Maven Dependancy Exclusion
Consider the case where you are using the Log4J2 however the dependency you are trying to add for CXF or something brings in log4j1.x.
You are missing a bunch of new functionality because logger still refers to old version.
Obvious you need to remove the Transitive dependency but how to identify the transitive dependencies
mvn dependency:tree -Dverbose -Dincludes=log4j:log4j
[groupId]:[artifactId]:[type]:[version]
http://maven.apache.org/plugins/maven-dependency-plugin/examples/filtering-the-dependency-tree.html
will show you the dependency-tree, but only the relevant excerpt. Using this information you can now add your exclusions to the affected pom.xml files
Eg:
<!-- CXF Dependancies --><dependency> <groupId>org.apache.cxf</groupId> <artifactId>cxf-java2wadl-plugin</artifactId> <version>${cxf-version}</version> <exclusions> <exclusion> <groupId>log4j</groupId> <artifactId>log4j</artifactId> </exclusion> </exclusions> </dependency>
Then you can enforce that the dependency needs to be some version and above
<
build
>
<
plugins
>
<
plugin
>
<
groupId
>org.apache.maven.plugins</
groupId
>
<
artifactId
>maven-enforcer-plugin</
artifactId
>
<
version
>1.3.1</
version
>
<
executions
>
<
execution
>
<
id
>enforce-version</
id
>
<
goals
>
<
goal
>enforce</
goal
>
</
goals
>
<
configuration
>
<
rules
>
<
bannedDependencies
>
<
excludes
>
<!-- exclude all versions lower than 1.2.17-->
<
exclude
>log4j:log4j:[0.0,1.2.17)</
exclude
>
</
excludes
>
</
bannedDependencies
>
</
rules
>
</
configuration
>
</
execution
>
</
executions
>
</
plugin
>
</
plugins
>
</
build
>
Finally run a Maven Site plugin
to generate the Dependancy site.https://maven.apache.org/plugins/maven-site-plugin/IF you follow the steps it POM should be clean by now.
Comments
Post a Comment