I'm willing to bet this problem is caused by using the full Spring dependency rather than fine-grained Spring dependencies. I use the full Spring dependency and have experienced this issue as well. It's too bad there's not a way in Maven to say "this JAR overrides all others".
Here's what I've been doing: <dependency> <groupId>org.acegisecurity</groupId> <artifactId>acegi-security-tiger</artifactId> <version>${acegi.version}</version> <exclusions> <exclusion> <groupId>org.springframework</groupId> <artifactId>spring-aop</artifactId> </exclusion> <exclusion> <groupId>org.springframework</groupId> <artifactId>spring-dao</artifactId> </exclusion> <exclusion> <groupId>org.springframework</groupId> <artifactId>spring-jdbc</artifactId> </exclusion> <exclusion> <groupId>org.springframework</groupId> <artifactId>spring-remoting</artifactId> </exclusion> <exclusion> <groupId>org.springframework</groupId> <artifactId>spring-support</artifactId> </exclusion> </exclusions> </dependency> .... <dependency> <groupId>org.springframework</groupId> <artifactId>spring</artifactId> <version>${spring.version}</version> <!-- commons-logging 1.1. has invalid dependencies --> <exclusions> <exclusion> <groupId>avalon-framework</groupId> <artifactId>avalon-framework</artifactId> </exclusion> <exclusion> <groupId>log4j</groupId> <artifactId>log4j</artifactId> </exclusion> <exclusion> <groupId>logkit</groupId> <artifactId>logkit</artifactId> </exclusion> <exclusion> <groupId>javax.servlet</groupId> <artifactId>servlet-api</artifactId> </exclusion> <exclusion> <groupId>junit</groupId> <artifactId>junit</artifactId> </exclusion> </exclusions> </dependency> This isn't the "Maven way" as they recommend using Spring's fine-grained dependencies. However, I've found that the fine-grained dependencies refer to artifacts that aren't in the Maven repos - so the this way seems more pragmatic to me. ;-) Hope this helps, Matt On 2/16/07, Bertrand Renuart <[EMAIL PROTECTED]> wrote: > > On 2/16/07, Kyle Mallory <[EMAIL PROTECTED]> wrote: > > > Carlos, > > > > > > > exclusions are for things you DON'T want. If you exclude a dependency, > > > > that one and all its children will be excluded, so you don't need to > > > > go one by one > > > > if you want a different version you have to explicitly add that as a > > > > dependency and maven will use YOUR version instead of the one that > > > > acegi uses > > > > > > That it not what is happening. If I specify two separate dependencies > > > for Spring-2.0.2, and Acegi-Security-1.0.3, I get BOTH Spring 2.0.2 AND > > > Spring 1.2.8, as well as all of the 1.2.8 submodules. > > > > > > sorry, but i have to say here that you are wrong. That doesn't happen > > as you say, if you post the output of mvn -X compile i'll point you > > what you're doing wrong > > > > > Before saying Kyle is wrong you probably had better to test it... > Give a try the following POM: > > <project> > <modelVersion>4.0.0</modelVersion> > <groupId>test</groupId> > <artifactId>test</artifactId> > <packaging>war</packaging> > <version>1.0-SNAPSHOT</version> > > <dependencies> > <dependency> > <groupId>org.springframework</groupId> > <artifactId>spring-webmvc</artifactId> > <version>2.0.2</version> > </dependency> > <dependency> > <groupId>org.acegisecurity</groupId> > <artifactId>acegi-security</artifactId> > <version>1.0.3</version> > </dependency> > </dependencies> > </project> > > Just do a 'mvn package' - of course Maven will complain because the WAR > structure is incorrect but you will get the resolved libraries in the > target/test-1.0-SNAPSHOT/WEB-INF/lib. Have a look and you will notice some > 1.2.8 Spring libraries are included. > > The reason is quite straightforward if you know how Maven resolves > transitive dependencies... and if you look at the Acegi parent pom. > > /Bertrand > > > > ------------------------------------------------------------------------- > Take Surveys. Earn Cash. Influence the Future of IT > Join SourceForge.net's Techsay panel and you'll get the chance to share your > opinions on IT & business topics through brief surveys-and earn cash > http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV > _______________________________________________ > Home: http://acegisecurity.org > Acegisecurity-developer mailing list > Acegisecurity-developer@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer > -- http://raibledesigns.com ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer