axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Aman Mishra (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (AXIS2-5959) Axis2 has dependency on "Commons HttpClient project", which is now end of life, and is no longer being developed.
Date Mon, 24 Jun 2019 14:49:00 GMT

    [ https://issues.apache.org/jira/browse/AXIS2-5959?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16871249#comment-16871249
] 

Aman Mishra commented on AXIS2-5959:
------------------------------------

[~robertlazarski] : Thanks for your valuable inputs. I can see the new support for HttpClient
4.x, use {{org.apache.axis2.transport.http.impl.httpclient4.HTTPClient4TransportSender}}instead
of {{org.apache.axis2.transport.http.CommonsHTTPTransportSender}} in {{axis2.xml}}. 

But as I have mentioned earlier also that in pom.xml of axis2-osgi bundle of 1.7.8 we can
clearly see the dependency of "org.apache.commons.httpclient.*". So this dependency must be
satisfied to make the axis2-osgi bundle up. And we don't want to use any dependent jar in
our project which contains org.apache.commons.httpclient.* package. So if we don't provide
the dependency org.apache.commons.httpclient.* in our project our axis2-osgi bundle is not
coming up. 

We have downloaded the source code of axis2-17.8 and tried to modified the "osgi" module pom
by making the package "org.apache.commons.httpclient.*" as optional, but still it is demanding
the same dependency. Then we tried to completely remove this package from pom.xml after that
build was not successful. Because this dependency is directly used by some classes like:

org/apache/axis2/transport/http/impl/httpclient3/HttpTransportPropertiesImpl$Authenticator.class,
org/apache/axis2/transport/http/impl/httpclient3/HttpTransportPropertiesImpl.class, org/apache/axis2/transport/http/impl/httpclient3/HTTPSenderImpl.class,
org/apache/axis2/transport/http/impl/httpclient3/HTTPProxyConfigurator.class, org/apache/axis2/transport/http/CommonsHTTPTransportSender.class,
org/apache/axis2/transport/http/impl/httpclient3/RESTRequestEntityImpl.class, org/apache/axis2/transport/http/impl/httpclient3/HTTPTransportHeaders.class,
org/apache/axis2/transport/http/impl/httpclient3/RESTRequestEntity2Impl.class, org/apache/axis2/transport/http/impl/httpclient3/AxisRequestEntityImpl.class,
org/apache/axis2/transport/http/util/HTTPProxyConfigurationUtil.class, org/apache/axis2/transport/http/security/SSLProtocolSocketFactory.class,
org/apache/axis2/transport/http/AxisServlet.class, org/apache/axis2/transport/http/impl/httpclient3/HTTPProxcyConfigurator.class

 So, please tell me a way so that I can remove the jar from my project which is providing
the org.apache.commons.httpclient.* package?

> Axis2 has dependency on "Commons HttpClient project", which is now end of life, and is
no longer being developed. 
> ------------------------------------------------------------------------------------------------------------------
>
>                 Key: AXIS2-5959
>                 URL: https://issues.apache.org/jira/browse/AXIS2-5959
>             Project: Axis2
>          Issue Type: Bug
>            Reporter: Aman Mishra
>            Priority: Critical
>         Attachments: pom.xml
>
>
> We are using axis2 version 1.7.8 ( *org.apache.axis2.osgi-1.7.8.jar* ) in our project,
we can see that in this project pom.xml under <Import-Package> section, dependency on
"Commons HttpClient project". This dependency is there in the form of *"org.apache.commons.httpclient.*,".* The
same thing we have seen in axis2 latest jar 1.7.9. 
> Now as we know this "Commons HttpClient project" is already ended of its life long back
and its no longer being developed. 
> So, please change this package dependency to Apache HttpComponents project in its HttpClient [org.apache.httpcomponents:httpclient].
(httpclient-4.5.9.jar). 
> +*Note:*+ Right now we are supplying the dependency "*org.apache.commons.httpclient"* to
"*org.apache.axis2.osgi-1.7.8.jar"* by "com.springsource.org.apache.commons.httpclient-3.1.0.jar".
Now in Nexus vulnerability report "com.springsource.org.apache.commons.httpclient-3.1.0.jar"
is showing as vulnerable. So we want to remove this jar. But after removing this jar "*org.apache.axis2.osgi-1.7.8.jar"* osgi
bundle is not up due to unsatisfied dependency of package "*org.apache.commons.httpclient".* We
have tried to provide the dependency by using httpclient-4.5.9.jar but this has different
package hierarchy as it required in the form "*org.apache.commons.httpclient".* 
> So please change this dependency according to latest apache jar httpclient-4.5.9.jar.
> For Reference: Attaching pom.xml of Axis2 1.7.8 project.
>  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: java-dev-help@axis.apache.org


Mime
View raw message