Excluding transitive dependency not working - maven

Project A references Project B. Project B has included a local dependency. This local dependency unfortunately has a dependency to net.java.dev.designgridlayout in version 1.5.
We want to use net.java.dev.designgridlayout in version 1.11 in Project A but we are not able to "overwrite" the dependency. Eclipse always uses the dependency from Project B.
We already tried to exclude the 1.5 version from the local dependency, but it doesn't work.
The strange thing is, that Eclipse successfully resolves a class that has been added with version 1.11. For an already existing class, however, eclipse resolves it from the transitive dependency from de.someCompany.
Project B:
<dependencies>
<dependency>
<groupId>de.someCompany</groupId>
<artifactId>fs-client</artifactId>
<version>5.1.209</version>
<exclusions>
<exclusion>
<groupId>net.java.dev.designgridlayout</groupId>
<artifactId>designgridlayout</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>net.java.dev.designgridlayout</groupId>
<artifactId>designgridlayout</artifactId>
<version>1.11</version>
</dependency>
</dependencies>
Project A:
<dependencies>
<dependency>
<groupId>Project-B</groupId>
<artifactId>Project-B</artifactId>
<version>1503.01</version>
</dependency>
</dependencies>
I also tried to include the 1.11 dependency in Project A.
We even tried to install the DesignGridLayout V. 1.11 in the local dependency and to change the groupID and artifactId to something different, but it cannot even be found by Eclipse for some reason. If it would be possible to include the DesignGridLayout with another groupId and artifactId, I think it would work.
mvn install:install-file -Dfile=lib\designgridlayout.jar -DgroupId=com.company.designgridlayout -DartifactId=design-grid-layout -Dversion=1.11 -DgeneratePom=true -Dpackaging=jar -DlocalRepositoryPath="%USERPROFILE%\.m2\repository"

Not sure - but:
Your project A has a dependency to itself? Shouldn't it use project-b?
Its not a good idea to change group or artifact id's as maven can no longer detect its the same artifact. If you do a custom version the version number should be enough.
If you add the dependency in your own pom then you don't need to exclude the artifact, since the groupId and artifactId are the same. The version in your own pom will win in project-b. If project a defines that dependency again itself that version will win.
I would do a mvn dependency:tree on project-a pom to see where the dependencies come from.
For eclipse: it indexes the local repository. In the maven settings there is a re-index button. So if you manually copy jars in there that may help eclipse to find the artifact. But that workaround would need to be done on every machine. I would not count that as solution. In the maven world artifact-resolution is an infrastructure issue and should not be handled per project. The way this is done should be transparent through the settings.xml

Related

How to figure out in what pom a dependency from effective pom is defined in IntelliJ Idea?

I have a big project that has parent pom, this one has another parent; in the project's pom file another project with bom file is included as a dependency, etc.
I click on pom and generate effective pom. Inside I see a dependency, for example this one
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<version>1.18.10</version>
</dependency>
Is there an easy way in IntelliJ to find the pom where this dependency is defined?
In Ultimate version it's possible to generate a diagram for all maven dependencies:
https://www.jetbrains.com/help/idea/work-with-maven-dependencies.html#maven_dependency_diagram
Or you can execute mvn dependency:tree to build full dependency tree.
https://maven.apache.org/plugins/maven-dependency-plugin/examples/resolving-conflicts-using-the-dependency-tree.html
https://www.mkyong.com/maven/maven-display-project-dependency/

IntelliJ How to force downgrade dependency version?

I have a persistent problem with maven dependencies version changes in IntelliJ. Whenever I try to use a previous version of a library and change the dependency version in my pom.xml nothing happens. Maven continues to use the newer version of the library.
For example I want to use:
<dependency>
<groupId>org.springframework.security.oauth.boot</groupId>
<artifactId>spring-security-oauth2-autoconfigure</artifactId>
<version>2.0.1.RELEASE</version>
</dependency>
But Maven repo has version 2.0.2 saved :
<dependency>
<groupId>org.springframework.security.oauth.boot</groupId>
<artifactId>spring-security-oauth2-autoconfigure</artifactId>
<version>2.0.2.RELEASE</version>
</dependency>
So for my projects version 2.0.2.RELEASE is used.
I tried reimporting the project first. Then I tried "reimpor all maven projects". Then I checked Settings > Maven > Always update snapshots. I also tried opening the project settings and deleting the dependency from there, but on reimport the 2.0.2 version will be imported in the project. For now the only thing that works is deleting manually the folder from the ".m2" folder.
Shouldn't library versions be strictly followed and shouldn't version 2.0.1 v be used for my project?
The moment you change the version of the artifacts, maven will use the same version. It will never use neither new version nor the older version. Since you are using intellij, you can check which are the jar files along with their version used. See below the screenshot.
You can expand the External libraries as shown below and you can check the dependencies used in pom.xml.
Besides, you can also check in command prompt. Go to command prompt and point to the project directory and type the following command.
mvn install dependency:copy-dependencies
You can see all the required dependencies along with version information in target folder.
I suggest you not to delete the .m2 directory as you may have to download all the dependencies once again.
If you want to enforce the use of a particular dependency version you can use:
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.springframework.security.oauth.boot</groupId>
<artifactId>spring-security-oauth2-autoconfigure</artifactId>
<version>2.0.1.RELEASE</version>
</dependency>
</dependencies>
</dependencyManagement>
What this will do is exclude the dependency unless it actually gets used, and then if it does gets used it only uses the version you have specified.
Not clear what is the issue.
Repo can contain everything, no matter if dependency is present locally.
Also, Idea does not resolve dependency itself, we use maven api to resolve them.
By default, maven takes dependency which is nearest to root (see https://maven.apache.org/guides/introduction/introduction-to-dependency-mechanism.html)
Specifiying explicit dependency in root pom should force using this version.
Could you please provide mvn dependency:tree output and corresponding IDEA maven dependency diagram (if you have IU)?
If Idea resolve another dependency version than maven, please fill an issue at https://youtrack.jetbrains.com/issues

Update Maven dependency version in multiple ServiceMix POMs

I am trying to automate process of changing version of a product that has ServiceMix (FuseESB) as an integration module.
Changing the version in each POM is quite easy with the Maven versions plugin:
mvn versions:set -DnewVersion=NEW_VERSION -DgenerateBackupPoms=false
However, I am now struggling with updating version in dependencies that are other modules of this product. Particularly, in many Service Units' POM files there are dependencies like these (where OLD_VERSION is the same, older version number):
<dependencies>
<dependency>
<groupId>com.company.department.product.module1</groupId>
<artifactId>artifact1</artifactId>
<version>OLD_VERSION</version>
</dependency>
<dependency>
<groupId>com.company.department.product.module1</groupId>
<artifactId>artifact2</artifactId>
<version>OLD_VERSION</version>
</dependency>
<dependency>
<groupId>com.company.department.product.module2</groupId>
<artifactId>artifact3</artifactId>
<version>OLD_VERSION</version>
</dependency>
</dependencies>
And I would like to set the version number in those dependencies to "NEW_VERSION".
Do you guys have any ideas?
Just found very simple solution for this - replace dependencies' version with ${project.version} - works for me because in my project the dependencies have the same version as the project itself (they are all artifacts of the same product).

How does maven resolve the dependencies of the main dependencies on which our application is build?

I am trying to understand maven a little more. How is maven able to download the dependencies of the main dependency of the application? For example assuming my application has main dependency like this:
<dependency>
<groupId>org.apache.hadoop</groupId>
<artifactId>hadoop-hdfs</artifactId>
<version>2.7.0</version>
<scope>provided</scope>
</dependency>
Now, when maven downloads this jar , it downloads the dependencies for this jar as well. For example, see the screen shot below:
As can be seen, maven has not only downloaded the hadoop-hdfs-2.7.0.jar but also all it dependencies.
Now, my questions is how maven knows what are the dependencies for the "top-level" dependency, that is in this case the "top-level" dependency is hadoop-hdfs, so what all jars it has to download for this?
I see this as well in the .m2/respository for hadoop-hdfs:
I opened the .pom file, the contents are (partly):
<project>
....
<groupId>org.apache.hadoop</groupId>
<artifactId>hadoop-hdfs</artifactId>
<version>2.7.0</version>
<description>Apache Hadoop HDFS</description>
<name>Apache Hadoop HDFS</name>
<packaging>jar</packaging>
<dependencies>
<dependency>
<groupId>org.apache.hadoop</groupId>
<artifactId>hadoop-annotations</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.apache.hadoop</groupId>
<artifactId>hadoop-auth</artifactId>
<scope>provided</scope>
</dependency>
<dependencies>
...
</project>
What is this hadoop-hdfs-2.7.0.pom ? Does this file give information to maven what are the dependencies to be downloaded for hadoop-hdfs-2.7.0.jar?
Can anyone help me clear these things?
First of all you are right, the hadoop-hdfs-2.7.0.pom tells Maven
about the libraries that hadoop depends upon. But, when using hadoop
as a dependency in your project, maven uses the below strategies to
finalize the list of dependencies in addition to using the
hadoop-hdfs-2.7.0.pom.
If a dependency is specified with groupid, artifactid and version in the current project under the dependencies tag, it takes the first
precedence. This is how hadoop-hdfs got added in your project.
Dependency Management takes the next precedence. When a dependency is specified only with group and artifact id's under dependencies tag
but at the same time, the dependency is defined under
dependencyManagement tag with version and transitively inside hadoops pom.xml also,
the one under the dependencyManagement tag will be given preference.
Dependency Mediation takes the last precedence. Dependencies are resolved using dependency mediation. Meaning, in your case the
dependencies mentioned inside hadoop-hdfs-2.7.0.pom are the transitive
dependencies (indirectly depends on these dependencies since your
dependency "hadoop-hdfs" requires it) of your project and this process continues
recursively until all child dependencies are resolved.
Note: There are other features such as excluding dependencies, marking
one optional and importing a list of dependencies. But they are used
sparsely. More information with examples can be found in the below URL
[https://maven.apache.org/guides/introduction/introduction-to-dependency-mechanism.html#Dependency_Management][1]

Maven is picking up the oldest snapshot in Archiva - why?

I have a projectA-parent with the following structure:
projectA-parent|
----------------|projectA
----------------|projectA-core
----------------|projectA-api
The module projectA simply defines dependencies to core and api [1], so I can just define a dependency to projectA in other projects that need both the core and the api. I deploy the project to Archiva (1.4-M2), to a SNAPSHOT repository.
I have another project X where I define a dependency to projectA, and this afternoon the goal "mvn compile" started failing with unresolved compilation issues. Upon investigation with "mvn dependency:tree" on that project I discovered that, under projectA, the dependency to projectA-core was declared as "runtime". While this morning it was like this, I performed several mvn installs since where the scope is "compile" (see [1], where the most recent pom definition is listed).
Looking at archiva, I see the following files for this project (abbreviated):
projectA-0.0.7-20120712.084920-61-tests.jar
projectA-0.0.7-20120712.084920-61-tests.jar.md5
projectA-0.0.7-20120712.084920-61-tests.jar.sha1
projectA-0.0.7-20120712.084920-61.jar
projectA-0.0.7-20120712.084920-61.jar.md5
projectA-0.0.7-20120712.084920-61.jar.sha1
projectA-0.0.7-20120712.084920-61.pom
projectA-0.0.7-20120712.084920-61.pom.md5
projectA-0.0.7-20120712.084920-61.pom.sha1
projectA-0.0.7-20120712.172412-87-tests.jar
projectA-0.0.7-20120712.172412-87-tests.jar.md5
projectA-0.0.7-20120712.172412-87-tests.jar.sha1
projectA-0.0.7-20120712.172412-87.pom
projectA-0.0.7-20120712.172412-87.pom.md5
projectA-0.0.7-20120712.172412-87.pom.sha1
projectA-0.0.7-20120712.180733-90.pom
projectA-0.0.7-20120712.180733-90.pom.md5
projectA-0.0.7-20120712.180733-90.pom.sha1
Here's the interesting part: if I delete projectA from my local .m2/repository, even if I "mvn compile -U" I will get th 08:49 version, not the 18:07 one! This means either maven or archiva are resolving the 1st sNAPSHOT of the day and not the most recent one.
Why is that, and how can one solve this?
[1]:
<dependencies>
<dependency>
<groupId>com.projectA</groupId>
<artifactId>projectA-api</artifactId>
<version>${project.version}</version>
<type>jar</type>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>com.projectA</groupId>
<artifactId>projectA-core</artifactId>
<version>${project.version}</version>
<type>jar</type>
<scope>runtime</scope>
</dependency>
</dependencies>
What is the packaging of your projectA ('jar' or 'pom'). It only exists a 'jar' artefact for 08:49.
I suppose you changed the packaging to 'pom'. Thus if you declare the library as dependency in other projects you have to set <type>pom</type>.

Resources