Maven Dependancy Exclusion

Consider the case where you are using the Log4J2 however the dependency you are trying to add for CXF or something brings in log4j1.x.

You are missing a bunch of new functionality because logger still refers to old version.

Obvious  you need to remove the Transitive dependency but how to identify the transitive dependencies

mvn dependency:tree -Dverbose -Dincludes=log4j:log4j

[groupId]:[artifactId]:[type]:[version]

http://maven.apache.org/plugins/maven-dependency-plugin/examples/filtering-the-dependency-tree.html

will show you the dependency-tree, but only the relevant excerpt. Using this information you can now add your exclusions to the affected pom.xml files

Eg:

<!-- CXF Dependancies --><dependency>
    <groupId>org.apache.cxf</groupId>
    <artifactId>cxf-java2wadl-plugin</artifactId>
    <version>${cxf-version}</version>
    <exclusions>
        <exclusion>
            <groupId>log4j</groupId>
            <artifactId>log4j</artifactId>
        </exclusion>
    </exclusions>
</dependency>


Then you can enforce that the dependency needs to be some version and above 



<build>



    <plugins>



        <plugin>



            <groupId>org.apache.maven.plugins</groupId>



            <artifactId>maven-enforcer-plugin</artifactId>



            <version>1.3.1</version>



            <executions>



                <execution>



                    <id>enforce-version</id>



                    <goals>



                        <goal>enforce</goal>



                    </goals>



                    <configuration>



                        <rules>



                            <bannedDependencies>



                                <excludes>



                                    <!-- exclude all versions lower than 1.2.17-->                                   



                                    <exclude>log4j:log4j:[0.0,1.2.17)</exclude>



                                </excludes>



                            </bannedDependencies>



                        </rules>



                    </configuration>



                </execution>



            </executions>



        </plugin>



    </plugins>



</build>













Finally run a Maven Site plugin to generate the Dependancy site.







https://maven.apache.org/plugins/maven-site-plugin/








IF you follow the steps it POM should be clean by now.

Comments

Post a Comment

Popular posts from this blog

'jasypt.encryptor.password' or one of ['jasypt.encryptor.privateKeyString', 'jasypt.encryptor.privateKeyLocation'] must be provided for Password-based or Asymmetric encryption

Image
      Intellij spring boot build failing not seeing the jasypt password. The same is working fine with the normal startup and is also working with mvn command.     Caused by: org.springframework.boot.context.properties.ConfigurationPropertiesBindException: Error creating bean with name 'spring.security-org.springframework.boot.autoconfigure.security.SecurityProperties': Could not bind properties to 'SecurityProperties' : prefix=spring.security, ignoreInvalidFields=false, ignoreUnknownFields=true; nested exception is org.springframework.boot.context.properties.bind.BindException: Failed to bind properties under 'spring.security.user.password' to java.lang.String Caused by: org.springframework.boot.context.properties.bind.BindException: Failed to bind properties under 'spring.security.user.password' to java.lang.String Caused by: org.springframework.cache.Cache$ValueRetrievalException: Value for key 'spring.security.user.password' could not be load...
Read more

Field or property 'jobParameters' cannot be found on object of type 'org.springframework.beans.factory.config.BeanExpressionContext' - Spring Batch

This Error happens when you are trying to retrieve a Job Execution parameter and inject it into a Bean. The bean can be anything a Task let, or a StatmentSetter the error can happen. E.g Implementation <bean id = "flatFileItemReader" scope="step" class="org.springframework.batch.item.file.FlatFileItemReader"> <property name = "resource" value = "#{jobParameters[input.file.name]}" /> </bean> The error is because of the Scope parameter missing Using a scope of  Step  is required in order to use late binding since the bean cannot actually be instantiated until the  Step  starts, which allows the attributes to be found. Because it is not part of the Spring container by default, the scope must be added explicitly. Check out the Documentation here ..  http://docs.spring.io/spring-batch/reference/html/configureStep.html#step-scope
Read more

java.security.spec.InvalidKeySpecException: Only RSAPrivate(Crt)KeySpec and PKCS8EncodedKeySpec supported for RSA private keys

public PrivateKey getPrivateKey(String fileName) throws IOException, InvalidKeySpecException, NoSuchAlgorithmException { byte[] keyFileBytes = readKeyFile(fileName); X509EncodedKeySpec spec = new X509EncodedKeySpec(keyFileBytes); KeyFactory kf = KeyFactory.getInstance("RSA"); return kf.generatePrivate(spec); } The reason is this line, This is used to read public key spec and not private key. The private key is read via PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec ( keyBytes ); So as the error says it needs to be in PKCS8 spec format for java to understand.
Read more