Re: [Acegisecurity-developer] Maven2 POM for Acegi-Security

Fri, 16 Feb 2007 14:30:40 -0800 

I'm willing to bet this problem is caused by using the full Spring
dependency rather than fine-grained Spring dependencies.  I use the
full Spring dependency and have experienced this issue as well.  It's
too bad there's not a way in Maven to say "this JAR overrides all
others".

Here's what I've been doing:

        <dependency>
            <groupId>org.acegisecurity</groupId>
            <artifactId>acegi-security-tiger</artifactId>
            <version>${acegi.version}</version>
            <exclusions>
                <exclusion>
                    <groupId>org.springframework</groupId>
                    <artifactId>spring-aop</artifactId>
                </exclusion>
                <exclusion>
                    <groupId>org.springframework</groupId>
                    <artifactId>spring-dao</artifactId>
                </exclusion>
                <exclusion>
                    <groupId>org.springframework</groupId>
                    <artifactId>spring-jdbc</artifactId>
                </exclusion>
                <exclusion>
                    <groupId>org.springframework</groupId>
                    <artifactId>spring-remoting</artifactId>
                </exclusion>
                <exclusion>
                    <groupId>org.springframework</groupId>
                    <artifactId>spring-support</artifactId>
                </exclusion>
            </exclusions>
        </dependency>

....

        <dependency>
            <groupId>org.springframework</groupId>
            <artifactId>spring</artifactId>
            <version>${spring.version}</version>
            <!-- commons-logging 1.1. has invalid dependencies -->
            <exclusions>
                <exclusion>
                    <groupId>avalon-framework</groupId>
                    <artifactId>avalon-framework</artifactId>
                </exclusion>
                <exclusion>
                    <groupId>log4j</groupId>
                    <artifactId>log4j</artifactId>
                </exclusion>
                <exclusion>
                    <groupId>logkit</groupId>
                    <artifactId>logkit</artifactId>
                </exclusion>
                <exclusion>
                    <groupId>javax.servlet</groupId>
                    <artifactId>servlet-api</artifactId>
                </exclusion>
                <exclusion>
                    <groupId>junit</groupId>
                    <artifactId>junit</artifactId>
                </exclusion>
            </exclusions>
        </dependency>

This isn't the "Maven way" as they recommend using Spring's
fine-grained dependencies.  However, I've found that the fine-grained
dependencies refer to artifacts that aren't in the Maven repos - so
the this way seems more pragmatic to me. ;-)

Hope this helps,

Matt

On 2/16/07, Bertrand Renuart <[EMAIL PROTECTED]> wrote:
> > On 2/16/07, Kyle Mallory <[EMAIL PROTECTED]> wrote:
> > > Carlos,
> > >
> > > > exclusions are for things you DON'T want. If you exclude a dependency,
> > > > that one and all its children will be excluded, so you don't need to
> > > > go one by one
> > > > if you want a different version you have to explicitly add that as a
> > > > dependency and maven will use YOUR version instead of the one that
> > > > acegi uses
> > >
> > > That it not what is happening.  If I specify two separate dependencies
> > > for Spring-2.0.2, and Acegi-Security-1.0.3, I get BOTH Spring 2.0.2 AND
> > > Spring 1.2.8, as well as all of the 1.2.8 submodules.
> >
> >
> > sorry, but i have to say here that you are wrong. That doesn't happen
> > as you say, if you post the output of mvn -X compile i'll point you
> > what you're doing wrong
> >
> >
> Before saying Kyle is wrong you probably had better to test it...
> Give a try the following POM:
>
> <project>
>   <modelVersion>4.0.0</modelVersion>
>   <groupId>test</groupId>
>   <artifactId>test</artifactId>
>   <packaging>war</packaging>
>   <version>1.0-SNAPSHOT</version>
>
>   <dependencies>
>     <dependency>
>       <groupId>org.springframework</groupId>
>       <artifactId>spring-webmvc</artifactId>
>       <version>2.0.2</version>
>     </dependency>
>     <dependency>
>       <groupId>org.acegisecurity</groupId>
>       <artifactId>acegi-security</artifactId>
>       <version>1.0.3</version>
>     </dependency>
>   </dependencies>
> </project>
>
> Just do a 'mvn package' - of course Maven will complain because the WAR
> structure is incorrect but you will get the resolved libraries in the
> target/test-1.0-SNAPSHOT/WEB-INF/lib. Have a look and you will notice some
> 1.2.8 Spring libraries are included.
>
> The reason is quite straightforward if you know how Maven resolves
> transitive dependencies... and if you look at the Acegi parent pom.
>
> /Bertrand
>
>
>
> -------------------------------------------------------------------------
> Take Surveys. Earn Cash. Influence the Future of IT
> Join SourceForge.net's Techsay panel and you'll get the chance to share your
> opinions on IT & business topics through brief surveys-and earn cash
> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
> _______________________________________________
> Home: http://acegisecurity.org
> Acegisecurity-developer mailing list
> Acegisecurity-developer@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
>


-- 
http://raibledesigns.com

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Home: http://acegisecurity.org
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer

Reply via email to