I want to use ESAPI in my project and have added following dependency in the pom.xml
pom.xml with dependency:
<dependency>
<groupId>org.owasp.encoder</groupId>
<artifactId>encoder</artifactId>
<version>1.2.3</version>
</dependency>
<dependency>
<groupId>org.owasp.esapi</groupId>
<artifactId>esapi</artifactId>
<version>2.5.0.0</version>
</dependency>
But when I import org.owasp.esapi.* intellij give me warning as shown in image.
I want to use ESAPI logger to prevent CRLF injection possibilities in log statements.
My current project uses slf4j.Logger
I am very new to this ESAPI and OWASP and have never used it and have tried from here
https://github.com/ESAPI/esapi-java-legacy/wiki/Using-ESAPI-with-SLF4J#configuring-esapi-to-use-slf4j
Please tell me if im doing something wrong and how to correctly use ESAPI in project.
Hmm. What JDK are you using with IntelliJ? Java 8 or later is required as of 2.4.0.0. That's the only thing that I can think of that would cause this behavior. Looks okay otherwise. Did you check if the esapi-2.5.0.0.jar got pulled down? Because it's either not finding that or it's not compatible with the Java version that your IntelliJ IDE is using.
Well i found that I was adding this dependency in <dependencyManagement> tag instead of <dependencies> tag, that's why it wasn't downloading from the repository.
Previous:
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.owasp.esapi</groupId>
<artifactId>esapi</artifactId>
<version>2.5.0.0</version>
</dependency>
</dependencies>
</dependencyManagement>
after fix:
<dependencies>
<dependency>
<groupId>org.owasp.esapi</groupId>
<artifactId>esapi</artifactId>
<version>2.5.0.0</version>
</dependency>
</dependencies>
Whats the difference in <dependencies> and <dependencyManagement> please refer this Differences between dependencyManagement and dependencies in Maven
Related
I'm helping a friend configure a maven project with m2eclipse for the first time. We're both pretty unfamiliar with it and are encountering an issue where even though a dependency jar is showing up with packages in it under "maven dependencies" in the Project directory, if we try to import anything from any of that jar's packages, it can't find the class.
I noticed that the jars that are having issues are gray and not as opaque as the rest of the jars that are working.
What's strange is if you hover of the class name in the import, it shows a brief description of the class (from the documentation in the jar!) but it won't let me import it. All the other maven dependencies can be imported fine. Any ideas? We can't seem to even find what the darker icon means.
Also, the pom.xml is dead simple:
http://maven.apache.org/xsd/maven-4.0.0.xsd">
4.0.0
<groupId>com.something.portal.test</groupId>
<artifactId>PortalFrontEndTests</artifactId>
<version>0.0.1-SNAPSHOT</version>
<packaging>jar</packaging>
<name>PortalFrontEndTests</name>
<url>http://maven.apache.org</url>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
</properties>
<dependencies>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>3.8.1</version>
<scope>test</scope>
</dependency>
<!-- Selenium -->
<dependency>
<groupId>org.seleniumhq.selenium</groupId>
<artifactId>selenium-java</artifactId>
<version>2.53.1</version>
</dependency>
<!-- TestNG -->
<dependency>
<groupId>org.testng</groupId>
<artifactId>testng</artifactId>
<version>6.11</version>
<scope>test</scope>
</dependency>
</dependencies>
</project>
I'm not sure what I'm missing here
open your pom.xml file
check for the name of the grayed out jar file
change
<scope>test</scope>
to
<scope>compile</scope>
I found the issue. It was because I had the class in the source directory instead of the test directory and both of the maven dependencies had been marked as "Visible only to test"
I had the same problem when i used the <scope>test</scope> in the maven pom.
It seems as if the newer Eclipse/Java versions do have a new Attribute :
<classpathentry kind="src" output="target/test-classes" path="src/test/java/...">
<attributes>
<attribute name="test" value="true"/>
</attributes>
</classpathentry>
This should be enabled in the Java Build Path Settings:
Image showing "Containts test sources" option from build path menu
After enabling this i got rid of all the compiler errors.
check for your dependency scope in POM file
compile, provided, system and test these were the available test
test -> compile would change your dependencies from grey to white.
If your dependency is for test scope then that dependency is not available for normal use in application whereas compile scope sets that dependency in class path of your project.
I am not sure on the grayed out part. If this is the feature because it suggest that Testing class should be under /test rather /src.
However, solution to your problem is scope of plugin, change it to compile and you will be good to go.
i.e. replace test with compile:
<scope>test</scope>
<scope>compile</scope>
That's it. you will not get any error for import testing packages.
Just removing the Scope will work. I tried as the following:
<dependency>
<groupId>org.junit.jupiter</groupId>
<artifactId>junit-jupiter-api</artifactId>
<version>5.8.0-M1</version>
</dependency>
I am also faced the same problem
set scope to compile or remove scope
open maven dependencies
right click on dependency and click download resources
I'm trying to run a maven project using Oxygen.1 a release. I have the cucumber plugin installed. But when I run the default feature file, I'm getting an error Error: Could not find or load main class cucumber.api.cli.Main
Please help!
I've never used Cucumber, but I guess you need to add it as a dependency to your Maven pom.xml as described in the Cucumber JVM documentation.
The Eclipse plugin adds syntax highlighting, content assists and other IDE related convenience. But you still need to tell the JVM where to find the Cucumber classes and in a Maven project this is defined by the dependencies in pom.xml.
You may rise a feature request at the Cucumber-Eclipse issue tracker to extend the plugin to allow adding the dependency to Maven projects automatically.
Add these dependencies to the pom.xml and the issue gets resolved. I was trying with the latest versions so was facing this problem. When I changed the version then it worked for me.
<dependencies>
<!-- https://mvnrepository.com/artifact/io.cucumber/cucumber-java -->
<dependency>
<groupId>io.cucumber</groupId>
<artifactId>cucumber-java</artifactId>
<version>2.3.1</version>
</dependency>
<!-- https://mvnrepository.com/artifact/io.cucumber/cucumber-junit -->
<dependency>
<groupId>io.cucumber</groupId>
<artifactId>cucumber-junit</artifactId>
<version>2.3.1</version>
</dependency>
<!-- https://mvnrepository.com/artifact/net.masterthought/cucumber-reporting -->
<dependency>
<groupId>net.masterthought</groupId>
<artifactId>cucumber-reporting</artifactId>
<version>3.14.0</version>
</dependency>
<!-- https://mvnrepository.com/artifact/io.cucumber/gherkin -->
<dependency>
<groupId>info.cukes</groupId>
<artifactId>gherkin</artifactId>
<version>2.12.2</version>
</dependency>
<!-- https://mvnrepository.com/artifact/org.seleniumhq.selenium/selenium-java -->
<dependency>
<groupId>org.seleniumhq.selenium</groupId>
<artifactId>selenium-java</artifactId>
<version>3.14.0</version>
</dependency>
</dependencies>
I want to use an external BOM to manage dependency versions for my project in SBT.
For example, the AWS Java SDK publishes a bill-of-materials artifact to their maven repository: https://mvnrepository.com/artifact/com.amazonaws/aws-java-sdk-bom/1.11.86
I can use it to manage versions of dependencies in the AWS SDK. In Maven I can do this by adding the BOM to my <dependencyManagement> section like so:
<dependencyManagement>
<dependencies>
<dependency>
<groupId>com.amazonaws</groupId>
<artifactId>aws-java-sdk-bom</artifactId>
<version>1.11.86</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>
Then when I want to use a module that's covered in the BOM I can omit the version and the BOM will resolve it for me:
<dependencies>
<dependency>
<groupId>com.amazonaws</groupId>
<artifactId>aws-java-sdk-s3</artifactId>
</dependency>
<dependency>
<groupId>com.amazonaws</groupId>
<artifactId>aws-java-sdk-sns</artifactId>
</dependency>
</dependencies>
Similarly in Gradle, I can use the BOM to manage dependencies for me using this plugin, like so:
apply plugin: "io.spring.dependency-management"
dependencyManagement {
imports {
mavenBom 'com.amazonaws:aws-java-sdk-bom:1.11.86'
}
}
dependencies {
compile 'com.amazonaws:aws-java-sdk-sns'
compile 'com.amazonaws:aws-java-sdk-s3'
}
Is there a similar plugin for SBT?
I'm looking for the same and have searched in a lot of place.
Most interesting thing I found is it looks like there is Open Ticket on SBT Project:
https://github.com/sbt/sbt/issues/4531
Can't wait that it's resolved !
Have you tried to use Ivy with sbt? It allows you to specify "get latest" by using rev="+"
<ivy-module version="2.0" xmlns:m="http://ant.apache.org/ivy/maven" xmlns:e="http://ant.apache.org/ivy/extras">
<dependencies>
<dependency org="com.amazonaws" name="aws-java-sdk-s3" rev="+" conf="compile->compile(*),master(*);runtime->runtime(*)" />
</dependencies>
</ivy-module>
See http://www.scala-sbt.org/1.0/docs/Library-Dependencies.html
If I understand you correctly, you can add this to your libraryDependencies:
"com.amazonaws" % "aws-java-sdk-bom" % "1.11.800" pomOnly()
You still have to put that version number in a variable and use it with the SDKs you actually want, unless someone knows the right magic to use to use in the revision field. I know you can go latest.release if you want the latest release version.
I am hoping to run an Akka project within an OSGi container (apache-servicemix-4.4.1-fuse-06-03) but am having a little trouble installing the dependent libraries. I have already installed akka-actor and config as follows:
osgi:install -s mvn:com.typesafe.akka/akka-actor/2.1-SNAPSHOT
osgi:install -s mvn:com.typesafe/config/0.4.1
But am unable to install scala-library (v2.9.2 required). I have tried creating my own bundle using the maven-bundle-plugin but to no avail and have googled round for ages.
Any help would be greatly appreciated.
If you're looking for a quick workaround, use the bundle from your Scala IDE/Eclipse for Scala 2.9.2. I did that for my Akka 2.1/Karaf POC and it worked fine. If you don't have one, download it from my lib folder here.
This was kindly uploaded after posting on the scala-users group:
https://github.com/guofengzh/scala-lang-osgi
The built binaries of scala-lang-osgi referred by #ben1729 is now available on our Bippo/Soluvas Nexus repository public repository: http://nexus.bippo.co.id/nexus/content/groups/public/
Feel free to browse our repository at http://nexus.bippo.co.id/nexus/
Usage:
<repository>
<id>bippo-nexus-public</id>
<url>http://nexus.bippo.co.id/nexus/content/groups/public/</url>
</repository>
then add one or all of them to your Maven POM file:
<dependency>
<groupId>org.scala-lang-osgi</groupId>
<artifactId>scala-library</artifactId>
<version>2.9.2</version>
</dependency>
<dependency>
<groupId>org.scala-lang-osgi</groupId>
<artifactId>scala-compiler</artifactId>
<version>2.9.2</version>
</dependency>
<dependency>
<groupId>org.scala-lang-osgi</groupId>
<artifactId>scala-dbc</artifactId>
<version>2.9.2</version>
</dependency>
<dependency>
<groupId>org.scala-lang-osgi</groupId>
<artifactId>scala-swing</artifactId>
<version>2.9.2</version>
</dependency>
Please let me know when a new version comes out so I can redeploy the newer artifacts to our repo.
Update: Scala OSGi 2.10-M6 is now available on our repository:
<dependency>
<groupId>org.scala-lang-osgi</groupId>
<artifactId>scala-library</artifactId>
<version>2.10.0-M6</version>
</dependency>
<dependency>
<groupId>org.scala-lang-osgi</groupId>
<artifactId>scala-compiler</artifactId>
<version>2.10.0-M6</version>
</dependency>
<dependency>
<groupId>org.scala-lang-osgi</groupId>
<artifactId>scala-dbc</artifactId>
<version>2.10.0-M2</version>
</dependency>
<dependency>
<groupId>org.scala-lang-osgi</groupId>
<artifactId>scala-swing</artifactId>
<version>2.10.0-M6</version>
</dependency>
It can work with Akka but using a patched Akka 2.1-M1 (see http://www.assembla.com/spaces/akka/tickets/2367-osgi-manifest-references-2-9-2 ).
The patched Akka is available in our repository as: (in Karaf URL)
mvn:com.typesafe.akka/akka-actor/2.1-M1/jar/patch2
Summary on Akka bug: Akka 2.1-M1 requires 2.10-M6, it doesn't work with 2.9.2 :
Error executing command: Error starting bundles:
nable to resolve 160.0: missing requirement [160.0] osgi.wiring.package; (&(osgi.wiring.package=scala.collection.convert)(version>=2.9.2)(!(version>=2.10.0)))
But it currently imports the wrong package versions:
scala.collection.convert;version="[2.9.2,2.10)",
scala.concurrent.util;version="[2.9.2,2.10)",
scala.concurrent.util.duration;version="[2.9.2,2.10)",
I have a maven project with a dependency (datanucleus-db4o). This dependency has itself a dependency on db4o (db4o:db4o:jar:7.12.126.14142-all-java5).
Now maven says:
09.09.10 19:43:09 MESZ: Missing artifact db4o:db4o:jar:7.12.126.14142-all-java5:compile
I am new to maven. Is it right that datanucleus-db4o defines its own dependency with a specific version number? Is this a good way? m2eclipse can't download it. I downloaded a newer Version of db4o and added it to the classpath. Maven keeps writing about the missing artifact.
Also I've got NoClassDefFound errors when I launch my application. This leads me to the other question:
Am I doing something wrong?
Thanks in advance.
Here is the relevant part of the pom.xml...
<dependency>
<groupId>org.datanucleus</groupId>
<artifactId>datanucleus-core</artifactId>
<version>2.2.0-m1</version>
<type>jar</type>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.datanucleus</groupId>
<artifactId>datanucleus-db4o</artifactId>
<version>2.1.1</version>
<type>jar</type>
<scope>compile</scope>
</dependency>
and here is the relevant part of the pom.xml of
<dependency>
<groupId>db4o</groupId>
<artifactId>db4o</artifactId>
<version>7.12.126.14142-all-java5</version>
</dependency>
Is it right that datanucleus-db4o defines its own dependency with a specific version number? Is this a good way?
I'm not sure I understood the question... Anyway, there is indeed something wrong with the db4o:db4o dependency of the datanucleus-db4o artifact: it is not available in Maven central nor in the DataNucleus repository. I don't understand how users are supposed to use the datanucleus-db4o artifact.
I downloaded a newer Version of db4o and added it to the classpath. Maven keeps writing about the missing artifact.
Not sure what you did exactly but maybe the following will work: exclude the dependency that can't be resolved and replace it with some equivalent from the db4o repository.
<dependencies>
...
<dependency>
<groupId>org.datanucleus</groupId>
<artifactId>datanucleus-db4o</artifactId>
<version>2.1.1</version>
<type>jar</type>
<scope>compile</scope>
<exclusions>
<exclusion>
<groupId>db4o</groupId>
<artifactId>db4o</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>com.db4o</groupId>
<artifactId>db4o-full-java5</artifactId>
<version>7.12-SNAPSHOT</version>
</dependency>
</dependencies>
<repositories>
...
<repository>
<id>db4o</id>
<url>https://source.db4o.com/maven</url>
</repository>
</repositories>
I have no idea if this will work of course.
Also I've got NoClassDefFound errors when I launch my application. This leads me to the other question:
Can't say since you didn't post the error. But give the above a try.
The required file is not in the maven repositories, but it is in the datanucleus zip file (that one with all dependencies). Look into the /deps folder.
I unpacked it and installed it into the local maven repository with this command:
./mvn install:install-file -Dfile=/home/myUser/Downloads/db4o-7.12.126.14142-all-java5.jar -DgroupId=db4o -DartifactId=db4o -Dversion=7.12.126.14142-all-java5 -Dpackaging=jar
After that it is found by maven. Now there are other problems going on. I'll try to solve them myself...
Seems like the JDO or Datanucleus stuff is not well organized at the moment. I think they refactored some classes and now they can't be found at some versions and implementations are incompatible with the api and such stuff.