We are using spring boot 2.1.5 and starter parent as pom dependency.
Spring boot is using default logback for logging and we haven't explicitly switched to Log4j2 or changes any configurations. Below is our project dependency tree.
We have lot of lombok #log4j2 annotations in our project. But, we find in dependency tree we do not have any log4j2-core jar dependency (that has been found vulnerable to recent issues with log4j).
#Log4j2
#Service
#DependsOn("applicationDependencyCheck")
Is lombok #log4j2 not dependent on log4j2-core.jar. Is it correct to assume this would show up in maven dependency tree or are we missing something.
This is our lombok entry -
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<optional>true</optional>
</dependency>
Please share some insights.
thanks
In lombok documentation you can find it here https://projectlombok.org/api/lombok/extern/log4j/Log4j2.html
#Log4j2 public class LogExample { }
will generate:
public class LogExample {
private static final org.apache.logging.log4j.Logger log = org.apache.logging.log4j.LogManager.getLogger(LogExample.class); }
Both classes are present in log4j API jar
https://logging.apache.org/log4j/2.x/log4j-api/apidocs/org/apache/logging/log4j/LogManager.html
https://logging.apache.org/log4j/2.x/log4j-api/apidocs/org/apache/logging/log4j/Logger.html
There are no known vulnerabilities listed here https://mvnrepository.com/artifact/org.apache.logging.log4j/log4j-api
As described here https://logging.apache.org/log4j/2.x/log4j-api/index.html log4j api is just an interface.
I think in such case your code does not depend on log4j core. You can double check the output of build (e.g. maven /target folder, war file etc)
Definitely #Mariusz W.'s answer is the best.
Despite that, I notice your print shows dependency from logback-core-1.2.3 [1], which has the CVE-2021-42550 vulnerability [2].
Keep an eye on that.
I'm trying to follow this example from Adobe:
How to programmatically access the AEM JCR
My code looks like this:
package com.example;
import javax.jcr.Repository;
import javax.jcr.Session;
import javax.jcr.SimpleCredentials;
import javax.jcr.Node;
import org.apache.jackrabbit.commons.JcrUtils;
/**
* Hello world!
*
*/
public class App
{
public static void main( String[] args )
{
try {
//Create a connection to the CQ repository running on local host
Repository repository = JcrUtils.getRepository("http://localhost:4502/crx/server");
} catch (Exception ex){
System.out.println(ex.toString());
ex.printStackTrace();
}
}
}
My pom.xml has these dependencies:
<dependencies>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>4.11</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.apache.jackrabbit</groupId>
<artifactId>jackrabbit-core</artifactId>
<version>2.21.7</version>
</dependency>
<dependency>
<groupId>org.apache.jackrabbit</groupId>
<artifactId>jackrabbit-jcr-commons</artifactId>
<version>2.21.7</version>
</dependency>
<dependency>
<groupId>org.apache.jackrabbit</groupId>
<artifactId>jackrabbit-jcr2dav</artifactId>
<version>2.21.7</version>
</dependency>
</dependencies>
When I run with this command:
`java -jar .\target\demo-jar-with-dependencies.jar`
I get the following output:
javax.jcr.RepositoryException: Unable to access a repository with the following settings:
org.apache.jackrabbit.repository.uri: http://localhost:4502/crx/server
The following RepositoryFactory classes were consulted:
org.apache.jackrabbit.core.RepositoryFactoryImpl: declined
Perhaps the repository you are trying to access is not available at the moment.
javax.jcr.RepositoryException: Unable to access a repository with the following settings:
org.apache.jackrabbit.repository.uri: http://localhost:4502/crx/server
The following RepositoryFactory classes were consulted:
org.apache.jackrabbit.core.RepositoryFactoryImpl: declined
Perhaps the repository you are trying to access is not available at the moment.
at org.apache.jackrabbit.commons.JcrUtils.getRepository(JcrUtils.java:224)
at org.apache.jackrabbit.commons.JcrUtils.getRepository(JcrUtils.java:264)
at com.example.App.main(App.java:20)
I've found a number of articles both here and on other sites but none of the suggestions I've found have done anything to resolve the issue.
Any thoughts on what I'm doing wrong? I'm pretty new to AEM. Yes, the AEM Author server is running and it's on port 4502. In fact if I open this URL in a web browser I get:
Which seems normal.
Update: The consensus seems to be that I'm going about this incorrectly by using Maven and not downloading the Jackrabbit Standalone library from Apache. So I created an entirely new project in Eclipse, without Maven, and added jackrabbit-standalone.jar Version 2.23.0 (which is the latest) as a reference library. The result is exactly the same:
I've setup a Github repository for this code at:
Github Repo
Please feel free to clone it and see what I'm doing wrong.
We usually write our AEM code in OSGi bundles that we deploy in AEM. If you want to use the JCR API to connect to an AEM instance follow the advice here:
To use the JCR API, add the jackrabbit-standalone-2.4.0.jar file to
your Java application’s classpath. You can obtain this JAR file from
the Java JCR API web page at
https://jackrabbit.apache.org/jcr/jcr-api.html.
Once you download that file you have two options:
1/ No Maven - compile your program manually using javac -classpath ... (and specify the jackrabbit-standalone JAR in the classpath), and run it using java -cp ...
2/ With Maven - install the JAR in the Maven repo (or add it as a dependency using <scope>system<scope>, but you also have to run your program using Maven
Note that the Maven dependencies do not affect the program, the jackrabbit-standalone JAR is all you need to run the code you wrote.
So you're trying to access AEM using Jackrabbit WebDV.
It's pretty clear that you don't have the right components in the class path. You likely need all "spi" related components (these can the WebDAV-related client code), plus "jackrabbit-jcr-commons".
You definitively do not need core; as that would a for a local repository instance.
I'm currently looking into testing jetty servlets. I found the org.eclipse.jetty.testing.ServletTester class in some old documentation (just by random searching on the web), but it seems to be removed in newer versions.
Is there a replacement for it, and if yes, where can i find it?
If there is no replacement, I would be happy to hear about different ways to accomplish the goal of testing servlets!
Thanks in advance
The class org.eclipse.jetty.testing.ServletTester is the old Jetty 7 and Jetty 8 ServletTester.
It can be found in the following maven artifacts ...
https://search.maven.org/search?q=fc:org.eclipse.jetty.testing.ServletTester
The newer org.eclipse.jetty.servlet.ServletTester (note the package change) is available for Jetty 9.x, Jetty 10.x, and Jetty 11.x in the following artifacts ...
https://search.maven.org/search?q=fc:org.eclipse.jetty.servlet.ServletTester
Standard maven repository behaviors here, as the class is not a runtime class, it sits in the tests jar (also on maven central).
Example:
<dependency>
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-servlet</artifactId>
<version>9.4.35.v20201120</version>
<classifier>tests</classifier>
</dependency>
I upgraded my app from spring boot 1.5.9.RELEASE to 2.0.0.RELEASE, and I can no longer import org.springframework.boot.context.embedded.LocalServerPort. I was using this to inject the port the server is running on during a test:
public class Task1Test {
#LocalServerPort
private int port;
The Spring release notes do not mention this removal and #LocalServerPort was not deprecated.
Is there an equivalent in Spring Boot 2.0 that I can use?
Edit: I'm pretty sure that the class is gone. I'm getting these compilation errors:
[ERROR] ... Task1Test.java:[12,49]package org.springframework.boot.context.embedded does not exist
[ERROR] ... Task1Test.java:[46,6] cannot find symbol
symbol: class LocalServerPort
It looks like it was moved to org.springframework.boot.web.server.LocalServerPort without notice. Hope that helps.
It seems it's been moved to spring-boot-starter-web dependency as per this API documentation.
Try adding this maven dependency to see if that fixes it
<!-- https://mvnrepository.com/artifact/org.springframework.boot/spring-boot-starter-web -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
<version>2.0.0.RELEASE</version>
</dependency>
#LocalServerPort is now in
org.springframework.boot.test.web.server.LocalServerPort
Update your imports in the test code.
Relevant link to the Spring boot docs here
https://docs.spring.io/spring-boot/docs/current/api/org/springframework/boot/test/web/server/LocalServerPort.html
the change is notified here
https://docs.spring.io/spring-boot/docs/current/api/org/springframework/boot/web/server/LocalServerPort.html
Note that if you are using the Spring Boot Getting Started guides, the guides are still using the old namespace and hence you will see a build error without an option to fix. You will need to update this manually.
I am trying to build a simple Java project with Maven. In my pom-file I declare JUnit 4.8.2 as the only dependency. Still Maven insists on using JUnit version 3.8.1. How do I fix it?
The problem manifests itself in a compilation failure: "package org.junit does not exist". This is because of the import statement in my source code. The correct package name in JUnit 4.* is org.junit.* while in version 3.* it is junit.framework.*
I think I have found documentation on the root of the problem on http://maven.apache.org/plugins/maven-surefire-plugin/examples/junit.html but the advice there seems to be meant for Maven experts. I did not understand what to do.
Just to have an answer with the complete solution to help the visitors:
All you need to do is add the junit dependency to pom.xml. Don't forget the <scope>test</scope>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>4.11</version>
<scope>test</scope>
</dependency>
#Dennis Roberts: You were absolutely right: My test class was located in src/main/java. Also the value of the "scope" element in the POM for JUnit was "test", although that is how it is supposed to be. The problem was that I had been sloppy when creating the test class in Eclipse, resulting in it being created in src/main/java insted of src/test/java. This became easier to see in Eclipse's Project Explorer view after running "mvn eclipse:eclipse", but your comment was what made me see it first. Thanks.
my problem was a line inside my pom.xml i had the line <sourceDirectory>${basedir}/src</sourceDirectory> removing this line made maven use regular structure folders which solves my issue
removing the scope tag in pom.xml for junit worked..
I had the same problem. All i did was - From the pom.xml file i deleted the dependency for junit 3.8 and added a new dependency for junit 4.8. Then i did maven clean and maven install. It did the trick. To verify , after maven install i went project->properties-build path->maven dependencies and saw that now the junit 3.8 jar is gone !, instead junit 4.8 jar is listed. cool!!. Now my test runs like a charm.. Hope this helps somehow..
Add this dependency to your pom.xml file:
http://mvnrepository.com/artifact/junit/junit-dep/4.8.2
<!-- https://mvnrepository.com/artifact/junit/junit-dep -->
<dependency>
<groupId>junit</groupId>
<artifactId>junit-dep</artifactId>
<version>4.8.2</version>
</dependency>
I had my files at the correct places, and just removing <scope>test</scope> from the JUnit dependency entry solved the problem (I am using JUnit 4.12). I believe that with the test scope the dependency was just being ignored during the compilation phase. Now everything is working even when I call mvn test.
My case was a simple oversight.
I put the JUnit dependency declaration inside <dependencies> under the <dependencyManagement/> node instead of <project/> in the POM file. Correct way is:
<project>
<!-- Other elements -->
<dependencies>
<!-- Other dependencies-->
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>4.11</version>
</dependency>
</dependencies>
<project>
I had a quite similar problem in a "test-utils" project (adding features, rules and assertions to JUnit) child of a parent project injecting dependencies.
The class depending on the org.junit.rules package was in src/main/java.
So I added a dependency on junit without test scope and it solved the problem :
pom.xml of the test-util project :
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
</dependency>
pom.xml of the parent project :
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<scope>test</scope>
</dependency>
How did you declare the version?
<version>4.8.2</version>
Be aware of the meaning from this declaration explained here (see NOTES):
When declaring a "normal" version such as 3.8.2 for Junit, internally this is represented as "allow anything, but prefer 3.8.2." This means that when a conflict is detected, Maven is allowed to use the conflict algorithms to choose the best version. If you specify [3.8.2], it means that only 3.8.2 will be used and nothing else.
To force using the version 4.8.2 try
<version>[4.8.2]</version>
As you do not have any other dependencies in your project there shouldn't be any conflicts that cause your problem. The first declaration should work for you if you are able to get this version from a repository. Do you inherit dependencies from a parent pom?
Me too had the same problem as shown below.
To resolve the issue, below lines are added to dependencies section in the app level build.gradle.
compile 'junit:junit:4.12'
androidTestCompile 'com.android.support.test:runner:0.5'
Gradle build then reported following warning.
Warning:Conflict with dependency 'com.android.support:support-annotations'.
Resolved versions for app (25.1.0) and test app (23.1.1) differ.
See http://g.co/androidstudio/app-test-app-conflict for details.
To solve this warning, following section is added to the app level build.gradle.
configurations.all {
resolutionStrategy {
force 'com.android.support:support-annotations:23.1.1'
}
}
I had a similar problem of Eclipse compiling my code just fine but Maven failed when compiling the tests every time despite the fact JUnit was in my list of dependencies and the tests were in /src/test/java/.
In my case, I had the wrong version of JUnit in my list of dependencies. I wrote JUnit4 tests (with annotations) but had JUnit 3.8.x as my dependency. Between version 3.8.x and 4 of JUnit they changed the package name from junit.framework to org.junit which is why Maven still breaks compiling using a JUnit jar.
I'm still not entirely sure why Eclipse successfully compiled. It must have its own copy of JUnit4 somewhere in the classpath. Hope this alternative solution is useful to people. I reached this solution after following Arthur's link above.
I also ran into this issue - I was trying to pull in an object from a source and it was working in the test code but not the src code. To further test, I copied a block of code from the test and dropped it into the src code, then immediately removed the JUnit lines so I just had how the test was pulling in the object. Then suddenly my code wouldn't compile.
The issue was that when I dropped the code in, Eclipse helpfully resolved all the classes so I had JUnit calls coming from my src code, which was not proper. I should have noticed the warnings at the top about unused imports, but I neglected to see them.
Once I removed the unused JUnit imports in my src file, it all worked beautifully.
Find the one solution for this error if you have code in src/main/java Utils
<dependency>
<groupId>org.assertj</groupId>
<artifactId>assertj-core</artifactId>
<version>3.9.1</version>
</dependency>
Changing the junit version fixed this for me. Seems like version 3.8.1 didn't work in my case. Issue fixed upon changing it to 4.12
I met this problem, this is how I soloved it:
Context:
SpringBoot application
Use maven to manage multiple modules
Add junit's maven dependency in root POM's dependencyManagement(rather than dependencies, their differences can be found here)
Intend to test class or folder inside one of the root module's child module
PS: If your situation does not match the context above, this solution may not solve your problem.
Steps
right click at the class or folder you want to test:
Choose More Run/Debug -> Modify Run Configuration
Change the module option to the one you want to test from root module
By default , maven looks at these folders for java and test classes respectively -
src/main/java and src/test/java
When the src is specified with the test classes under source and the scope for junit dependency in pom.xml is mentioned as test - org.unit will not be found by maven.