From yesterday I have problems compiling with maven because of iText jar.
My project has a dependency of jasperreports-2.0.1 that depends on itext-1.02b or higher.
<dependency>
<groupId>com.lowagie</groupId>
<artifactId>itext</artifactId>
<version>[1.02b,)</version>
<scope>compile</scope>
</dependency>
That is the log error in maven:
Failed to collect dependencies for [jasperreports:jasperreports:jar:2.0.1 (compile)]: Failed to read artifact descriptor for com.lowagie:itext:jar:4.2.2: Could not transfer artifact com.itextpdf:itextpdf:pom:4.2.2 from/to jaspersoft (http://www.jasperforge.org/maven2): Access denied to http://www.jasperforge.org/maven2/com/itextpdf/itextpdf/4.2.2/itextpdf-4.2.2.pom. Error code 403, Forbidden -> [Help 1]
I see here a comment from Amedee Van Gasse that says something about a 4.2.2 version with no jar.
Why does the 1.02b version attach to 4.2.2?
Edit:
Jasper-reports uses an open version range:
[1.02b,)
This range says to maven to take the library latest version.
With the update from iText adding new version Pom with no jar and editting the maven-metadata of maven-central to that no-jar version crashes the compilation to all jar depending form latest com.lowagie library.
Updating locally your maven-metadata-central.xml (and other metadata if your company has it's own nexus.public) from ...m2\repository\com\lowagie\itext
to that works. Temporally solucion until iText updates the metadata or ALL companies that has dependencies for it's latest version updates it's pom
<metadata modelVersion="1.1.0">
<groupId>com.lowagie</groupId>
<artifactId>itext</artifactId>
<versioning>
<latest>4.2.1</latest>
<release>4.2.1</release>
<versions>
<version>0.99</version>
<version>1.1.4</version>
<version>1.02b</version>
<version>1.2.3</version>
<version>1.3</version>
<version>1.3.1</version>
<version>1.4</version>
<version>1.4.8</version>
<version>2.0.1</version>
<version>2.0.6</version>
<version>2.0.7</version>
<version>2.0.8</version>
<version>2.1.0</version>
<version>2.1.2</version>
<version>2.1.3</version>
<version>2.1.4</version>
<version>2.1.5</version>
<version>2.1.7</version>
<version>4.2.0</version>
<version>4.2.1</version>
</versions>
<lastUpdated>20150709153501</lastUpdated>
</versioning>
</metadata>
A much simpler solution may be to upgrade to a newer version of jasperreports. Version 6.1.0 has this dependency on iText:
<dependency>
<groupId>com.lowagie</groupId>
<artifactId>itext</artifactId>
<version>2.1.7.js2</version>
<scope>compile</scope>
</dependency>
No more "floating" dependency on iText, and it's a version that's custom made for jasperreports!
See http://mvnrepository.com/artifact/net.sf.jasperreports/jasperreports/6.1.0 for the complete pom.xml.
I'm using gradle and for the current version 6.8.2 I got the following build error:
> Could not find com.lowagie:itext:2.1.7.js6
So I added http://jaspersoft.jfrog.io/jaspersoft/third-party-ce-artifacts/ as repository and now it works.
repositories {
mavenCentral()
maven { url "https://jaspersoft.jfrog.io/jaspersoft/third-party-ce-artifacts/" }
}
dependencies {
compile 'net.sf.jasperreports:jasperreports:6.8.0'
}
EDIT:
If you used this solution and suddenly get an error like
> Could not resolve com.lowagie:itext:2.1.7.js6.
> Could not parse POM http://jaspersoft.jfrog.io/jaspersoft/third-party-ce-artifacts/com/lowagie/itext/2.1.7.js6/itext-2.1.7.js6.pom
> The element type "hr" must be terminated by the matching end-tag "</hr>".
This is because the jfrog repository disabled http and only allows https now. For some reason this creates a broken pom with the following content
<html>
<head><title>308 Permanent Redirect</title></head>
<body>
<center><h1>308 Permanent Redirect</h1></center>
<hr><center>nginx</center>
</body>
</html>
Solution: Replace the http in the repository url with https.
The problem is indeed in the POM of jasper-reports:
<dependency>
<groupId>com.lowagie</groupId>
<artifactId>itext</artifactId>
<version>[1.02b,)</version>
<scope>compile</scope>
</dependency>
Jasper-reports distributes a (modified) build of iText 2.1.7 since at least November 2012 (if memory serves me well), so if your version of jasper-reports still has a dependency on 1.02b and up, it must be a very old version.
The jasper-reports dependency on iText should be changed to:
<dependency>
<groupId>com.lowagie</groupId>
<artifactId>itext</artifactId>
<version>[1.02b,2.1.7]</version>
<scope>compile</scope>
</dependency>
Or just:
<dependency>
<groupId>com.lowagie</groupId>
<artifactId>itext</artifactId>
<version>2.1.7</version>
<scope>compile</scope>
</dependency>
This relates to this question: How do I tell Maven to use the latest version of a dependency?
That page is riddled with cautions about always using the latest version for your dependencies. It reduces reproducibility of your builds.
2.1.7 was the last version of iText released by the company iText Group NV (or its legal predecessor), with the com.lowagie groupId. The next version of iText, released by the company iText Group NV, was version 5.0.0, with the com.itextpdf groupId, which means it's binary incompatible with your current code. There's also the matter of a license change to AGPL, but that is outside the scope of StackOverflow, I want to restrict my answer to the technical matters.
Any other versions of iText between 2.1.7 and 5.0.0, like 4.2.0 and 4.2.1, are forks by other companies. According to Apache's Guide to uploading artifacts to the Central Repository (https://maven.apache.org/guides/mini/guide-central-repository-upload.html), those companies should have used a different groupId, as the page clearly states in their FAQ:
I have a patched version of the foo project developed at foo.com, what
groupId should I use? When you patch / modify a third party project,
that patched version becomes your project and therefore should be
distributed under a groupId you control as any project you would have
developed, never under com.foo. See above considerations about
groupId.
TL;DR
If you don't want to change your code, tell your Maven to only get iText 2.1.7.
We decide to maintain same jasperreport version and made this changes in conflicteds pom:
<dependencies>
<dependency>
<groupId>jasperreports</groupId>
<artifactId>jasperreports</artifactId>
<version>2.0.1</version>
<exclusions>
<exclusion>
<groupId>com.lowagie</groupId>
<artifactId>itext</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>com.lowagie</groupId>
<artifactId>itext</artifactId>
<version>2.1.7</version>
</dependency>
...
</dependencies>
Edit: Change dependecy to 2.1.7 to be certain it will compile in future
I was making manteinance to some legacy code, and i faced the same problem. The solution that i found was to add the following to the pom.xml:
<repositories>
<repository>
<id>jasper-3rd-party</id>
<name>Jasper3rdParty</name>
<url>http://jaspersoft.jfrog.io/jaspersoft/third-party-ce-artifacts/</url>
</repository>
</repositories>
<dependencies>
<dependency>
<groupId>net.sf.jasperreports</groupId>
<artifactId>jasperreports</artifactId>
<version>6.12.2</version>
</dependency>
<!-- More dependencies like: commons-collections4, org.apache.xmlgraphics, etc -->
<dependency>
<groupId>com.lowagie</groupId>
<artifactId>itext</artifactId>
<version>2.1.7.js4</version>
</dependency>
</dependencies>
The JasperReports version used to test this code was released on Mar/2020. Hope this helps!
I got the same problem,
Just realized that https://jaspersoft.jfrog.io/artifactory/third-party-ce-artifacts is not accessible by public, you need to change the artifactory to jaspersoft directory.
For maven you can use below repositories in pom.xml
<repositories>
<repository>
<id>jaspersoft-third-party</id>
<url>https://jaspersoft.jfrog.io/jaspersoft/third-party-ce-artifacts/</url>
</repository>
</repositories>
JasperReports patched the iText with some bug fixes. So you have to add the patched iText repo[1] in your pom/gradle file.
[1] http://jasperreports.sourceforge.net/maven2/
Below is the gradle snippet for your reference when using jasper report 6.1.1.
repositories {
mavenLocal()
mavenCentral()
maven { url "http://repo.spring.io/release" }
maven { url "https://jaspersoft.jfrog.io/artifactory/third-party-ce-artifacts/" }
maven { url "http://jasperreports.sourceforge.net/maven2/" }
}
This worked with the latest jasper-reports version 6.17.0 and maven 3.8.1, especially with the jasperreports-plugin from com.alexnederlof in version 2.8:
<project>
...
<repositories>
<!-- JasperSoft, they modified a standard library for their own special needs -->
<repository>
<id>jaspersoft-third-party</id>
<url>https://jaspersoft.jfrog.io/jaspersoft/third-party-ce-artifacts/</url>
</repository>
</repositories>
<pluginRepositories>
<!-- JasperSoft, they modified a standard library for their own special needs -->
<pluginRepository>
<id>jaspersoft-third-party</id>
<url>https://jaspersoft.jfrog.io/jaspersoft/third-party-ce-artifacts/</url>
</pluginRepository>
</pluginRepositories>
...
It's important to know that there is not only <repositories> but also <pluginRepositories> which you maybe have to supply (depending on your setup and transitive dependencies).
Answer for searchers in 2k19
Artifact:
<groupId>com.lowagie</groupId>
<artifactId>itext</artifactId>
is deprecated now.
Better to exclude it from jasperreports and add new itext dependency manually
<dependency>
<groupId>jasperreports</groupId>
<artifactId>jasperreports</artifactId>
<version>6.10.0</version> <!--(or higher)-->
<exclusions>
<exclusion>
<groupId>com.lowagie</groupId>
<artifactId>itext</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>com.itextpdf</groupId>
<artifactId>itextpdf</artifactId>
<version>5.5.13</version> <!--(or higher)-->
</dependency>
"Fix" for me was to switch from jasperreports version 5.5.0 to 4.5.1 LOL. (which doesn't depend on itext)
Then it doesn't depend on a custom, seemingly unpublished dependency version of itext (2.1.7.js2 in my case).
You could download 2.1.7.js2.jar from the jasper people and publish it locally to your "own" custom maven repo, or even your local ~/.m2/repository (ugh). I've even seen people have a custom ivy command to "publish" a local copy of it to a local server (ivy or maven).
Or add the repo's in the other answers. Or just specify it manually as 2.1.7, which is in the main repo's, etc. (you'll miss some bug fixes though).
If you are using gradle Note That the url to the jaspersoft package below was changed from this one:
maven{ url "http://jaspersoft.artifactoryonline.com/jaspersoft/third-party-ce-artifacts" }
To this one here:
maven { url "https://jaspersoft.jfrog.io/artifactory/third-party-ce-artifacts" }
We have the same problem. To solve it, we have deleted the proxy parameters of the Maven config, and change the last version of the maven-metadata-central (in folder com\lowagie\itext of your repository).
A bad solution, but, temporaly, works :/
I have the same problem when using Maven 2.2.1, i re-built my project using Maven 3.2.3 and its works !
You have to use Maven 3 to resolve your problem, the bug seem to be resolved in this version.
Related
i am in a situation to modify all the dependency management versions manually...
<dependencymanagement>
<dependencies>
<dependency>
<groupId>group-a</groupId>
<artifactId>artifact-a</artifactId>
<version>1.0</version>
</dependency>
<dependency>
<groupId>group-a</groupId>
<artifactId>artifact-a</artifactId>
<version>1.0</version>
</dependency>
</dependencies>
</dependencymanagement>
i have more than 100 dependencies in the management which are not third party jars, all are project jars....
previously we have all the same versions,so we don't have any issues to modify....
now we introduced different versions for each module, for each and every time modifying the dependency management manually is some what difficulty...is there any easiest way to update by using the commands or any plugins.
You could use the Versions Maven Plugin which allows you to execute goals in order to handle versions, check the list here.
If you have 100-odd dependencies as you have mentioned, you should be using a repository manager like nexus or artifactory. Once you deploy your dependencies to the repository manager, then what #patric-lc suggests will work.
I've got a maven project with a large number of sub-projects with many dependencies. Now I'd like to update all versions of my pom files to a new version and rebuild them. For example if I've got a a pom like that:
<parent>
<groupId>theparentId</groupId>
<artifactId>theParentArtifact</artifactId>
<version>2.0</version>
<relativePath>..</relativePath>
</parent>
<artifactId>eaics-wsa-model</artifactId>
<packaging>model</packaging>
<dependencies>
<dependency>
<groupId>groupId1</groupId>
<artifactId>artifactId1</artifactId>
<version>1.1</version>
</dependency>
<dependency>
<groupId>groupId2</groupId>
<artifactId>artifactId2</artifactId>
<version>2.0</version>
</dependency>
<dependency>
<groupId>groupId3</groupId>
<artifactId>artifactId3</artifactId>
<version>1.3</version>
</dependency>
</dependencies>
I need to update the dependencies of groupId1 to groupId3 to a new version which doesn't exist jet. Because I also need to "create" a new updated version of my dependencies themself.
Because the dependencies in their pom.xml look like that at the moment:
<groupId>groupId3</groupId>
<artifactId>artifactId3</artifactId>
<version>1.2</version>
As you see, the version is on 1.2 but needs to be updated to 1.3 before the dependency uses it.
So is there a way to recursively update all pom (versions)? If it's possible in Java with MavenXpp3Reader etc. great. But is there a more simple method? Because my fear is, that I can't build my projects after that, because I think they don't build recursively and won't find the new dependency versions.
You can update all the pom's version using versions-maven-plugin There a some examples that can help you.
After version 11.0.2, Google's guava library switched to Java 6. Fortunately, for those of us stuck on Java 5, they also released a "guava-jdk5" artifact.
Unfortunately, some of my dependencies pull in guava 11.0.2 transitively. Which leaves my project containing both guava-jdk5 and guava.
Normally when I have conflicting versions, I can use the "dependencymanagement" tag to indicate which version to pull in. But since these are two different artifacts, I do not understand how to do this. Ultimately I want to tell maven, guava and guava-jdk5 are the same artifact and I want the 17.0 version of guava-jdk5 to be the one that is used. How do I do this?
Thanks!
One easy way is to use a dependency exclusion, nutshell from the link:
<project>
...
<dependencies>
<dependency>
<groupId>sample.ProjectA</groupId>
<artifactId>Project-A</artifactId>
<version>1.0</version>
<scope>compile</scope>
<exclusions>
<exclusion> <!-- declare the exclusion here -->
<groupId>sample.ProjectB</groupId>
<artifactId>Project-B</artifactId>
</exclusion>
</exclusions>
</dependency>
</dependencies>
</project>
I am a newbie in Solr and maven and i want to make a small application that index all my database tables via SolrJ .
For that i looked up at this tutorial where they are using MAVEN .
I installed the librairies and jars (except maven) but i had this exception:
Exception in thread "main" java.lang.NoClassDefFoundError: org/apache/http/HttpRequestInterceptor
I looked into the tutorial and i saw that for resolving this problem we need to add this to my maven configuration:
org.slf4j
slf4j-simple
1.5.6
Is there anyway to do that without maven?
Thank you
Use maven. Even with it, it took me a fairly considerable amount of time to get the dependencies right. The tutorials were all a bit lacking. Below is my pom.xml with the relevant dependencies that I had maven bring in. Perhaps it will help you.
<dependency>
<groupId>org.apache.solr</groupId>
<artifactId>solr-core</artifactId>
<version>4.3.0</version>
</dependency>
<dependency>
<artifactId>solr-solrj</artifactId>
<groupId>org.apache.solr</groupId>
<version>4.3.0</version>
<type>jar</type>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>commons-logging</groupId>
<artifactId>commons-logging</artifactId>
<version>1.1.1</version>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>servlet-api</artifactId>
<version>2.5</version>
</dependency>
Maven is the suggested build technology for the Solrj, because it automates the management of 3rd party dependencies. Without dependency management it's a royal pain to decipher these relationships (Jar hell).
What I could suggest is to use ivy, which has a command-line mode.
First download the ivy jar
http://search.maven.org/remotecontent?filepath=org/apache/ivy/ivy/2.3.0/ivy-2.3.0.jar
To retrieve the following Maven module and all it's dependencies:
<dependency>
<artifactId>solr-solrj</artifactId>
<groupId>org.apache.solr</groupId>
<version>1.4.0</version>
<type>jar</type>
<scope>compile</scope>
</dependency>
Then run it as follows:
java -jar ivy.jar \
-dependency org.apache.solr solr-solrj 1.4.0 \
-retrieve "lib/[artifact]-[revision](-[classifier]).[ext]" \
-confs default
Retrieves into the lib directory:
lib/commons-httpclient-3.1.jar
lib/wstx-asl-3.2.7.jar
lib/slf4j-api-1.5.5.jar
lib/commons-codec-1.3.jar
lib/stax-api-1.0.1.jar
lib/geronimo-stax-api_1.0_spec-1.0.1.jar
lib/commons-logging-1.0.4.jar
lib/solr-solrj-1.4.0.jar
lib/commons-io-1.4.jar
lib/commons-fileupload-1.2.1.jar
Update
Exception in thread "main" java.lang.NoClassDefFoundError: org/apache/http/HttpRequestInterceptor
This is due to a missing httpcore.jar file. I found this out by browsing Maven Central:
http://search.maven.org/#search|ga|1|fc%3A%22org.apache.http.HttpRequestInterceptor%22
The recommendation on using the "slf4j-simple" is to provide a logging implementation in case your application doesn't have one.
Finally... This demonstrates what I've tried to say. In the absence of a dependency management tool (ivy, groovy, Maven) you're on your own in deciphering the 3rd party jar dependencies.
i want to add the maven dependency for EL 2.1 with scope provided to be used with tomcat 6 but couldn't find it, any ideas where i can download it ?
There is a special tomcat version of el-api:
<dependency>
<groupId>org.apache.tomcat</groupId>
<artifactId>el-api</artifactId>
<version>6.0.35</version>
<scope>provided</scope>
</dependency>
Unfornately the source isn't in central, use:
<repository>
<id>intersult-repo</id>
<name>Intersult Repository</name>
<url>http://intersult.com/public/maven</url>
</repository>
http://search.maven.org/#search%7Cga%7C1%7Cel
Jeez.. I got a downvote for that although it is right there. In detail
http://search.maven.org/#search%7Cgav%7C1%7Cg%3A%22javax.el%22%20AND%20a%3A%22el-api%22
or completely done all your work
<dependency>
<groupId>javax.el</groupId>
<artifactId>el-api</artifactId>
<version>2.2</version>\
<scope>provided</scope>
</dependency>
Note that this is in central and it is 2.2. because 2.1 was released as 2.2 when it went final..