Maven 2 & 3

Add "additions"/"depedencies" to "dependency" element in "dependencyManagement".

Details

  • Complexity:
    Intermediate
  • Number of attachments :
    0

Description

Quite often we need ugly hacks in our poms because of broken dependencies in artifacts we depend on.

For example, org.apache.ws.security:wss4j depends on xalan:xalan, but that dependency is outdated or badly maintained (not sure now, but irrelevant); so we need to exclude it and replace it with org.apache.xalan:xalan. Only; we can't do this from our dependencyManagement section for all our project modules, no, we can exclude xalan:xalan, but for EACH module that uses wss4j, we need to MANUALLY specify the dependency on org.apache.xalan:xalan; even though this SHOULD be a transitional dependency from wss4j. This is dirty and causes unacceptable bugs and maintenance when artifact dependencies change or artifacts are distributed to third parties.

To fix this, we need to either host our own fixed version of wss4j, or Maven would have to introduce a method of doing BOTH the exclusion of xalan:xalan AND the addition of org.apache.xalan:xalan to the wss4j artifact from the dependencyManagement section. Personally; I'm not sure it makes much sense supporting only one of the two.

In this example, I'd like to see the following in my project's parent pom:

<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.apache.ws.security</groupId>
<artifactId>wss4j</artifactId>
<version>$

{wss4j.version}

</version>

<exclusions>
<!-- We use org.apache.* instead -->
<exclusion>
<groupId>xalan</groupId>
<artifactId>xalan</artifactId>
</exclusion>
<exclusion>
<groupId>xerces</groupId>
<artifactId>xercesImpl</artifactId>
</exclusion>
<exclusion>
<groupId>xml-security</groupId>
<artifactId>xmlsec</artifactId>
</exclusion>
<exclusion>
<groupId>xml-apis</groupId>
<artifactId>xml-apis</artifactId>
</exclusion>
</exclusions>

<dependencies>
<dependency>
<groupId>org.apache.xalan</groupId>
<artifactId>xalan</artifactId>
<version>$

{xalan.version}

</version>
</dependency>
<dependency>
<groupId>org.apache.xerces</groupId>
<artifactId>xercesImpl</artifactId>
<version>$

{xercesImpl.version}

</version>
</dependency>
<dependency>
<groupId>org.apache.santuario</groupId>
<artifactId>xmlsec</artifactId>
<version>$

{xmlsec.version}</version>
</dependency>
<dependency>
<groupId>org.apache.santuario</groupId>
<artifactId>xmlsec</artifactId>
<version>${xmlsec.version}

</version>
</dependency>
</dependencies>

</dependency>
</dependencies>
</dependencyManagement>

Activity

Hide
Permalink
Karl Isenberg added a comment -

Could call them "inclusions". I often want to do this when using Spring Enterprise Bundle Repository replacements with different artifactIds.

Show
Karl Isenberg added a comment - Could call them "inclusions". I often want to do this when using Spring Enterprise Bundle Repository replacements with different artifactIds.

People

  • Assignee:
    Unassigned
    Reporter:
    Maarten Billemont
Vote (1)
Watch (1)

Dates

  • Created:
    Updated: