Why Spring 3 needs explicit cglib dependency declaration when using Maven? - spring

I'm using Spring 3 and Maven. I've defined all spring modules in my pom.xml.
When I use <aop:scoped-proxy />, I get an error saying that CGLIB is missing.
Well... I add CGLIB as a dependency in my pom and it all runs...
I'm a little confused... Maven is a dependency manager... Why it does not download CGLIB when I use the spring-aop module?
It's not the only case... Why do some projects need explicit dependency declaration instead of using Maven transitive dependency mechanism?

It's because cglib is marked as an optional dependency.
Essentially you don't need cglib for every usage of the spring-aop library, so maven doesn't download it automatically. You need to specify it manually, unfortunately.

I'm a little confused... Maven is a dependency manager... Why it does not download the cglib when I use the spring-aop module ?
Because not everybody uses CGLIB (an AOP proxy in Spring can be a JDK dynamic proxy or a CGLIB proxy) so CGLIB is marked as an optional dependency in the pom of spring-aop and you have to add it explicitly if you want to use it. This is exactly what optional dependencies are for.
Another similar example is Hibernate that lets you choose between cglib and javassist in hibernate-core in the same way. Hibernate also lets you choose between various connection pools (if you decide to use one of them) or cache providers (only ehcache, the default, is not declared as optional).

My guess would be that cglib is not enabled in Spring by default. And therefore it's not included in the pom unless you explicitly enable it.
As far as I know, Maven cannot go into your Spring configuration files and determine if it needs additional optionally enabled libraries. Although, that certainly sounds like it would be a cool Spring-Maven plugin if it were possible to modify the pom on the fly via plugin. Not sure if it is, but it would be cool.

Good news - this is a problem of the past:
As of Spring 3.2, it is no longer necessary to add CGLIB to your
project classpath, as CGLIB classes are repackaged under
org.springframework and included directly in the spring-core JAR. This
means that CGLIB-based proxy support just works in the same way that
JDK dynamic proxies always have.
Read more here.

Related

Ignore certain classes from dependency

I have a dependency which contains both CDI and EBJ beans/classes, however in my Quarkus project I only use/inject the classes with CDI annotations. When specifying that dependency in my pom.xml and running Quarkus in dev-mode, I get numerous exceptions for classes that I don't use/inject in my project:
Unsatisfied dependency for type <unused CDI class using/injecting EBJ bean>...
I thought this was odd, since I thought that Quarkus only includes "used classes" into the packed jar.
Then I realized that maybe the problem stem from "javax.ws.rs" annotations in the classes of the dependency.
Does Quarkus scan all dependencies for classes with JAX-RS annotations and includes those?
If yes, is there a way to define which classes or packages should be scanned for JAX-RS annotations?
If no, is there another way to exclude/ignore certain classes from a dependency? An option to generally exclude or ignore classes from dependencies would be very helpful for similar issues too (e.g. ambiguous dependency, etc).
Thanks!

Spring boot war file with unnecessary jars

I am making war packaging of my spring boot. made spring boot starter tomcat as provided, removed spring boot maven plugin.
But I still see tomcat jdbc and tomcat juli, to name a few (even junit, but it could be from other custom dependencies, so discounting this for this question). I am using logback, but I see log4j over slf4j from starter web.
Can I ask, how to skip unwanted jars and keep my package nice and tidy
Maven has the concept of "scope" for dependencies. You probably know the scope test which is used for unit test dependencies which should not go into the final product. Use this scope for junit.
What you need is the scope provided for the Tomcat dependencies. This tells Maven: "Don't include it; when the code is run, someone else will make sure this dependency is on the classpath".
The dependency log4j-over-slf4j is necessary when one of your dependencies still uses log4j to log. log4j-over-slf4j contains the code to redirect those calls to logback.
Now you will face the case where you can't change the scope because it's in a POM of someone else.
The correct solution here is to define the dependency with the correct scope (and version) in a dependencyManagement element in your POM. This definition will be used when any POM asks for this group+artifactId. So even when some deep dependency of Spring Boot pulls that in, your WAR will be build with the version and scope from the dependencyManagement element.
See also:
Dependency Scopes
Dependency Management

Remove Spring actuator from my project

I have a Spring boot project using spring security and Oauth2 and I'm noticing some bad behaviour which could be caused by actuator.
To be sure I want to remove it from the project but I can't find it explicitly mentionned in my Maven dependencies.
Any idea on how to do it?
It is not quite clear to me whether you want to exclude the actuator dependencies from your classpath or whether you want to disable the behaviour from your container. If it is the latter, you should be able to do so through your application.properties, i.e.:
management.endpoints.enabled-by-default=false
I am pretty sure you can disable also by using annotations on your spring boot application class as an alternative.
Find where it is with dependencies hiearchy and exclude it.
This official documentation may help you to do so.
Use mvn dependency:tree to print all the transitive dependencies as a tree structure. It's a standard maven-dependency-plugin mojo.
Once you find the dependency that introduces it use <dependencyManagement> section with correct <exclude> to remove the actuator from the project.

What is the difference between spring-context and spring-core dependencies?

Hello I am new to the Spring and maven world, and I want to know what is the difference between this 2 dependencies?
Its a simple question.. I am having trouble with my pom.xml file, so I want to know everything :).
Thanks in advance.
These are actually 2 of many Spring Framework modules. You can easily find what packages these artifacts contain, using this site:
http://mvnrepository.com/artifact/org.springframework/spring-core/3.1.1.RELEASE
This can give you information about classes contained within a particular artifact and probably about the its purpose.
For Spring Framework, spring-core contains mainly core utilities and common stuff (like enums) and because it's really critical for Spring, probably all other Spring modules depend on it (directly or transitively).
In turn spring-context provides Application Context, that is Spring's Dependency Injection Container and it is probably always defined in POMs of artifacts that use Spring Framework somehow. In fact, spring-context depends on spring-core so by defining spring-context as your dependency, you have spring-core in your classpath as well.

Configuring Jersey Via XML?

Is it possible to configure Jersey via XML rather than annotations? Here's my issue:
I have a maven multi-module project with the following modules:
client
webservice
shared
In the shared module, I would like to put my basic POJO classes, with minimal dependencies in the Maven POM. The webservice module will require the POJOs to be configured for both Hibernate and Jersey (such as with #XmlRoot and #Entity annotations). The client module has no need for the Hibernate- and Jersey-specific configuration, and having the classes annotated would introduce the dependencies into the client POM.
Normally I actually prefer annotations over XML, but in this particular case I'm trying to keep the design modular and at least somewhat clean.
Any suggestions?
You can annotate the classes and mark hibernate and jersey as optional dependencies. Then the classes are annotated appropriately and your client is free from the extra dependencies.

Resources