Is it possible using the m2e maven plugin for eclipse (or some other easy way), to figure out which <dependency> entry in my POM is the reason for a given .jar to be added to the classpath. afaik right click only allows me to see the pom of the given artifact.
in this example the my pom looks like
<dependencies>
<dependency>
<groupId>eu.medsea.mimeutil</groupId>
<artifactId>mime-util</artifactId>
<version>2.1.1</version>
</dependency>
</dependencies>
so it's pretty easy to understand that who is responsible for adding the log4j things
Open the POM in the m2e POM editor (should happen by default), click Dependency Hierarchy, type the name of the offending dependency into the filter box. It will highlight the dependency that drags it in.
Oh well figured it ..
right click->maven->exclude maven artifact would place a nice exclusion element on the dependency causing the inclusion
<dependencies>
<dependency>
<groupId>eu.medsea.mimeutil</groupId>
<artifactId>mime-util</artifactId>
<version>2.1.1</version>
<exclusions>
<exclusion>
<artifactId>slf4j-api</artifactId>
<groupId>org.slf4j</groupId>
</exclusion>
</exclusions>
</dependency>
</dependencies>
Related
I want to use ESAPI in my project and have added following dependency in the pom.xml
pom.xml with dependency:
<dependency>
<groupId>org.owasp.encoder</groupId>
<artifactId>encoder</artifactId>
<version>1.2.3</version>
</dependency>
<dependency>
<groupId>org.owasp.esapi</groupId>
<artifactId>esapi</artifactId>
<version>2.5.0.0</version>
</dependency>
But when I import org.owasp.esapi.* intellij give me warning as shown in image.
I want to use ESAPI logger to prevent CRLF injection possibilities in log statements.
My current project uses slf4j.Logger
I am very new to this ESAPI and OWASP and have never used it and have tried from here
https://github.com/ESAPI/esapi-java-legacy/wiki/Using-ESAPI-with-SLF4J#configuring-esapi-to-use-slf4j
Please tell me if im doing something wrong and how to correctly use ESAPI in project.
Hmm. What JDK are you using with IntelliJ? Java 8 or later is required as of 2.4.0.0. That's the only thing that I can think of that would cause this behavior. Looks okay otherwise. Did you check if the esapi-2.5.0.0.jar got pulled down? Because it's either not finding that or it's not compatible with the Java version that your IntelliJ IDE is using.
Well i found that I was adding this dependency in <dependencyManagement> tag instead of <dependencies> tag, that's why it wasn't downloading from the repository.
Previous:
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.owasp.esapi</groupId>
<artifactId>esapi</artifactId>
<version>2.5.0.0</version>
</dependency>
</dependencies>
</dependencyManagement>
after fix:
<dependencies>
<dependency>
<groupId>org.owasp.esapi</groupId>
<artifactId>esapi</artifactId>
<version>2.5.0.0</version>
</dependency>
</dependencies>
Whats the difference in <dependencies> and <dependencyManagement> please refer this Differences between dependencyManagement and dependencies in Maven
Migrating an old ERP system to JPMS turned out to be highly problematic (Java 11 Eclipse finds automatic module, Maven does not), so I decided to first try and simply replace Java 8 with Java 11, but keep everything on the classpath by not introducing any module-info.java files. That actually went quite smoothly; Maven is compiling this without problems, and the resulting application also starts from the command line.
But when I import that Maven project into Eclipse 2019-03 it complains about a.o. java.xml packages, for example this import:
import javax.xml.namespace.QName;
This makes sense, because the JRE is modularized, and those classes are in the java.xml module which I am not included. But why is Maven then compiling correctly AND the application starting under J11?
I suspect I need to tell Eclipse to "--add-modules=ALL-SYSTEM" for this project, but I'm not sure where or how. I've tried moving all the JDK/JRE modules in the build-path/libraries from implicit to explicit, but that does not help.
You probably have some redundant xml api jars on the classpath and javac (incorrectly) doesn't complain because of JDK-8215739, but Eclipse already (correctly) does after bug 536928
At runtime, the JVM seems to ignore packages on the classpath that already appear in a named module, so javac's behaviour is actually consistent with that.
To fix your problem: Try "Open Type" to find any copies of javax.xml.namespace.QName in jars on your classpath and exclude those dependencies in your pom.xml
"Try "Open Type" to find any copies of javax.xml.namespace.QName in jars on your classpath and exclude those dependencies in your pom.xml"
This was also the solution for my problem.In my case, I had to exclude "org.apache.axis" from axis and add a separated dependency for javax.xml.rpc
<dependency>
<groupId>axis</groupId>
<artifactId>axis</artifactId>
<version>1.4</version>
<exclusions>
<exclusion>
<groupId>axis</groupId>
<artifactId>axis-wsdl4j</artifactId>
</exclusion>
<exclusion>
<groupId>org.apache.axis</groupId>
<artifactId>axis-jaxrpc</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>javax.xml.rpc</groupId>
<artifactId>javax.xml.rpc-api</artifactId>
<version>1.1.2</version>
</dependency>
for any poor souls still working with axis 1.3, the group id you need to exclude is just axis
<dependency>
<groupId>axis</groupId>
<artifactId>axis</artifactId>
<version>1.3</version>
<exclusions>
<exclusion>
<groupId>axis</groupId>
<artifactId>axis-wsdl4j</artifactId>
</exclusion>
<exclusion>
<groupId>axis</groupId>
<artifactId>axis-jaxrpc</artifactId>
</exclusion>
</exclusions>
</dependency>
I have several dependencies in my pom that pull in an unwanted jar so the same exclusion is set on them:
<dependencies>
<dependency>
<groupId>some.group</groupId>
<artifactId>some-artifact-1</artifactId>
<version>1</version>
<exclusions>
<exclusion>
<groupId>annoying.group</groupId>
<artifactId>unwanted-artifact</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>some.other.group</groupId>
<artifactId>some-artifact-2</artifactId>
<version>1</version>
<exclusions>
<exclusion>
<groupId>annoying.group</groupId>
<artifactId>unwanted-artifact</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>another.group</groupId>
<artifactId>some-artifact-3</artifactId>
<version>1</version>
<exclusions>
<exclusion>
<groupId>annoying.group</groupId>
<artifactId>unwanted-artifact</artifactId>
</exclusion>
</exclusions>
</dependency>
.
.
.
<dependencies>
The problem is my poms have dozens of dependencies so there are potentially more that pull in the unwanted jar. I'm not sure how to discern the dependencies that don't pull in that unwanted dependency from those who do.
My workflow right now is:
Look through my pom and add the exclusion on the dependencies that look like they might need it (judging from the artifact and group IDs).
Confirm the jar is no longer in my project's Maven Dependencies list in Eclipse
Add more exclusions until the jar is gone if it isn't already.
Painfully go through each dependency I gave an exclusion to and switch the exclusion off to confirm whether the exclusion is actually needed.
My question is: is there a better way? Is there a way to set a general exclusion in my pom so I don't have to repeat the same exclusion over and over again? Or is there a better workflow to exclude this unwanted jar?
I'm using Maven 3.0.4
Sadly, there is no way to avoid this. 'Global' dependency exclusion has been discussed but never implemented.
I have a maven project with a dependency (datanucleus-db4o). This dependency has itself a dependency on db4o (db4o:db4o:jar:7.12.126.14142-all-java5).
Now maven says:
09.09.10 19:43:09 MESZ: Missing artifact db4o:db4o:jar:7.12.126.14142-all-java5:compile
I am new to maven. Is it right that datanucleus-db4o defines its own dependency with a specific version number? Is this a good way? m2eclipse can't download it. I downloaded a newer Version of db4o and added it to the classpath. Maven keeps writing about the missing artifact.
Also I've got NoClassDefFound errors when I launch my application. This leads me to the other question:
Am I doing something wrong?
Thanks in advance.
Here is the relevant part of the pom.xml...
<dependency>
<groupId>org.datanucleus</groupId>
<artifactId>datanucleus-core</artifactId>
<version>2.2.0-m1</version>
<type>jar</type>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.datanucleus</groupId>
<artifactId>datanucleus-db4o</artifactId>
<version>2.1.1</version>
<type>jar</type>
<scope>compile</scope>
</dependency>
and here is the relevant part of the pom.xml of
<dependency>
<groupId>db4o</groupId>
<artifactId>db4o</artifactId>
<version>7.12.126.14142-all-java5</version>
</dependency>
Is it right that datanucleus-db4o defines its own dependency with a specific version number? Is this a good way?
I'm not sure I understood the question... Anyway, there is indeed something wrong with the db4o:db4o dependency of the datanucleus-db4o artifact: it is not available in Maven central nor in the DataNucleus repository. I don't understand how users are supposed to use the datanucleus-db4o artifact.
I downloaded a newer Version of db4o and added it to the classpath. Maven keeps writing about the missing artifact.
Not sure what you did exactly but maybe the following will work: exclude the dependency that can't be resolved and replace it with some equivalent from the db4o repository.
<dependencies>
...
<dependency>
<groupId>org.datanucleus</groupId>
<artifactId>datanucleus-db4o</artifactId>
<version>2.1.1</version>
<type>jar</type>
<scope>compile</scope>
<exclusions>
<exclusion>
<groupId>db4o</groupId>
<artifactId>db4o</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>com.db4o</groupId>
<artifactId>db4o-full-java5</artifactId>
<version>7.12-SNAPSHOT</version>
</dependency>
</dependencies>
<repositories>
...
<repository>
<id>db4o</id>
<url>https://source.db4o.com/maven</url>
</repository>
</repositories>
I have no idea if this will work of course.
Also I've got NoClassDefFound errors when I launch my application. This leads me to the other question:
Can't say since you didn't post the error. But give the above a try.
The required file is not in the maven repositories, but it is in the datanucleus zip file (that one with all dependencies). Look into the /deps folder.
I unpacked it and installed it into the local maven repository with this command:
./mvn install:install-file -Dfile=/home/myUser/Downloads/db4o-7.12.126.14142-all-java5.jar -DgroupId=db4o -DartifactId=db4o -Dversion=7.12.126.14142-all-java5 -Dpackaging=jar
After that it is found by maven. Now there are other problems going on. I'll try to solve them myself...
Seems like the JDO or Datanucleus stuff is not well organized at the moment. I think they refactored some classes and now they can't be found at some versions and implementations are incompatible with the api and such stuff.
I want to use the apache commons configuration jars in my Maven project.
When I add it using m2Eclipse it produces this:
<dependency>
<groupId>commons-configuration</groupId>
<artifactId>commons-configuration</artifactId>
<version>20041012.002804</version>
<type>jar</type>
<scope>compile</scope>
</dependency>
This seems fine but it then givers me the error:
Missing artifact resources:resources:jar:1.0:compile
Can anyone help please?
Looks like you need to choose a reliable version. That one seems to be a snapshot build. Here is the excerpt from my project.
<dependency>
<groupId>commons-configuration</groupId>
<artifactId>commons-configuration</artifactId>
<version>1.6</version>
<type>jar</type>
<scope>compile</scope>
</dependency>