Is there a generally-accepted notation to allow a representation of dependencies, inheritance and module aggregation for Maven Projects?
I haven't spent a lot of time looking, but nothing had immediately jumped out at me.
I've seen with the notation used in Sonatype's Complete Reference (eg. Figure 3.5. Enterprise Multi-module vs. Inheritance), but would prefer something that doesn't rely on colour to convey semantics.
I've been using UML-like syntax which shows a project "aggregating" (diamond symbol) the projects listed in it's <modules> section, UML inheritance for parent-child relationships and a broken-line with arrow to show dependency.
Are there better ideas out there?
For dependency diagrams, the convention is to use the output of dependency:tree
i.e.
[user:maven-test]$ mvn dependency:tree
[INFO] Scanning for projects...
[INFO]
[INFO] ------------------------------------------------------------------------
[INFO] Building maven-test 1.0
[INFO] ------------------------------------------------------------------------
[INFO]
[INFO] --- maven-dependency-plugin:2.1:tree (default-cli) # maven-test ---
[INFO] maven-test:maven-test:jar:1.0
[INFO] +- junit:junit:jar:3.8.1:test
[INFO] +- com.sun.jersey:jersey-json:jar:1.9.1:compile
[INFO] | +- org.codehaus.jettison:jettison:jar:1.1:compile
[INFO] | | \- stax:stax-api:jar:1.0.1:compile
[INFO] | +- com.sun.xml.bind:jaxb-impl:jar:2.2.3-1:compile
[INFO] | | \- javax.xml.bind:jaxb-api:jar:2.2.2:compile
[INFO] | | +- javax.xml.stream:stax-api:jar:1.0-2:compile
[INFO] | | \- javax.activation:activation:jar:1.1:compile
[INFO] | +- org.codehaus.jackson:jackson-core-asl:jar:1.8.3:compile
[INFO] | +- org.codehaus.jackson:jackson-mapper-asl:jar:1.8.3:compile
[INFO] | +- org.codehaus.jackson:jackson-jaxrs:jar:1.8.3:compile
[INFO] | +- org.codehaus.jackson:jackson-xc:jar:1.8.3:compile
[INFO] | \- com.sun.jersey:jersey-core:jar:1.9.1:compile
[INFO] +- com.sun.jersey:jersey-server:jar:1.14:compile
[INFO] | \- asm:asm:jar:3.1:compile
[INFO] \- com.sun.jersey:jersey-client:jar:1.14:compile
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
It turns out that this plugin can output to a visual graph.
See: Maven Dependency Plugin - Output type.
If you are using IntelliJ IDEA, it has a built in Maven dependency graph as well.
Related
As part Log4jshell problem, we are trying to analyze which projects use which version of Log4j. I did try the following maven commands
mvn dependency:list | grep log4j
mvn dependency:tree -Dverbose
mvn dependency:tree -Dverbose | grep log4
But it lists information only like this
mvn dependency:tree | grep log4
[INFO] \- org.apache.logging.log4j:log4j-api:jar:2.13.1:provided
[INFO] +- org.apache.logging.log4j:log4j-api:jar:2.13.1:provided
[INFO] | | +- log4j:log4j:jar:1.2.16:compile
[INFO] | | +- log4j:log4j:jar:1.2.16:compile
[INFO] | +- log4j:log4j:jar:1.2.17:provided
[INFO] +- log4j:log4j:jar:1.2.17:compile
[INFO] +- org.apache.logging.log4j:log4j-api:jar:2.13.1:compile
[INFO] \- org.apache.logging.log4j:log4j-core:jar:2.13.1:compile
[INFO] +- org.apache.logging.log4j:log4j-api:jar:2.13.1:compile
[INFO] +- org.apache.logging.log4j:log4j-core:jar:2.13.1:compile
[INFO] +- org.springframework.boot:spring-boot-starter-log4j2:jar:2.1.8.RELEASE:compile
[INFO] | +- org.apache.logging.log4j:log4j-slf4j-impl:jar:2.11.2:compile
[INFO] | +- org.apache.logging.log4j:log4j-jul:jar:2.11.2:compile
[INFO] +- org.springframework.boot:spring-boot-starter-log4j2:jar:2.1.8.RELEASE:compile
I cannot find which project in our workspace it points to. Can anyone please help on this?
Note: There are several maven projects and there is a parent pom.xml for all the pom.xml files. So want to identify which maven projects are using log4j along with the name.
Use the includes option
mvn dependency:tree -Dincludes=org.apache.logging.log4j
example output:
[INFO] com.test:test:jar:0.0.1-SNAPSHOT
[INFO] \- org.springframework.boot:spring-boot-starter-security:jar:2.5.3:compile
[INFO] \- org.springframework.boot:spring-boot-starter:jar:2.5.3:compile
[INFO] \- org.springframework.boot:spring-boot-starter-logging:jar:2.5.3:compile
[INFO] \- org.apache.logging.log4j:log4j-to-slf4j:jar:2.14.1:compile
[INFO] \- org.apache.logging.log4j:log4j-api:jar:2.14.1:compile
documentation
Thanks for the answer. Yes it did answer my question. I used the command below and got the result.
mvn dependency:tree -Dincludes=org.apache.logging.log4j -DoutputFile=`pwd`/maven-report-log4j.txt -DappendOutput=true
In a recent security alert, referenced here, I see there might be security concerns with Vaadin 7 because of a jsoup vulnerability. Because of other factors, I cannot upgrade. So I thought about just including the jsoup directly in my project. So before it was included indirectly via vaadin-server, now it is included directly, and the version vaadin-server references is "omitted for conflict with 1.14.2". Is this a safe way to address this security concern?
I am using Vaadin 7.7.17 and maven.
I ask largely because Vaadin did not offer this as a possible solution, so I assumed it would fail. But since maven is showing no error, I am worried I am missing something that will only show up in some strange runtime behavior.
Here is the dependency tree built via mvn dependency:tree. First of all, the original version, stripped down:
[INFO] Scanning for projects...
[INFO]
[INFO] ---------------------< com.mobiwms:vaadinwebsite >----------------------
[INFO] Building vaadinwebsite 4.0.31
[INFO] --------------------------------[ war ]---------------------------------
[INFO]
[INFO] --- maven-dependency-plugin:2.8:tree (default-cli) # vaadinwebsite ---
[INFO] com.mobiwms:vaadinwebsite:war:4.0.31
[INFO] +- javax.servlet:javax.servlet-api:jar:3.0.1:provided
[INFO] +- com.vaadin:vaadin-server:jar:7.7.17:compile
[INFO] | +- com.vaadin:vaadin-sass-compiler:jar:0.9.13:compile
[INFO] | | +- org.w3c.css:sac:jar:1.3:compile
[INFO] | | \- com.vaadin.external.flute:flute:jar:1.3.0.gg2:compile
[INFO] | +- com.vaadin:vaadin-shared:jar:7.7.17:compile
[INFO] | \- org.jsoup:jsoup:jar:1.8.3:compile
[INFO] +- com.vaadin:vaadin-push:jar:7.7.17:compile
[INFO] | \- com.vaadin.external.atmosphere:atmosphere-runtime:jar:2.2.13.vaadin1:compile
[INFO] | \- com.vaadin.external.slf4j:vaadin-slf4j-jdk14:jar:1.6.1:compile
[INFO] +- com.vaadin:vaadin-client:jar:7.7.17:provided
... // Stripped out unrelated portions of hierarchy.
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 4.758 s
[INFO] Finished at: 2021-10-27T18:59:19-04:00
[INFO] ------------------------------------------------------------------------
And now the new version, stripped down:
[INFO] Scanning for projects...
[INFO]
[INFO] ---------------------< com.mobiwms:vaadinwebsite >----------------------
[INFO] Building vaadinwebsite 4.0.31
[INFO] --------------------------------[ war ]---------------------------------
[INFO]
[INFO] --- maven-dependency-plugin:2.8:tree (default-cli) # vaadinwebsite ---
[INFO] com.mobiwms:vaadinwebsite:war:4.0.31
[INFO] +- javax.servlet:javax.servlet-api:jar:3.0.1:provided
[INFO] +- com.vaadin:vaadin-server:jar:7.7.17:compile
[INFO] | +- com.vaadin:vaadin-sass-compiler:jar:0.9.13:compile
[INFO] | | +- org.w3c.css:sac:jar:1.3:compile
[INFO] | | \- com.vaadin.external.flute:flute:jar:1.3.0.gg2:compile
[INFO] | \- com.vaadin:vaadin-shared:jar:7.7.17:compile
[INFO] +- com.vaadin:vaadin-push:jar:7.7.17:compile
[INFO] | \- com.vaadin.external.atmosphere:atmosphere-runtime:jar:2.2.13.vaadin1:compile
[INFO] | \- com.vaadin.external.slf4j:vaadin-slf4j-jdk14:jar:1.6.1:compile
[INFO] +- com.vaadin:vaadin-client:jar:7.7.17:provided
... // Stripped out unrelated portions of hierarchy.
[INFO] \- org.jsoup:jsoup:jar:1.14.2:compile
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 2.285 s
[INFO] Finished at: 2021-10-27T18:56:01-04:00
[INFO] ------------------------------------------------------------------------
Just noting here. There is no actual problem in Vaadin 7 itself that would be impacted due potential Jsoup vulnerability in question. The dependency was updated to a newer version more in purpose to enforce application developers to use the newer version. Newer version of the Jsoup had some API changes that needed small code changes in Vaadin 7. If your application is not using Jsoup in the way that the vulnerability is not exposed, then the upgrade is not absolutely mandatory. Also reminding that Vaadin 7 versions newer than 7.7.17 require commercial license for extended support.
dependency:list prints entire tree in flat format.
What can I do so it only gives first level only ?
Just to illustrate with dependency:tree
[INFO]
[INFO] --- maven-dependency-plugin:2.8:tree (default-cli) # abc-service ---
[INFO] xx.xyz.zbc:abc-service:jar:1.82-SNAPSHOT
[INFO] +- io.swagger.core.v3:swagger-annotations:jar:2.1.2:compile
[INFO] +- org.apache.commons:commons-compress:jar:1.14:test
[INFO] +- org.xmlmatchers:xml-matchers:jar:1.0-RC1:test
[INFO] | +- xmlunit:xmlunit:jar:1.6:test
[INFO] | \- net.sf.saxon:Saxon-HE:jar:9.4:test
[INFO] | +- org.jdom:jdom:jar:1.1:test
[INFO] | +- xom:xom:jar:1.2.5:test
[INFO] | | \- xerces:xercesImpl:jar:2.8.0:test
[INFO] | \- xml-resolver:xml-resolver:jar:1.2:test
I just want
[INFO] +- io.swagger.core.v3:swagger-annotations:jar:2.1.2:compile
[INFO] +- org.apache.commons:commons-compress:jar:1.14:test
[INFO] +- org.xmlmatchers:xml-matchers:jar:1.0-RC1:test
From what I can read in the documentation.
https://maven.apache.org/plugins/maven-dependency-plugin/list-mojo.html
mvn dependency:list -DexcludeTransitive=true
I have imported a maven project in an IntelliJ Idea. Everything seems fine but when no dependencies are found.
I have already tried to reimport the project. tried restarting IntelliJ. mvn Dependency:tree command shows all the dependency available in the pom.
mvn dependency:tree
[INFO] Scanning for projects...
[INFO] gitflow-incremental-builder is disabled.
[INFO]
[INFO] ---------------------< com.baeldung:cascade-type >----------------------
[INFO] Building cascade-type 1.0.0-SNAPSHOT
[INFO] --------------------------------[ jar ]---------------------------------
[INFO]
[INFO] --- maven-dependency-plugin:2.8:tree (default-cli) # cascade-type ---
[INFO] com.baeldung:cascade-type:jar:1.0.0-SNAPSHOT
[INFO] +- org.hibernate:hibernate-core:jar:5.3.7.Final:compile
[INFO] | +- org.jboss.logging:jboss-logging:jar:3.3.2.Final:compile
[INFO] | +- javax.persistence:javax.persistence-api:jar:2.2:compile
[INFO] | +- org.javassist:javassist:jar:3.23.1-GA:compile
[INFO] | +- net.bytebuddy:byte-buddy:jar:1.8.17:compile
[INFO] | +- antlr:antlr:jar:2.7.7:compile
[INFO] | +- org.jboss.spec.javax.transaction:jboss-transaction-api_1.2_spec:jar:1.1.1.Final:compile
[INFO] | +- org.jboss:jandex:jar:2.0.5.Final:compile
[INFO] | +- com.fasterxml:classmate:jar:1.3.4:compile
[INFO] | +- javax.activation:javax.activation-api:jar:1.2.0:compile
[INFO] | +- org.dom4j:dom4j:jar:2.1.1:compile
[INFO] | \- org.hibernate.common:hibernate-commons-annotations:jar:5.0.4.Final:compile
[INFO] +- org.assertj:assertj-core:jar:3.8.0:test
[INFO] +- com.h2database:h2:jar:1.4.197:compile
[INFO] +- org.hibernate:hibernate-validator:jar:5.3.3.Final:compile
[INFO] | \- javax.validation:validation-api:jar:1.1.0.Final:compile
[INFO] +- javax.el:javax.el-api:jar:2.2.5:compile
[INFO] +- org.glassfish:javax.el:jar:3.0.1-b08:compile
[INFO] +- org.slf4j:slf4j-api:jar:1.7.21:compile
[INFO] +- ch.qos.logback:logback-classic:jar:1.1.7:compile
[INFO] +- ch.qos.logback:logback-core:jar:1.1.7:compile
[INFO] +- org.slf4j:jcl-over-slf4j:jar:1.7.21:compile
[INFO] +- junit:junit:jar:4.12:test
[INFO] +- org.junit.jupiter:junit-jupiter-engine:jar:5.4.2:test
[INFO] | +- org.apiguardian:apiguardian-api:jar:1.0.0:test
[INFO] | \- org.junit.platform:junit-platform-engine:jar:1.4.2:test
[INFO] +- org.junit.jupiter:junit-jupiter-params:jar:5.4.2:test
[INFO] +- org.junit.jupiter:junit-jupiter-api:jar:5.4.2:test
[INFO] | +- org.opentest4j:opentest4j:jar:1.1.1:test
[INFO] | \- org.junit.platform:junit-platform-commons:jar:1.4.2:test
[INFO] +- org.hamcrest:hamcrest-core:jar:1.3:test
[INFO] +- org.hamcrest:hamcrest-library:jar:1.3:test
[INFO] +- org.hamcrest:hamcrest-all:jar:1.3:test
[INFO] +- org.mockito:mockito-core:jar:2.21.0:test
[INFO] | +- net.bytebuddy:byte-buddy-agent:jar:1.8.15:test
[INFO] | \- org.objenesis:objenesis:jar:2.6:test
[INFO] \- org.apache.maven.surefire:surefire-logger-api:jar:2.22.0:test
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 1.583 s
[INFO] Finished at: 2019-05-25T13:52:34+02:00
I am not able to use any classes from any of dependency. Any help would be appreciated.
I have a standalone spring app that contains mainly aspecj aspects and few other spring managed beans and bundled in a jar with maven-assembly plugin with all the spring dependencies bundled inside the jar and added to weblogic classpath.
the goal is to have he aspects inside the library woven into all the running applications inside weblogic in run time using aspectJ agent.
The problem is that when I add my jar file in the classpath and restart the server I get ClassNotFoundException when the existing web app is deployed.
I know it is not a jar file not in the lib folder, since the app deploys fine without my jar file in classpath.
Note: I also get classNotFoundException when I just drop the spring jar files in the domain/lib folder.
Can you shade some light on why the running applications are impacted by my spring based library?
Please see stacktrace below: i m pretty sure javax.validation.ValidatorFactory is in the validation-api inside the WEB-INF\lib folder. as i only get this exception when I add my custom jar file to weblogic classpath.
Caused By: org.springframework.beans.factory.CannotLoadBeanClassException: Error loading class [org.springframework.validation.beanvalidation.LocalValidatorFactoryBean] for bean with name 'jsr303Validator' defined in ServletContext resource [/WEB-INF/config/webmvc-config.xml]: problem with class file or dependent class; nested exception is java.lang.NoClassDefFoundError: javax/validation/ValidatorFactory
at org.springframework.beans.factory.support.AbstractBeanFactory.resolveBeanClass(AbstractBeanFactory.java:1272)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.predictBeanType(AbstractAutowireCapableBeanFactory.java:578)
at org.springframework.beans.factory.support.AbstractBeanFactory.isFactoryBean(AbstractBeanFactory.java:1338)
at org.springframework.beans.factory.support.DefaultListableBeanFactory.doGetBeanNamesForType(DefaultListableBeanFactory.java:356)
at org.springframework.beans.factory.support.DefaultListableBeanFactory.getBeanNamesForType(DefaultListableBeanFactory.java:335)
at org.springframework.beans.factory.BeanFactoryUtils.beanNamesForTypeIncludingAncestors(BeanFactoryUtils.java:187)
at org.springframework.beans.factory.support.DefaultListableBeanFactory.findAutowireCandidates(DefaultListableBeanFactory.java:895)
at org.springframework.beans.factory.support.DefaultListableBeanFactory.doResolveDependency(DefaultListableBeanFactory.java:853)
at org.springframework.beans.factory.support.DefaultListableBeanFactory.resolveDependency(DefaultListableBeanFactory.java:768)
at org.s
Caused By: java.lang.ClassNotFoundException: javax.validation.ValidatorFactory
at java.net.URLClassLoader$1.run(URLClassLoader.java:202)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:190)
at java.lang.ClassLoader.loadClass(ClassLoader.java:306)
at java.lang.ClassLoader.loadClass(ClassLoader.java:247)
at java.lang.ClassLoader.defineClass1(Native Method)
at java.lang.ClassLoader.defineClassCond(ClassLoader.java:631)
at java.lang.ClassLoader.defineClass(ClassLoader.java:615)
at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:141)
at java.net.URLClassLoader.defineClass(URLClassLoader.java:283)
at java
Here is the dependency tree of my WAR file.
[INFO] [dependency:tree {execution: default-cli}]
[INFO] com.company.project:eCom4jWeb:war:1.0.0-SNAPSHOT
[INFO] +- com.company.project:eCom4jCore:jar:1.0.0-SNAPSHOT:compile
[INFO] | +- org.springframework:spring-jdbc:jar:3.1.2.RELEASE:compile
[INFO] | +- org.hsqldb:com.springsource.org.hsqldb:jar:1.8.0.9:runtime
[INFO] | +- mysql:mysql-connector-java:jar:5.1.9:compile
[INFO] | +- org.hibernate:com.springsource.org.hibernate:jar:3.3.2.GA:compile
[INFO] | | +- net.sourceforge.cglib:com.springsource.net.sf.cglib:jar:2.2.0:compile
[INFO] | | +- org.antlr:com.springsource.antlr:jar:2.7.6:compile
[INFO] | | +- org.apache.commons:com.springsource.org.apache.commons.collections:jar:3.2.1:compile
[INFO] | | +- org.dom4j:com.springsource.org.dom4j:jar:1.6.1:compile
[INFO] | | +- org.jboss.javassist:com.springsource.javassist:jar:3.9.0.GA:compile
[INFO] | | \- org.objectweb.asm:com.springsource.org.objectweb.asm:jar:1.5.3:compile
[INFO] | +- org.hibernate:com.springsource.org.hibernate.annotations:jar:3.4.0.GA:compile
[INFO] | | \- org.hibernate:com.springsource.org.hibernate.annotations.common:jar:3.3.0.ga:compile
[INFO] | +- org.hibernate:hibernate-validator:jar:4.2.0.Final:compile
[INFO] | | +- javax.validation:validation-api:jar:1.0.0.GA:compile
[INFO] | | \- org.slf4j:slf4j-api:jar:1.6.1:compile
[INFO] | +- javax.transaction:com.springsource.javax.transaction:jar:1.1.0:compile
[INFO] | +- commons-beanutils:commons-beanutils:jar:1.8.3:compile
[INFO] | +- net.sf.dozer:dozer:jar:5.3.1:compile
[INFO] | \- org.apache.xmlbeans:xmlbeans:jar:2.4.0:runtime
[INFO] | \- stax:stax-api:jar:1.0.1:runtime
[INFO] +- com.company.project:eCom4jWS:jar:1.0.0-SNAPSHOT:compile
[INFO] | +- com.company.project:eCom4jRemixDomain:jar:1.0.0-SNAPSHOT:compile
[INFO] | | \- org.jvnet.jaxb2_commons:jaxb2-basics-runtime:jar:0.6.2:compile
[INFO] | \- org.springframework:spring-oxm:jar:3.1.2.RELEASE:compile
[INFO] +- javax.servlet:jstl:jar:1.2:compile
[INFO] +- org.springframework.security:spring-security-web:jar:3.1.2.RELEASE:compile
[INFO] | \- aopalliance:aopalliance:jar:1.0:compile
[INFO] +- org.springframework.security:spring-security-taglibs:jar:3.1.2.RELEASE:compile
[INFO] | \- org.springframework.security:spring-security-acl:jar:3.1.2.RELEASE:compile
[INFO] +- org.springframework:spring-webmvc:jar:3.1.2.RELEASE:compile
[INFO] | +- org.springframework:spring-asm:jar:3.1.2.RELEASE:compile
[INFO] | \- org.springframework:spring-context-support:jar:3.1.2.RELEASE:compile
[INFO] +- javax.servlet:servlet-api:jar:2.5:provided
[INFO] +- org.springframework:spring-beans:jar:3.1.2.RELEASE:compile
[INFO] +- org.springframework.webflow:spring-binding:jar:2.2.1.RELEASE:compile
[INFO] +- org.springframework.webflow:spring-js:jar:2.2.1.RELEASE:compile
[INFO] | \- org.springframework.webflow:spring-js-resources:jar:2.2.1.RELEASE:compile
[INFO] +- org.springframework.webflow:spring-webflow:jar:2.2.1.RELEASE:compile
[INFO] +- org.springframework.security:spring-security-config:jar:3.1.2.RELEASE:compile
[INFO] +- org.springframework.security:spring-security-core:jar:3.1.2.RELEASE:compile
[INFO] +- org.springframework:spring-tx:jar:3.1.2.RELEASE:compile
[INFO] +- org.springframework:spring-web:jar:3.1.2.RELEASE:compile
[INFO] +- org.springframework:spring-aop:jar:3.1.2.RELEASE:compile
[INFO] +- commons-logging:commons-logging:jar:1.1.1:compile
[INFO] +- org.springframework:spring-core:jar:3.1.2.RELEASE:compile
[INFO] +- org.springframework:spring-orm:jar:3.1.2.RELEASE:compile
[INFO] +- org.springframework:spring-context:jar:3.1.2.RELEASE:compile
[INFO] +- javax.el:el-api:jar:1.0:provided
[INFO] +- org.jboss.el:com.springsource.org.jboss.el:jar:2.0.0.GA:compile
[INFO] +- org.apache.tiles:tiles-core:jar:2.1.4:compile
[INFO] | +- commons-digester:commons-digester:jar:1.8.1:compile
[INFO] | \- commons-logging:commons-logging-api:jar:1.1:compile
[INFO] +- org.apache.tiles:tiles-jsp:jar:2.1.4:compile
[INFO] +- org.apache.tiles:tiles-api:jar:2.1.4:compile
[INFO] +- org.apache.tiles:tiles-servlet:jar:2.1.4:compile
[INFO] +- org.springframework:spring-test:jar:3.1.2.RELEASE:test
[INFO] +- org.springframework:spring-expression:jar:3.1.2.RELEASE:compile
[INFO] +- org.springframework:spring-test-mvc:jar:1.0.0.BUILD-SNAPSHOT:test
[INFO] +- org.powermock:powermock-module-junit4:jar:1.4.12:test
[INFO] | \- org.powermock:powermock-module-junit4-common:jar:1.4.12:test
[INFO] | +- org.powermock:powermock-core:jar:1.4.12:test
[INFO] | | \- org.javassist:javassist:jar:3.16.1-GA:test
[INFO] | \- org.powermock:powermock-reflect:jar:1.4.12:test
[INFO] +- org.powermock:powermock-api-easymock:jar:1.4.12:test
[INFO] | \- org.powermock:powermock-api-support:jar:1.4.12:test
[INFO] +- org.codehaus.jackson:jackson-mapper-asl:jar:1.5.3:compile
[INFO] | \- org.codehaus.jackson:jackson-core-asl:jar:1.5.3:compile
[INFO] +- com.jayway.jsonpath:json-path:jar:0.8.1:test
[INFO] | \- net.minidev:json-smart:jar:1.1.1:test
[INFO] +- org.aspectj:com.springsource.org.aspectj.weaver:jar:1.6.8.RELEASE:compile
[INFO] +- org.slf4j:com.springsource.slf4j.api:jar:1.5.6:compile
[INFO] +- org.slf4j:com.springsource.slf4j.org.apache.commons.logging:jar:1.5.6:runtime
[INFO] +- org.slf4j:com.springsource.slf4j.log4j:jar:1.5.6:runtime
[INFO] +- org.apache.log4j:com.springsource.org.apache.log4j:jar:1.2.15:compile
[INFO] +- org.apache.commons:com.springsource.org.apache.commons.dbcp:jar:1.2.2.osgi:runtime
[INFO] +- org.apache.commons:com.springsource.org.apache.commons.pool:jar:1.5.3:runtime
[INFO] +- org.hamcrest:hamcrest-all:jar:1.3:compile
[INFO] +- junit:junit:jar:4.8.1:test (scope not updated to compile)
[INFO] +- org.easymock:easymock:jar:3.1:test
[INFO] | +- cglib:cglib-nodep:jar:2.2.2:test
[INFO] | \- org.objenesis:objenesis:jar:1.2:test
[INFO] +- commons-lang:commons-lang:jar:2.6:compile
[INFO] +- org.apache.struts:struts2-core:jar:2.2.1:compile
[INFO] | +- org.apache.struts.xwork:xwork-core:jar:2.2.1:compile
[INFO] | +- org.freemarker:freemarker:jar:2.3.16:compile
[INFO] | +- ognl:ognl:jar:3.0:compile
[INFO] | +- commons-fileupload:commons-fileupload:jar:1.2.1:compile
[INFO] | +- commons-io:commons-io:jar:1.3.2:compile
[INFO] | \- com.sun:tools:jar:1.5.0:system
[INFO] +- org.apache.struts:struts2-tiles-plugin:jar:2.2.1:compile
[INFO] +- org.apache.struts:struts2-spring-plugin:jar:2.2.1:compile
[INFO] +- javax.mail:mail:jar:1.4:compile
[INFO] | \- javax.activation:activation:jar:1.1:compile
[INFO] \- net.tanesha.recaptcha4j:recaptcha4j:jar:0.0.7:compile
[INFO] -------
Thanks
If you are using maven to build your jar, try to build your jar file with the dependencies embedded and test it, the below link can help you to do so:
How can I create an executable JAR with dependencies using Maven?
The dependency tree shows:
two versions of commons-logging: 1.1 and 1.1.1
two versions of slf4j: 1.5.6 and 1.6.1
javax.transaction has scoped compiled instead of provided
various versions of Hibernate artifacts from different sources org.hibernate:com.springsource.org.hibernate:jar:3.3.2.GA:compile org.hibernate:com.springsource.org.hibernate.annotations:jar:3.4.0.GA:compile org.hibernate:hibernate-validator:jar:4.2.0.Final:compile
As ClassLoader loads resources without any determined or predefined order, adding a jar file may have changed this order and class conflicts are now visible - either inside the EAR/WAR itself or between the application server and the application.
It is not obvious to point the conflict source with information provided but it is probably org.hibernate:hibernate-validator and you should align its version with core package, so 3.3.2.GA from com.springsource too.
To get the diagnostic clear, run WebLogic JVM with -verbose:class option and look at stderr output. The latest loaded resources before the failure and log of previously loaded related classes are the best clues to eliminate such a conflict created by packaging.
If conflict comes from a application server package and you cannot align to that same version, WebLogic allows you to set class loading filtering by package to force your own version to be loaded. Please refer to section Using a Filtering Classloader from classloading documentation.
It sounds like a Jar Hell... If you have different versions of the same jar, your container only loads the first one... now, imagine if it loads version 5 of jar 1, and version 2 of the dependent jar 2 (but the correct was version 5 too)... and can get a big crash in your system... to prevent it, some container just don't load none versions, and give some messages like ClassNotFoundException.