Develop Reference

Excluded maven dependency still showing up

So this API I'm building uses a dependency (A) that uses javax-validation:validation-api:1.1.0-Final.
Instead I want to make use of the 2.0.1-Final so in the dependency of (A) I added an exclusion.
Next I added the dependency of the version I do want to use...
After that I ran a 'mvn clean install', running mvn dependency:tree shows me I use the correct version of the validation-api in the API.
Problem is however that if I run a mvn dependency:tree in the service where I added my fresh API, the old validation-api still shows up!
I'm sure it already uses the new API because when I go browsing through the dependency sources I see it's already the new pom...
I really don't know what is wrong here...
API POM:
<dependency>
<groupId>com.xxx.test</groupId>
<artifactId>xxx-test</artifactId>
<version>2.0.4</version>
<exclusions>
<exclusion>
<groupId>javax.validation</groupId>
<artifactId>validation-api</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>javax.validation</groupId>
<artifactId>validation-api</artifactId>
<version>2.0.1.Final</version>
</dependency>
API tree:
[INFO] com.xxx-api:xxx-api:jar:1.0.0-SNAPSHOT
[INFO] +- javax.validation:validation-api:jar:2.0.1.Final:compile
Service tree:
[INFO] +- com.xxx-api:xxx-api:jar:1.0.0-SNAPSHOT:compile
[INFO] | +- com.xxx.test:xxx-test:jar:2.0.4:compile
[INFO] | | +- ....
[INFO] | \- javax.validation:validation-api:jar:1.1.0.Final:compile

I know this might have solved OP's answer - but running
mvn clean install
showed me an updated dependency tree after excluding dependencies.

Understanding Maven Dependency tree output

I am trying to compile a Spring application in which the ApplicationConfig file has #EnableAspectJAutoProxy anotation I am facing this error when trying to run the project:
Failed to instantiate [org.springframework.aop.aspectj.annotation.
AnnotationAwareAspectJAutoProxyCreator]:
Constructor threw exception; nested exception is
java.lang.NoClassDefFoundError: org/aspectj/lang/annotation/Around
I have to say when I remove the above annotation the project is running successfully.
Having read on Internet I thought maybe it's because of incompatible versions for of libraries and jar files.
When I run mvn dependency:tree the output is as below:
[INFO] task-segment: [dependency:tree]
[INFO] ------------------------------------------------------------------------
[INFO] [dependency:tree {execution: default-cli}]
[INFO] groupId:myProject:jar:1.0-SNAPSHOT
[INFO] +- junit:junit:jar:4.11:compile
[INFO] | \- org.hamcrest:hamcrest-core:jar:1.3:compile
[INFO] +- org.springframework:spring-webmvc:jar:4.3.0.RELEASE:compile
[INFO] | +- org.springframework:spring-aop:jar:4.2.6.RELEASE:compile (version m
anaged from 4.3.0.RELEASE)
[INFO] | | \- aopalliance:aopalliance:jar:1.0:compile
[INFO] | +- org.springframework:spring-beans:jar:4.2.6.RELEASE:compile
[INFO] | +- org.springframework:spring-context:jar:4.2.6.RELEASE:compile (versi
on managed from 4.3.0.RELEASE)
[INFO] | +- org.springframework:spring-core:jar:4.2.6.RELEASE:compile
[INFO] | +- org.springframework:spring-expression:jar:4.2.6.RELEASE:compile
[INFO] | \- org.springframework:spring-web:jar:4.2.6.RELEASE:compile (version m
anaged from 4.3.0.RELEASE)
[INFO] +- org.aspectj:aspectjweaver:jar:1.8.9:compile
[INFO] +- javax.servlet:javax.servlet-api:jar:3.1.0:compile
[INFO] \- org.aspectj:aspectjrt:jar:1.8.9:compile
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESSFUL
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 3 seconds
and this is the content of the pom.xml file :
<dependencies>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>4.11</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-webmvc</artifactId>
<version>4.3.0.RELEASE</version>
</dependency>
<dependency>
<groupId>org.aspectj</groupId>
<artifactId>aspectjweaver</artifactId>
<version>1.8.9</version>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>javax.servlet-api</artifactId>
</dependency>
<dependency>
<groupId>org.aspectj</groupId>
<artifactId>aspectjrt</artifactId>
<version>1.8.9</version>
</dependency>
</dependencies>
Question: I don't understand this output is saying that everything is fine or there might be some incompatibility in my project, and if there are how to solve them?

If you have worked on maven in your projects for dependency management, then you must have faced one problem at least once or may be more than that. And the problem is version mismatch. It generally happens when you got some dependencies which bring it’s related dependencies together with certain version. And if you have included those dependencies with different version numbers already, they can face undesired results in compile time as well as runtime also.
Ideally to avoid above issue you need to explicitly exclude the related dependency, but it is quite possible that you can forget to do so.
To solve version mismatch issue, you can use the concept of a “bill of materials” (BOM) dependency. A BOM dependency keep track of version numbers and ensure that all dependencies (both direct and transitive) are at the same version.
How to add BOM [Bill Of Materials] dependency
Maven provides a tag dependencyManagement for this purpose. You need to add the bom information in this tag as follows. I am taking the example of Spring bom file.
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-framework-bom</artifactId>
<version>4.3.0.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
An added benefit of using the BOM is that you no longer need to specify the version attribute when depending on Spring Framework artifacts. So it will work perfectly fine.
<dependencies>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-context</artifactId>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-web</artifactId>
</dependency>
<dependencies>
Doing like above will resolve all version comparability issues and application works fine as we are not going to use unmatched versions

Can I refer one of transitive dependency's version in pom.xml? [duplicate]

I'll explain the question with my real situation.
I use logback 1.0.1 for logging, and it includes SLF4J 1.6.4 as a dependency. I also use the SLF4J API bridges for legacy logging API's (java.util.logging, log4j and commons-logging), which are not explicit dependencies. These must also (preferrably) be version 1.6.4.
Trying to make my pom.xml as neat and error-free as possible, I'd like to enforce that these API bridges be the same version as SLF4J. The only way I know is to manually define them as dependencies in my pom.xml using version 1.6.4. If I ever update logback and the required SLF4J version is raised, I'd need to remember to change the bridge API's to the proper version.
Can I somehow hook the legacy API's version to the version of the transitive dependency SLF4J?
Current pom.xml:
<properties>
<org.slf4j.version>1.6.4</org.slf4j.version>
</properties>
<dependencies>
<dependency>
<groupId>ch.qos.logback</groupId>
<artifactId>logback-classic</artifactId>
<version>1.0.1</version>
<!-- requires SLF4J 1.6.4 -->
</dependency>
<!-- ... -->
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>log4j-over-slf4j</artifactId>
<version>${org.slf4j.version}</version>
<!-- here, how to bind this version value to SLF4J's version? -->
<scope>runtime</scope>
</dependency>
<!-- the other two bridge API's go here -->
</dependencies>

Not in a very beautiful way :/
There is the maven enforcer plugin: http://maven.apache.org/enforcer/enforcer-rules/
so you can ban the transitive dependencies and include the version you want: http://maven.apache.org/enforcer/enforcer-rules/bannedDependencies.html
If you use a property for the good version you dont need to mess around in the enforcer plugin version.

Dependency Convergence may help you. Thank you #wemu!
I have a same? problem.
You can clone https://gist.github.com/f35db1ac6dc8b6f45393.git
<dependencies>
<dependency>
<groupId>ch.qos.logback</groupId>
<artifactId>logback-classic</artifactId>
<version>1.1.3</version>
<scope>runtime</scope> <!-- depends on slf4j-api:1.7.7 -->
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>log4j-over-slf4j</artifactId>
<version>${unified.slf4j-api.version}</version>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
<version>${unified.slf4j-api.version}</version>
</dependency>
</dependencies>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<unified.slf4j-api.version>1.7.7</unified.slf4j-api.version>
</properties>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-enforcer-plugin</artifactId>
<version>1.4.1</version>
<executions>
<execution>
<id>enforce</id>
<configuration>
<rules>
<dependencyConvergence/>
</rules>
</configuration>
<goals>
<goal>enforce</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>
</build>
At this point, things just work.
$ mvn -Dverbose=true dependency:tree verify
...
[INFO] test:enforcer-dependency-convergence-test:jar:0.1-SNAPSHOT
[INFO] +- ch.qos.logback:logback-classic:jar:1.1.3:runtime
[INFO] | +- ch.qos.logback:logback-core:jar:1.1.3:runtime
[INFO] | \- (org.slf4j:slf4j-api:jar:1.7.7:runtime - omitted for duplicate)
[INFO] +- org.slf4j:log4j-over-slf4j:jar:1.7.7:runtime
[INFO] | \- (org.slf4j:slf4j-api:jar:1.7.7:runtime - omitted for duplicate)
[INFO] \- org.slf4j:slf4j-api:jar:1.7.7:compile
[INFO]
[INFO] --- maven-enforcer-plugin:1.4.1:enforce (default) # enforcer-dependency-convergence-test ---
[INFO]
...
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
...
$
Now let's change the slf4j-api's version.
$ mvn -Dunified.slf4j-api.version=1.7.13 -Dverbose=true dependency:tree verify
...
[INFO] test:enforcer-dependency-convergence-test:jar:0.1-SNAPSHOT
[INFO] test:enforcer-dependency-convergence-test:jar:0.1-SNAPSHOT
[INFO] +- ch.qos.logback:logback-classic:jar:1.1.3:runtime
[INFO] | +- ch.qos.logback:logback-core:jar:1.1.3:runtime
[INFO] | \- (org.slf4j:slf4j-api:jar:1.7.7:runtime - omitted for conflict with 1.7.13)
[INFO] +- org.slf4j:log4j-over-slf4j:jar:1.7.13:runtime
[INFO] | \- (org.slf4j:slf4j-api:jar:1.7.13:runtime - omitted for conflict with 1.7.7)
[INFO] \- org.slf4j:slf4j-api:jar:1.7.13:compile
[INFO]
[INFO] --- maven-enforcer-plugin:1.4.1:enforce (default) # enforcer-dependency-convergence-test ---
[WARNING]
Dependency convergence error for org.slf4j:slf4j-api:1.7.7 paths to dependency are:
+-test:enforcer-dependency-convergence-test:0.1-SNAPSHOT
+-ch.qos.logback:logback-classic:1.1.3
+-org.slf4j:slf4j-api:1.7.7
and
+-test:enforcer-dependency-convergence-test:0.1-SNAPSHOT
+-org.slf4j:log4j-over-slf4j:1.7.13
+-org.slf4j:slf4j-api:1.7.13
and
+-test:enforcer-dependency-convergence-test:0.1-SNAPSHOT
+-org.slf4j:slf4j-api:1.7.13
[WARNING] Rule 0: org.apache.maven.plugins.enforcer.DependencyConvergence failed with message:
Failed while enforcing releasability the error(s) are [
Dependency convergence error for org.slf4j:slf4j-api:1.7.7 paths to dependency are:
+-test:enforcer-dependency-convergence-test:0.1-SNAPSHOT
+-ch.qos.logback:logback-classic:1.1.3
+-org.slf4j:slf4j-api:1.7.7
and
+-test:enforcer-dependency-convergence-test:0.1-SNAPSHOT
+-org.slf4j:log4j-over-slf4j:1.7.13
+-org.slf4j:slf4j-api:1.7.13
and
+-test:enforcer-dependency-convergence-test:0.1-SNAPSHOT
+-org.slf4j:slf4j-api:1.7.13
]
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
...
$

Just don't directly depend on slf4j in your top level pom.

ERROR SLF4J: Class path contains multiple SLF4J bindings jenkins cobertura maven

I'm with this error on third day already and I can't resolved. There is something that I can't grasp on and no matter what I do the error still persists.
I'm reading a book called "Jenkins a definitive guide" (http://www.wakaleo.com/books/jenkins-the-definitive-guide) and I'm stuck on chapter two. Basically is a example of how to use Jenkins with Javadoc, JUnit and Cobertura plugin for Jenkins. Everything works until I get to Cobertura plugin part, where I get next error:
[ERROR] SLF4J: Class path contains multiple SLF4J bindings.
SLF4J: Found binding in [jar:file:/C:/Windows/System32/config/systemprofile/.m2/repository/ch/qos/logback/logback-classic/1.0.13/logback-classic-1.0.13.jar!/org/slf4j/impl/StaticLoggerBinder.class]
SLF4J: Found binding in [jar:file:/C:/Windows/System32/config/systemprofile/.m2/repository/org/slf4j/slf4j-simple/1.6.1/slf4j-simple-1.6.1.jar!/org/slf4j/impl/StaticLoggerBinder.class]
SLF4J: See http://www.slf4j.org/codes.html#multiple_bindings for an explanation.
SLF4J: Actual binding is of type [ch.qos.logback.classic.util.ContextSelectorStaticBinder]
I have seen other problems like mine and the conclusion I got is that I have either to include o exclude a dependency in my pom.xml file/s (this examples only uses pom files at this stage). My pom.xml file that has slf4j-simple looks like this:
<project>
......
<dependencies>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-simple</artifactId>
<version>1.6.1</version>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
<version>1.6.1</version>
</dependency>
</dependencies>
</project>
and there is no explicit dependency to logback-classic hence I don't know in what dependency is being used. I tried to use dependency plugin for jenkins and I got this result:
[INFO] --- maven-dependency-plugin:2.8:tree (default-cli) # gameoflife-web ---
[INFO] com.wakaleo.gameoflife:gameoflife-web:war:1.0-SNAPSHOT
[INFO] +- com.wakaleo.gameoflife:gameoflife-core:jar:1.0-SNAPSHOT:compile
[INFO] +- org.springframework:spring-webmvc:jar:3.0.2.RELEASE:compile
[INFO] | +- org.springframework:spring-asm:jar:3.0.2.RELEASE:compile
[INFO] | +- org.springframework:spring-beans:jar:3.0.2.RELEASE:compile
[INFO] | +- org.springframework:spring-context:jar:3.0.2.RELEASE:compile
[INFO] | | \- org.springframework:spring-aop:jar:3.0.2.RELEASE:compile
[INFO] | +- org.springframework:spring-context-support:jar:3.0.2.RELEASE:compile
[INFO] | \- org.springframework:spring-expression:jar:3.0.2.RELEASE:compile
[INFO] +- org.springframework:spring-core:jar:3.0.2.RELEASE:compile
[INFO] | \- commons-logging:commons-logging:jar:1.1.1:compile
[INFO] +- org.springframework:spring-web:jar:3.0.2.RELEASE:compile
[INFO] | \- aopalliance:aopalliance:jar:1.0:compile
[INFO] +- javax.servlet:jstl:jar:1.2:compile
[INFO] +- javax.servlet:servlet-api:jar:2.5:provided
[INFO] +- org.mockito:mockito-all:jar:1.8.5:test
[INFO] +- org.easytesting:fest-assert:jar:1.4:compile
[INFO] | \- org.easytesting:fest-util:jar:1.1.6:compile
[INFO] +- org.slf4j:slf4j-simple:jar:1.6.1:compile
[INFO] +- org.slf4j:slf4j-api:jar:1.6.1:compile
[INFO] +- junit:junit:jar:4.11:test
[INFO] | \- org.hamcrest:hamcrest-core:jar:1.3:test
[INFO] \- org.hamcrest:hamcrest-all:jar:1.1:test
Maybe I'm blind, but I still can't see who uses logback-classic (by the way I'm not sure what values are correct for and for logback-classic).
I tried to remove the slf4j dependency's and I error is gone, but I don't get any cobertura reports. I tried to exclude logback-classic with
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-simple</artifactId>
<version>1.6.1</version>
<exclusions>
<exclusion>
<groupId>ch.qos.logback</groupId>
<artifactId>logback-classic</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
<version>1.6.1</version>
<exclusions>
<exclusion>
<groupId>ch.qos.logback</groupId>
<artifactId>logback-classic</artifactId>
</exclusion>
</exclusions>
</dependency>
and the error persists.
I don't know what to do anymore, please help!

The good news is that even if SLF4J is reporting an error, it's actually warning you that SLF4J will be bound to ch.qos.logback.classic.util.ContextSelectorStaticBinder since there are two bindings available on the class path. SLF4J will pick the first one available on the class path. Your application should continue to work just fine albeit logging with logback.
I can't tell you why logback-classic.jar is on the class path but I suggest you investigate the "System profile" mentioned in the class path.

You are trying to exclude the logback-classic from the slf dependency itself. The issue is that as mentioned here, you were using more than one binding in your class path. Actual way is to keep exclusion for logback-classic, in the dependency which uses it and not in your slf4j dependency. Unfortunately, I am not sure which of your jars, are having a reference to slf4j which is causing the issue. One workaround is, use Ctrl+Sft+T to see the existence of the StaticLoggerBinder class, in different jars, and place the logback-classic exclusion in that. Other work around is, you can try keeping exclusion, as trial and error. These are just work arounds, but the concept is same. We need to find other dependency which has reference to logback-classic in your classpath

Please follow the below
Steps
Step1: Identify the classic logback using the mvn dependency:tree
Step2: Add the below exclusion in pom.xml
<exclusions>
<exclusion>
<groupId>ch.qos.logback</groupId>
<artifactId>logback-classic</artifactId>
</exclusion>
<exclusion>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-to-slf4j</artifactId>
</exclusion>
</exclusions>
Step3: Test the application
Credits go to the https://java2blog.com/fixed-slf4j-warning-class-path-contains-multiple-slf4j-bindings/

Spring MVC Repository and Hibernate

Following Spring docs, I've created a maven project with the following dependencies :
<dependencies>
<dependency>
<groupId>org.postgresql</groupId>
<artifactId>postgresql</artifactId>
<version>9.3-1102-jdbc41</version>
</dependency>
<dependency>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-entitymanager</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-thymeleaf</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-jpa</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
</dependencies>
I'd like to know if Repository data abstraction "goes through" hibernate or not.

From the reference documentation:
28.3 JPA and ‘Spring Data’
The Java Persistence API is a standard technology that allows you to ‘map’ objects to relational databases. The spring-boot-starter-data-jpa POM provides a quick way to get started. It provides the following key dependencies:
Hibernate — One of the most popular JPA implementations.
Spring Data JPA — Makes it easy to easily implement JPA-based repositories.
Spring ORMs — Core ORM support from the Spring Framework.
So the answer is "Yes".
BTW, Spring will create and bootstrap automatically an EntityManagerFactory and DataSource beans by declaring a spring-boot-starter-data-jpa dependency.

If you are unsure which dependencies your project have, you can use the maven-dependency-plugin. Specifically, you can use dependency:tree to get a hierarchal tree view of all dependencies and their transitive dependencies (or dependency:list to get a plain list), e.g.
$ mvn dependency:tree
And to answer your question: Yes, spring-boot-starter-data-jpa does depend on Hibernate:
[INFO] +- org.springframework.boot:spring-boot-starter-data-jpa:jar:1.2.0.RELEASE:compile
[INFO] | +-
[INFO] | +- org.hibernate:hibernate-entitymanager:jar:4.3.7.Final:compile
[INFO] | | +-
[INFO] | | +- org.hibernate:hibernate-core:jar:4.3.7.Final:compile
[INFO] | | | +-
[INFO] | | +-
[INFO] | | +- org.hibernate.common:hibernate-commons-annotations:jar:4.0.5.Final:compile
[INFO] | | +- org.hibernate.javax.persistence:hibernate-jpa-2.1-api:jar:1.0.0.Final:compile
[INFO] | | +-