I have one Spring application(CustomerPort). In this I am using one open source jar(commons-lang.2.4). And my CustomerPort using other module, as jar, which using different version "commons-lang.2.2".
Since the other module using commons-lang.2.2, my application also refereeing modules opensource jar instead of commons-lang.2.4.
Could you plz let me how to exclude commons-lang.2.2 in Pom.xml file
use the <scope> tag to correct the scope of these transitive dependencies. Read this for more info on maven dependency scopes
In the pom.xml for CustomerPort, where you specify the dependency on the other jar module, you can specify an exclusion for commons-lang. This will prevent Maven from bringing in the commons-lang transitive dependency from the other jar.
<dependency>
<groupId>otherModuleGroupId</groupId>
<artifactId>otherModuleArtifactId</artifactId>
<version>otherModuleVersion</version>
<exclusions>
<exclusion>
<groupId>commons-lang</groupId>
<artifactId>commons-lang</artifactId>
</exclusion>
</exclusions>
</dependency>
Verify that its doing the right thing by running mvn dependency:tree in CustomerPort.
More info on excluding transitive dependencies here
Related
I am working in project where Springboot jar and Hive jar creating conflict becuase of duplicate versions
<dependency>
<groupId>org.apache.hive</groupId>
<artifactId>hive-jdbc</artifactId>
<version>3.1.0.3.1.0.0-78</version>
</dependency>
Above hive jar is fat jar and coming with many duplicate dependancy ,in following example you can see two versions 2.6.0 and 3.1.1.3.1.0.0-78
Now if we want to add exclude
<exclusions>
<exclusion>
<artifactId>XX</artifactId>
<groupId>YYY</groupId>
</exclusion>
</exclusions>
Now i want to exclude only 2.6.0 version and keep 3 3.1.1.3.1.0.0-78
, is there any option where we can defined excluded jar version ?
[WARNING]
Dependency convergence error for org.apache.hadoop:hadoop-auth:2.6.0 paths to dependency are:
+-com.syf.gemfire:jdbc-gemfire-dataloader-pcf:2.0.0
+-org.apache.hive:hive-jdbc:3.1.0.3.1.0.0-78
+-org.apache.hive:hive-common:3.1.0.3.1.0.0-78
+-com.github.joshelser:dropwizard-metrics-hadoop-metrics2-reporter:0.1.2
+-org.apache.hadoop:hadoop-common:2.6.0
+-org.apache.hadoop:hadoop-auth:2.6.0
and
+-com.syf.gemfire:jdbc-gemfire-dataloader-pcf:2.0.0
+-org.apache.hive:hive-jdbc:3.1.0.3.1.0.0-78
+-org.apache.hive:hive-service:3.1.0.3.1.0.0-78
+-org.apache.hive:hive-llap-server:3.1.0.3.1.0.0-78
+-org.apache.hbase:hbase-hadoop2-compat:2.0.2.3.1.0.0-78
+-org.apache.hadoop:hadoop-mapreduce-client-core:3.1.1.3.1.0.0-78
+-org.apache.hadoop:hadoop-yarn-common:3.1.1.3.1.0.0-78
+-org.apache.hadoop:hadoop-auth:3.1.1.3.1.0.0-78
and
+-com.syf.gemfire:jdbc-gemfire-dataloader-pcf:2.0.0
+-org.apache.hive:hive-jdbc:3.1.0.3.1.0.0-78
+-org.apache.hive:hive-service:3.1.0.3.1.0.0-78
+-org.apache.hive:hive-llap-server:3.1.0.3.1.0.0-78
+-org.apache.hbase:hbase-server:2.0.2.3.1.0.0-78
+-org.apache.hbase:hbase-http:2.0.2.3.1.0.0-78
+-org.apache.hadoop:hadoop-auth:3.1.1.3.1.0.0-78
To resolve the dependency convergence errors, add entries to <dependencyManagement>, in which you specify the version you want like
<dependency>
<groupId>org.apache.hive</groupId>
<artifactId>hive-jdbc</artifactId>
<version>3.1.0.3.1.0.0-78</version>
</dependency>
Then all transitively found versions are replaced by the one you specified an the conflict is gone.
I am trying to understand maven a little more. How is maven able to download the dependencies of the main dependency of the application? For example assuming my application has main dependency like this:
<dependency>
<groupId>org.apache.hadoop</groupId>
<artifactId>hadoop-hdfs</artifactId>
<version>2.7.0</version>
<scope>provided</scope>
</dependency>
Now, when maven downloads this jar , it downloads the dependencies for this jar as well. For example, see the screen shot below:
As can be seen, maven has not only downloaded the hadoop-hdfs-2.7.0.jar but also all it dependencies.
Now, my questions is how maven knows what are the dependencies for the "top-level" dependency, that is in this case the "top-level" dependency is hadoop-hdfs, so what all jars it has to download for this?
I see this as well in the .m2/respository for hadoop-hdfs:
I opened the .pom file, the contents are (partly):
<project>
....
<groupId>org.apache.hadoop</groupId>
<artifactId>hadoop-hdfs</artifactId>
<version>2.7.0</version>
<description>Apache Hadoop HDFS</description>
<name>Apache Hadoop HDFS</name>
<packaging>jar</packaging>
<dependencies>
<dependency>
<groupId>org.apache.hadoop</groupId>
<artifactId>hadoop-annotations</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.apache.hadoop</groupId>
<artifactId>hadoop-auth</artifactId>
<scope>provided</scope>
</dependency>
<dependencies>
...
</project>
What is this hadoop-hdfs-2.7.0.pom ? Does this file give information to maven what are the dependencies to be downloaded for hadoop-hdfs-2.7.0.jar?
Can anyone help me clear these things?
First of all you are right, the hadoop-hdfs-2.7.0.pom tells Maven
about the libraries that hadoop depends upon. But, when using hadoop
as a dependency in your project, maven uses the below strategies to
finalize the list of dependencies in addition to using the
hadoop-hdfs-2.7.0.pom.
If a dependency is specified with groupid, artifactid and version in the current project under the dependencies tag, it takes the first
precedence. This is how hadoop-hdfs got added in your project.
Dependency Management takes the next precedence. When a dependency is specified only with group and artifact id's under dependencies tag
but at the same time, the dependency is defined under
dependencyManagement tag with version and transitively inside hadoops pom.xml also,
the one under the dependencyManagement tag will be given preference.
Dependency Mediation takes the last precedence. Dependencies are resolved using dependency mediation. Meaning, in your case the
dependencies mentioned inside hadoop-hdfs-2.7.0.pom are the transitive
dependencies (indirectly depends on these dependencies since your
dependency "hadoop-hdfs" requires it) of your project and this process continues
recursively until all child dependencies are resolved.
Note: There are other features such as excluding dependencies, marking
one optional and importing a list of dependencies. But they are used
sparsely. More information with examples can be found in the below URL
[https://maven.apache.org/guides/introduction/introduction-to-dependency-mechanism.html#Dependency_Management][1]
I have added around 100 jars in my local Apache Archiva. Now i will want to add all these dependency jar to my project Pom.xml file.
Can it possible to add all these dependency by single Copy-paste? Right now i have to copy each individual dependency from Apache Archiva and paste into my project pom.xml file.I have to copy-paste these lines in my Pom.xml file for each jar which is very tough task.
<dependency>
<groupId>org.csdc</groupId>
<artifactId>dom4j</artifactId>
<version>1.6.1</version>
</dependency>
It's very unlikely that you need all 100 jars as direct dependencies. In maven, you have to list your direct dependencies - one by one, yes. However, you don't need to list your transitive dependencies because maven will manage that for you. This is one of the most fundamental improvements over older manual classpath management java building.
No All dependency of all jar,
because of in that jars some of the dependency have same group Id ,
so that have fetch all the jars that included.
some of the dependency is writing in pom.xml file
for example code is
<dependency>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-annotations</artifactId>
<version>3.4.0.GA</version>
</dependency>
the above dependency fetch all jars of related to hibernate-annotation
- hinernate-annotation
- hibernate-common-annotation
- hibernate-core jar files to be fetched.....
One business jar which have been developed by us is present in war. but I don't see in pom.xml.... when I search whole eclipse I found it is in .setting folder(.settings/org.eclipse.wst.common.component) of eclipse of same project.
here is entry of
<dependent-module archiveName="BankAccount-3.0.39.jar" deploy-path="/WEB-INF/lib"
handle="module:/classpath/var/M2_REPO/com/BankAccount/3.0.39/BankAccount-3.0.39.jar">
<dependency-type>uses</dependency-type>
</dependent-module>
If you are sure that jar is not needed by your project, then run mvn dependency:tree and find the origin of the particular jar. Then you can exclude the jar by using
<exclusions>
<exclusion>
<groupId>Group Id</groupId>
<artifactId>jar which you want to exclude</artifactId>
</exclusion>
</exclusions>
under the particular jar through which it got bundled.
You can also remove the jar by using the <exclusion> tag in assembly.xml of the particular project
Do mvn dependency:tree and see how it works.
I'm trying to upgrade my struts2 web app from guice2.0 to guice3.0.
I'm trying to test it out using maven jetty.
I've successfully upgraded my pom.xml to use the correct version and groupId for the 3.0 release, but if I call mvn jetty:run
I see that it is trying to download
guice-3.0-no_deps.jar
which throws a build error and can't be found the central repository?
I don't get this error if I don't include any guice extensions.
Any ideas?
Thanks
I posted this question also to the guice user group.
This is the answer I received.
The guice-3.0-no_deps.jar is a build-time artifact that's used to compile the extensions, but is not required at runtime - it's not on maven central because the Guice team didn't want people depending on this "uber-jar" by mistake. The extensions have an optional dependency to guice-3.0-no_deps.jar (so they can compile) but they also have a non-optional dependency to guice-3.0.jar for the runtime case.
Well-behaved maven plugins should see that the the no_deps dependency is optional and not throw a build error if it's missing, so this sounds like a bug in the jetty plugin. To workaround the Jetty bug you can explicitly hide this dependency as follows:
<dependency>
<groupId>com.google.inject.extensions</groupId>
<artifactId>guice-struts2</artifactId>
<version>3.0</version>
<exclusions>
<exclusion>
<groupId>com.google.inject</groupId>
<artifactId>guice</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>com.google.inject</groupId>
<artifactId>guice</artifactId>
<version>3.0</version>
</dependency>
Note that we can't do this in the original build pom because we still need the no_deps dependency when doing the original compilation.