[jira] [Commented] (MNG-7045) Drop CDI API from Maven

[Romain Manni-Bucau (Jira)]

    [ 
https://issues.apache.org/jira/browse/MNG-7045?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17244013#comment-17244013
 ] 

Romain Manni-Bucau commented on MNG-7045:
-----------------------------------------

Ok, here is a small reproducer:

 
{code:java}
<project>
  <modelVersion>4.0.0</modelVersion>

  <groupId>org.apache.maven.its.mng7045</groupId>
  <artifactId>test</artifactId>
  <version>1.0</version>

  <name>Maven Integration Test :: MNG-7045</name>
  <description>
    Do a maven exec-java which executes some cdi 2.0 code which would fail if 
maven leaks cdi-api 1.0.
  </description>

  <dependencies>
    <dependency>
      <groupId>org.apache.geronimo.specs</groupId>
      <artifactId>geronimo-jcdi_2.0_spec</artifactId>
      <version>1.3</version>
    </dependency>
  </dependencies>

  <build>
    <plugins>
      <plugin>
        <groupId>org.apache.maven.plugins</groupId>
        <artifactId>maven-compiler-plugin</artifactId>
        <version>3.8.1</version>
        <configuration>
          <source>8</source>
          <target>8</target>
          <encoding>UTF-8</encoding>
        </configuration>
      </plugin>
      <plugin>
        <groupId>org.codehaus.gmavenplus</groupId>
        <artifactId>gmavenplus-plugin</artifactId>
        <version>1.11.0</version>
        <executions>
          <execution>
            <id>run</id>
            <phase>process-classes</phase>
            <goals>
              <goal>execute</goal>
            </goals>
          </execution>
        </executions>
        <configuration>
          <scripts>
            <script><![CDATA[
println("InstanceSource=" + 
javax.enterprise.inject.Instance.class.getProtectionDomain().getCodeSource())
javax.enterprise.inject.Instance.class.getDeclaredMethod("stream")
          ]]></script>
          </scripts>
        </configuration>
        <dependencies>
          <dependency>
            <groupId>org.codehaus.groovy</groupId>
            <artifactId>groovy</artifactId>
            <version>3.0.7</version>
            <scope>runtime</scope>
          </dependency>
        </dependencies>
      </plugin>
    </plugins>
  </build>
</project>

{code}
if you run "mvn process-classes" it fails on 3.6.3 and works on 
4.0.0-alpha-1-SNAPSHOT.

The point is that as soon as you add decorator/interceptor, reflection will 
occur similarly to this main - this is why i dont even start a full container 
and just do a reflection check to ensure it uses the api specified in 
dependency.

It happens for plugin using ClassRealm as parent classloader of the runtime one 
(so exec one can be safe in several cases but not 100%) with the default parent 
first strategy.

> Drop CDI API from Maven
> -----------------------
>
>                 Key: MNG-7045
>                 URL: https://issues.apache.org/jira/browse/MNG-7045
>             Project: Maven
>          Issue Type: Bug
>          Components: core
>            Reporter: Romain Manni-Bucau
>            Priority: Major
>
> This is an old leak which triggered a lot of regressions and still triggers 
> bugs in mojos.
> Since there is on real justification in maven itself (@Typed is not since 
> there are alternative and cdi is not used in any piece of maven), let's drop 
> it.
> If  a plugin needs it, it already has it since cdi-api is outdated anyway.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)