maven-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Maarten Billemont (JIRA)" <j...@codehaus.org>
Subject [jira] Created: (MNG-4513) Add "additions"/"depedencies" to "dependency" element in "dependencyManagement".
Date Fri, 01 Jan 2010 19:58:55 GMT
Add "additions"/"depedencies" to "dependency" element in "dependencyManagement".
--------------------------------------------------------------------------------

                 Key: MNG-4513
                 URL: http://jira.codehaus.org/browse/MNG-4513
             Project: Maven 2 & 3
          Issue Type: New Feature
          Components: Dependencies
    Affects Versions: 2.2.1
            Reporter: Maarten Billemont


Quite often we need ugly hacks in our poms because of broken dependencies in artifacts we
depend on.

For example, org.apache.ws.security:wss4j depends on xalan:xalan, but that dependency is outdated
or badly maintained (not sure now, but irrelevant); so we need to exclude it and replace it
with org.apache.xalan:xalan.  Only; we can't do this from our dependencyManagement section
for all our project modules, no, we can exclude xalan:xalan, but for EACH module that uses
wss4j, we need to MANUALLY specify the dependency on org.apache.xalan:xalan; even though this
SHOULD be a transitional dependency from wss4j.  This is dirty and causes unacceptable bugs
and maintenance when artifact dependencies change or artifacts are distributed to third parties.

To fix this, we need to either host our own fixed version of wss4j, or Maven would have to
introduce a method of doing BOTH the exclusion of xalan:xalan AND the addition of org.apache.xalan:xalan
to the wss4j artifact from the dependencyManagement section.  Personally; I'm not sure it
makes much sense supporting only one of the two.

In this example, I'd like to see the following in my project's parent pom:

<dependencyManagement>
  <dependencies>
    <dependency>
        <groupId>org.apache.ws.security</groupId>
        <artifactId>wss4j</artifactId>
        <version>${wss4j.version}</version>

        <exclusions>
            <!-- We use org.apache.* instead -->
            <exclusion>
                <groupId>xalan</groupId>
                <artifactId>xalan</artifactId>
            </exclusion>
            <exclusion>
                <groupId>xerces</groupId>
                <artifactId>xercesImpl</artifactId>
            </exclusion>
            <exclusion>
                <groupId>xml-security</groupId>
                <artifactId>xmlsec</artifactId>
            </exclusion>
            <exclusion>
                <groupId>xml-apis</groupId>
                <artifactId>xml-apis</artifactId>
            </exclusion>
        </exclusions>

        <dependencies>
            <dependency>
                <groupId>org.apache.xalan</groupId>
                <artifactId>xalan</artifactId>
                <version>${xalan.version}</version>
            </dependency>
            <dependency>
                <groupId>org.apache.xerces</groupId>
                <artifactId>xercesImpl</artifactId>
                <version>${xercesImpl.version}</version>
            </dependency>
            <dependency>
                <groupId>org.apache.santuario</groupId>
                <artifactId>xmlsec</artifactId>
                <version>${xmlsec.version}</version>
            </dependency>
            <dependency>
                <groupId>org.apache.santuario</groupId>
                <artifactId>xmlsec</artifactId>
                <version>${xmlsec.version}</version>
            </dependency>
        </dependencies>

    </dependency>
  </dependencies>
</dependencyManagement>

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message