Develop Reference

Programmatically retrieve all Maven dependencies

How can I in an very easy way retrieve all direct and transitive dependencies for a given Maven POM in my own Java program?
I aware of the existing questions on Stackoverflow, especially the one using Ivy to resolve the dependencies. I am looking for a solution using Maven, which is able also to resolve the transitive dependencies.

If you need this during a Maven build, you can easily access it in a Maven plugin using project.getDependencies().
If you have a standalone Java program, you can use Maven resolver or the older Aether libraries to do the resolution.

I was now able to solve the problem by using JBoss Shrinkwrap.
Here is a code snipped similar to the one I now use in my tools:
MavenStrategyStage resolve =
Maven.configureResolver()
// do not consult Maven Central or any other repository
.workOffline()
// import the configuration of the given settings.xml
.fromFile(homeDir + "/jqa-release-environment/maven-settings.xml")
// load the POM you would like to analyse
.loadPomFromFile(pomFile)
.importCompileAndRuntimeDependencies()
.importRuntimeAndTestDependencies()
.resolve();
MavenWorkingSession mavenWorkingSession =
((MavenWorkingSessionContainer) resolve).getMavenWorkingSession();
List<MavenDependency> dependencies = new ArrayList<>();
dependencies.addAll(mavenWorkingSession.getDependenciesForResolution());
dependencies.addAll(mavenWorkingSession.getDependencyManagement());
To be able to use Shrinkwrap, I added the following dependencies to my POM.
<dependency>
<groupId>org.jboss.shrinkwrap.resolver</groupId>
<artifactId>shrinkwrap-resolver-depchain</artifactId>
<type>pom</type>
<version>3.1.4</version>
</dependency>
<dependency>
<groupId>org.jboss.shrinkwrap.resolver</groupId>
<artifactId>shrinkwrap-resolver-impl-maven</artifactId>
<version>3.1.4</version>
</dependency>
<dependency>
<groupId>org.jboss.shrinkwrap.resolver</groupId>
<artifactId>shrinkwrap-resolver-api-maven</artifactId>
<version>3.1.4</version>
</dependency>

Force latest version for maven dependencies

I have the following dependency (only so far) pom.xml
<dependency>
<groupId>org.springframework.data</groupId>
<artifactId>spring-data-jpa</artifactId>
<version>1.6.2.RELEASE</version>
</dependency>
This dependency obviously depends on other "dependencies" via it's pom.xml... when maven finished downloading these dependencies I noticed that it didn't grab the latest version of the Spring stuff (4.0.6.RELEASE)... it grabbed a 3.2.x version.
How can I force maven to grab the latest version of the Spring stuff? Do I need to explicitly modify my pom.xml to include all the dependencies or is there some "magic" I can use for this?
Thanks.

Spring "Bill Of Materials"
Salvation may come from special "bill of materials" POMs supported by Maven and published by Spring. Quoting from Maven "Bill Of Materials" Dependency in their manual:
It is possible to accidentally mix different versions of Spring JARs when using Maven. For example, you may find that a third-party library, or another Spring project, pulls in a transitive dependency to an older release. If you forget to explicitly declare a direct dependency yourself, all sorts of unexpected issues can arise.
To overcome such problems Maven supports the concept of a "bill of materials" (BOM) dependency. You can import the spring-framework-bom in your dependencyManagement section to ensure that all spring dependencies (both direct and transitive) are at the same version.
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-framework-bom</artifactId>
<version>4.0.6.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>
Would this work for you?

Looking at the spring-data-jpa artifact pom file, we can see that it has a parent called spring-data-parent with current version 1.4.2.RELEASE. It's pom describes dependencies and their versions. Currently spring version is at 3.2.10.RELEASE
One way you can possibly accomplish what you want is to add explicit dependency on spring artifacts. But you would still have to define their versions.

Is it possible to download - all Spring jars in one bundle

I have question concerning to spring framework jars. Is it possible to download whole bundle in "one shoot" - e.g. relase - 4.0.0 - if yes how and where, or shall i download .jar after .jar from http://mvnrepository.com/ ?
Thank you indeed

If you are not using Maven, you need to do download the JARs manually one by one, or you can opt to download a ZIP from here, as there is no official link.
If you are using Maven, you can opt to include whichever Spring dependencies you need - see this answer. This is also the way I prefer to do it.
On the Spring documentation page, they are suggesting doing it in the following way:
<dependencies>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-context</artifactId>
<version>4.0.0.RELEASE</version>
</dependency>
</dependencies>
It resolves spring-core, spring-aop, spring-context, spring-expression and spring-beans.

what is difference between "org.springframework.xyz-2.5.6.A.jar" and "spring-xyz-2.5.6.RELEASE.jar"

i am new to spring framework. When i try to download required jar files for spring, then there is 2 options for same classes-
org.springframework.xyz-2.5.6.A.jar and spring-xyz-2.5.6.RELEASE.jar.
I want to know what is the difference and which is recommended to use?
thanks.

The org.springframework.xyz version is the artifact ID used by SpringSource in their Enterprise Bundle Repository, a self-contained set of OSGi-compliant JARs for both Spring and non-Spring artifacts. The spring-xyz version is the standard non-OSGi version available on Maven Central.
If you're using OSGi then use the EBR JARs, if you're not then use the standard ones.

The current Maven dependency for spring-context is
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-context</artifactId>
<version>3.2.4.RELEASE</version>
</dependency>
The resulting JAR is spring-context-3.2.4.RELEASE.jar.
So the second name looks OK to me.

downloading guice3.0 artifact from maven central repository

I'm trying to upgrade my struts2 web app from guice2.0 to guice3.0.
I'm trying to test it out using maven jetty.
I've successfully upgraded my pom.xml to use the correct version and groupId for the 3.0 release, but if I call mvn jetty:run
I see that it is trying to download
guice-3.0-no_deps.jar
which throws a build error and can't be found the central repository?
I don't get this error if I don't include any guice extensions.
Any ideas?
Thanks

I posted this question also to the guice user group.
This is the answer I received.
The guice-3.0-no_deps.jar is a build-time artifact that's used to compile the extensions, but is not required at runtime - it's not on maven central because the Guice team didn't want people depending on this "uber-jar" by mistake. The extensions have an optional dependency to guice-3.0-no_deps.jar (so they can compile) but they also have a non-optional dependency to guice-3.0.jar for the runtime case.
Well-behaved maven plugins should see that the the no_deps dependency is optional and not throw a build error if it's missing, so this sounds like a bug in the jetty plugin. To workaround the Jetty bug you can explicitly hide this dependency as follows:
<dependency>
<groupId>com.google.inject.extensions</groupId>
<artifactId>guice-struts2</artifactId>
<version>3.0</version>
<exclusions>
<exclusion>
<groupId>com.google.inject</groupId>
<artifactId>guice</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>com.google.inject</groupId>
<artifactId>guice</artifactId>
<version>3.0</version>
</dependency>
Note that we can't do this in the original build pom because we still need the no_deps dependency when doing the original compilation.