artifactId>
<groupId>org.springframework</groupId>
</exclusion>
</exclusions>
</dependency>
I guess such error is because there are two conflicting jars in classpath. When I put into my pom these lines:
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>${spring.version}</version>
</dependency>
it fails, but when i put those
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>${spring.version}</version>
<exclusions>
<exclusion>
<artifactId>spring-aop</artifactId>
<groupId>org.springframework</groupId>
</exclusion>
<exclusion>
<artifactId>spring-core</artifactId>
<groupId>org.springframework</groupId>
</exclusion>
<exclusion>
<artifactId>spring-context</artifactId>
<groupId>org.springframework</groupId>
</exclusion>
<exclusion>
<artifactId>spring-beans</artifactId>
<groupId>org.springframework</groupId>
</exclusion>
<exclusion>
<artifactId>spring-expression</artifactId>
<groupId>org.springframework</groupId>
</exclusion>
</exclusions>
it works. These is yet another jar where these exclusions must be applied to that is spring-security-web.
Is there any more elegant way to do that? Maybe the problem lies elsewhere and this is only a "hack" or something?
Spring security has a different version scheme with spring core (I believe historically they are maintained by different organization). I suggest you don't use generic ${spring.version} variable.
Read the documentation of what minimum spring core is required for corresponding spring security version
If you believe you've got all the versioning correct, next possible cause is your maven configuration itself. Often you did not realize you've set your settings to NOT lookup from central repository / your organization internal maven repo (nexus) has a stale index not having latest version of spring artifacts
I am using maven 3 with the Enforcer plugin configured to force version convergence. I am using Spring 3.1.2 and Spring Security 3.1.3.
The problem is that Spring 3.1.3 POM declares dependencies on Spring 3.0.7 because that is the minimum version need for spring security. This means that the enforcer plugin complains because the transitive dependency graph has both Spring 3.1.2 and Spring 3.0.7 in it.
The fix is to explicitly exclude spring 3.0.7 as a dependency of spring security so that the enforcer plugin in happy.
The code snippet below does just that, the problem with it is that I am having to repeat the same snippet over and over gain for each jar of spring security, this is tedious and makes the pom hard to read, is there a way to tell maven something along the lines.
for the dependency org.springframework.security no matter what artificatId ignore the dependency of the security framework on the spring framework?
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-acl</artifactId>
<version>${spring.security.version}</version>
<exclusions>
<exclusion>
<artifactId>spring-tx</artifactId>
<groupId>org.springframework</groupId>
</exclusion>
<exclusion>
<artifactId>spring-asm</artifactId>
<groupId>org.springframework</groupId>
</exclusion>
<exclusion>
<artifactId>spring-core</artifactId>
<groupId>org.springframework</groupId>
</exclusion>
<exclusion>
<artifactId>spring-aop</artifactId>
<groupId>org.springframework</groupId>
</exclusion>
<exclusion>
<artifactId>spring-beans</artifactId>
<groupId>org.springframework</groupId>
</exclusion>
<exclusion>
<artifactId>spring-jdbc</artifactId>
<groupId>org.springframework</groupId>
</exclusion>
<exclusion>
<artifactId>spring-expression</artifactId>
<groupId>org.springframework</groupId>
</exclusion>
<exclusion>
<artifactId>spring-context</artifactId>
<groupId>org.springframework</groupId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>${spring.security.version}</version>
<exclusions>
<exclusion>
<artifactId>spring-aop</artifactId>
<groupId>org.springframework</groupId>
</exclusion>
<exclusion>
<artifactId>spring-core</artifactId>
<groupId>org.springframework</groupId>
</exclusion>
<exclusion>
<artifactId>spring-expression</artifactId>
<groupId>org.springframework</groupId>
</exclusion>
<exclusion>
<artifactId>spring-beans</artifactId>
<groupId>org.springframework</groupId>
</exclusion>
<exclusion>
<artifactId>spring-context</artifactId>
<groupId>org.springframework</groupId>
</exclusion>
<exclusion>
<artifactId>aopalliance</artifactId>
<groupId>aopalliance</groupId>
</exclusion>
<exclusion>
<artifactId>spring-web</artifactId>
<groupId>org.springframework</groupId>
</exclusion>
<exclusion>
<artifactId>spring-jdbc</artifactId>
<groupId>org.springframework</groupId>
</exclusion>
<exclusion>
<artifactId>spring-tx</artifactId>
<groupId>org.springframework</groupId>
</exclusion>
</exclusions>
</dependency>
This worked for me, excluding all artifacts for groupId org.springframework:
<exclusions>
<exclusion>
<groupId>org.springframework</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
This probably won't help you much, but there is a feature request to allow wildcards in exclusions, however it is not in the current release version of Maven (3.0.4). (Edit: this feature is now present in Maven 3.2.1)
https://issues.apache.org/jira/browse/MNG-3832
Interesting is a comment in this JIRA issue:
Not sure what's going on, but this seems to work in Maven 3.0.3, using this:
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
However, this produces these warnings:
[WARNING] 'dependencies.dependency.exclusions.exclusion.groupId' for my.groupid:my.artifactid:ejb-client with value '*' does not match a valid id pattern. # line 31, column 30
[WARNING] 'dependencies.dependency.exclusions.exclusion.artifactId' for my.groupid:my.artifactid:ejb-client with value '*' does not match a valid id pattern. # line 32, column 33
So I probably shouldn't be doing it, but it does work.
So you might be able to use an artifactId wildcard in Maven 3.0.3 or later and have it work, but with warnings and with no guarantee of compatibility with later versions.
I encountered the same problem. I think you should explicit include Spring 3.2.x in your pom.xml to enforce the spring version in level 0 when Maven solve the conflict jars.
Please refer to:
http://www.baeldung.com/spring-security-with-maven