Maven Dependancy Exclusion

Consider the case where you are using the Log4J2 however the logger you are trying to add into the file brings in log4j1.x.

You are missing a bunch of new functionality because logger still refers to old version.

Obvious so you need to remove the Transitive dependency but how to identify the transitive dependencies

mvn dependency:tree -Dverbose -Dincludes=log4j:log4j

[groupId]:[artifactId]:[type]:[version]

http://maven.apache.org/plugins/maven-dependency-plugin/examples/filtering-the-dependency-tree.html

will show you the dependency-tree, but only the relevant excerpt. Using this information you can now add your exclusions to the affected pom.xml files

Eg:

<!-- CXF Dependancies --><dependency>
    <groupId>org.apache.cxf</groupId>
    <artifactId>cxf-java2wadl-plugin</artifactId>
    <version>${cxf-version}</version>
    <exclusions>
        <exclusion>
            <groupId>log4j</groupId>
            <artifactId>log4j</artifactId>
        </exclusion>
    </exclusions>
</dependency>


Then you can enforce that the dependency needs to be some version and above 



<build>



    <plugins>



        <plugin>



            <groupId>org.apache.maven.plugins</groupId>



            <artifactId>maven-enforcer-plugin</artifactId>



            <version>1.3.1</version>



            <executions>



                <execution>



                    <id>enforce-version</id>



                    <goals>



                        <goal>enforce</goal>



                    </goals>



                    <configuration>



                        <rules>



                            <bannedDependencies>



                                <excludes>



                                    <!-- exclude all versions lower than 1.2.17-->                                   



                                    <exclude>log4j:log4j:[0.0,1.2.17)</exclude>



                                </excludes>



                            </bannedDependencies>



                        </rules>



                    </configuration>



                </execution>



            </executions>



        </plugin>



    </plugins>



</build>













Finally run a Maven Site plugin to generate the Dependancy site.







https://maven.apache.org/plugins/maven-site-plugin/








IF you follow the steps it POM should be clean by now.

Comments

Post a Comment

Popular posts from this blog

'jasypt.encryptor.password' or one of ['jasypt.encryptor.privateKeyString', 'jasypt.encryptor.privateKeyLocation'] must be provided for Password-based or Asymmetric encryption

Image
      Intellij spring boot build failing not seeing the jasypt password. The same is working fine with the normal startup and is also working with mvn command.     Caused by: org.springframework.boot.context.properties.ConfigurationPropertiesBindException: Error creating bean with name 'spring.security-org.springframework.boot.autoconfigure.security.SecurityProperties': Could not bind properties to 'SecurityProperties' : prefix=spring.security, ignoreInvalidFields=false, ignoreUnknownFields=true; nested exception is org.springframework.boot.context.properties.bind.BindException: Failed to bind properties under 'spring.security.user.password' to java.lang.String Caused by: org.springframework.boot.context.properties.bind.BindException: Failed to bind properties under 'spring.security.user.password' to java.lang.String Caused by: org.springframework.cache.Cache$ValueRetrievalException: Value for key 'spring.security.user.password' could not be load...
Read more

Field or property 'jobParameters' cannot be found on object of type 'org.springframework.beans.factory.config.BeanExpressionContext' - Spring Batch

This Error happens when you are trying to retrieve a Job Execution parameter and inject it into a Bean. The bean can be anything a Task let, or a StatmentSetter the error can happen. E.g Implementation <bean id = "flatFileItemReader" scope="step" class="org.springframework.batch.item.file.FlatFileItemReader"> <property name = "resource" value = "#{jobParameters[input.file.name]}" /> </bean> The error is because of the Scope parameter missing Using a scope of  Step  is required in order to use late binding since the bean cannot actually be instantiated until the  Step  starts, which allows the attributes to be found. Because it is not part of the Spring container by default, the scope must be added explicitly. Check out the Documentation here ..  http://docs.spring.io/spring-batch/reference/html/configureStep.html#step-scope
Read more

Couldn't store job: Unable to serialize JobDataMap for insertion into database because the value of property 'jobLauncher' is not serializable

This occurs during the quartz - spring-batch integration when we are trying to pass in the JobLauncher object into the quartz class that extens the quartz bean. this can be overcome like below <bean id="fetchTransaction_quartz" class="org.springframework.scheduling.quartz.JobDetailFactoryBean"> <property name="jobClass" value="com.incomm.chase.settlement.quartz.FetchTransaction"> </property>   <property name="jobDataAsMap">       <map>       entry key="timeout" value="5"/>       <entry key="jobName" value="chaseSettlement"></entry>       <!--the entries added here will cause a serialization exception -->           <!--  <entry key="jobLocator" value-ref="jobRegistry"/>            <entry key="jobLauncher" value-ref="jobLauncher"/> -->      </map>  </pro...
Read more