I am new to Maven and am trying to set up one of my first POMs. My application will cache using EhCache. Going to Maven Central Repo (link here) I copy-n-pasted the <dependency> tag and copy it into my pom.xml like so:
...many dependencies above this point
<dependency>
<scope>compile</scope>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-entitymanager</artifactId>
<version>4.0.1.Final</version>
</dependency>
<dependency>
<scope>compile</scope>
<groupId>net.sf.ehcache</groupId>
<artifactId>ehcache</artifactId>
<version>2.5.0</version>
</dependency>
<dependency>
<scope>compile</scope>
<groupId>jasperreports</groupId>
<artifactId>jasperreports</artifactId>
<version>3.5.3</version>
</dependency>
...many dependencies below this point
When I save the changes, Eclipse builds the workspace and gives me an error on the opening <dependency> tag for EhCache 2.5:
Missing artifact net.sf.ehcache:ehcache:jar:2.5.0
So I figured that perhaps v.2.5.0 has something wrong with it, and repeated the same for 2.4.7 (the last 2.4.x release before 2.5.0). Same deal.
Since I'm so new to Maven, I don't even know where to begin looking. I tried Project >> Clean and even restarted Eclipse to see if it was just a typical Eclipse "quirk". Nope.
I am thinking:
Could EhCache be publishing bad JARs to the Maven repo?
Could Maven Repo have something wrong with it?
Could this be due to something else configured wrong in my pom.xml?
Could this be a "JAR hell" issue where I have a conflict somewhere on my dependency graph?
How would SO start tackling this problem? Thanks in advance!
It is usually safer to refer to search.maven.org. Dependency from there:
<dependency>
<groupId>net.sf.ehcache</groupId>
<artifactId>ehcache</artifactId>
<version>2.5.0</version>
<type>pom</type>
</dependency>
Mind type pom. From module's pom:
This is a pom artifact to pull in ehcache-core and ehcache-terracotta
for clustering. Make sure to set 'type' to 'pom' in your dependency.
Aparently when someone does not need terracotta, ehcache-core will do perfectly fine as other answer states.
They use ehcache-core in the official documentation. Maven Central does not have a jar artifact for ehcache 2.5 which explains your error message.
Using ehcache-core changes the dependency to:
<dependency>
<groupId>net.sf.ehcache</groupId>
<artifactId>ehcache-core</artifactId>
<version>2.5.0</version>
</dependency>
Which successfully downloads on my machine (ehcache does not).
I dropped this into IntelliJ and it found it. I suspect there is something wrong with your settings. Try creating a project with only this dependency in it. If it fails to download, I would check your setting. e.g. .m2/settings.xml Are you using a Nexus server or maven proxy/cache?
BTW: A simpler way to search for JARs is to use http://mvnrepository.com/ which will find all the available versions and show you the XML you need to add.
Related
I am trying to install spring-security-core to my project and here's how I am doing it in my pom.xml
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>5.0.7.RELEASE</version>
</dependency>
The issue is that when I build the project I see org.springframework.security.spring-security-core with version 4.2.9.RELEASE in my artifacts instead of 5.0.7.RELEASE. My pom.xml is deep down in my build tree and it's a part of a big spring boot project. artifact spring-security-core is not present in any other pom.xml in my tree.
From what I've read so far it looks like this is happening because something in the parent tree is downloading spring-security-core 4.2.9.RELEASE as a dependency without explicitly mentioning it in their pom.xml. How to debug this problem ?
In one of the parent pom.xml there's a dependency like this :
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-context-support</artifactId>
<version>4.3.22.RELEASE</version>
</dependency>
Would that explain why spring-security-core old version is getting downloaded ? Any help is appreciated.
Check the dependency tree with this command
mvn dependency:tree
If spring-context-support also has spring-security, you can exclude that from the dependency by adding exclusions
example
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-context-support</artifactId>
<version>4.3.22.RELEASE</version>
<exclusions>
<exclusion>
<groupId> groupid of the jar to be excluded </groupId>
<artifactId>artifact id of the jar to be excluded</artifactId>
</exclusion>
</exclusions>
</dependency>
Go to the location of parent pom.xml file and as run the command
mvn dependency:tree >> tree.txt
It will create a file with dependency tree. Search for "spring-security-core" you will find which version is downloaded.
There are couple of work around:
You can repeat this to each pom.xml as well to know from where it gets the reference.
If one of the pom referring the version then your dependency will not consider if its got resolve earlier.
Check if any po.xml file referring to any spring security related libraries. If so, what is there version. And if you need then as mentioned by #Vinay, exclude it so your library version gets referred.
If you want to download this version of library then mentioned it at the top, so it gets referred and no other version will downloaded.
There is no relation for spring security with spring-context-code. Refer this maven link.
I sometimes see these following declaration in pom.xml...
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>jstl</artifactId>
</dependency>
<dependency>
<groupId>org.apache.tomcat.embed</groupId>
<artifactId>tomcat-embed-jasper</artifactId>
<scope>provided</scope>
</dependency>
....
as you can see, spring-boot-starter-web was declared as well
as tomcat-embed-jasper.
isn't it spring-boot-starter-web already have an embedded tomcat?
why some developers still declare tomcat-embed-jasper along with boot-starter-web? or is there any reason?
As you said, the spring-boot-starter-web includes the spring-boot-starter-tomcat. You could check it here
The spring-boot-starter-tomcat includes the tomcat-embed-core. You could check it here
But, seems like tomcat-embed-core doesn't include tomcat-embed-jasper. In fact, is tomcat-embed-jasper who includes dependency with tomcat-embed-core. Check it here
Anyway, the tomcat-embed-jasper is marked as provided, so indicates that you expect the JDK or a container to provide the dependency at runtime. This scope is only available on the compilation and test classpath, and is not transitive.
In conclusion, the spring-boot-starter-web includes the tomcat embedded dependency but it doesn't includes the jasper embedded dependency, so that should be the reason to declare it separately.
Also, remember that using Spring IO Platform as parent you are able to manage dependencies easily. To know more about this you could read my post
Hope it helps,
Extended from jcgarcia's answer.
Even it is provided, but when you build as war, spring-boot-maven-plugin will include two more jar :
ecj-3.12.3.jar
tomcat-embed-jasper-8.5.23.jar
To those who are still facing this error in 2022 with Java Version 17, Maven Version 3.0.0 and Package Jar. I also ran into the same issue just now, seems like even though we set <scope>Provided</scope> Maven is not picking up the jar. What you can do instead is just take that completely off while adding the dependency and run the Maven to install dependencies again. It will fix it for sure. So your pom.xml file will go:-
From
<dependency>
<groupId>org.apache.tomcat.embed</groupId>
<artifactId>tomcat-embed-jasper</artifactId>
<scope>provided</scope>
</dependency>
To
<dependency>
<groupId>org.apache.tomcat.embed</groupId>
<artifactId>tomcat-embed-jasper</artifactId>
</dependency>
Am trying to create an aem workflow java process step, adding the below dependency in the pom.xml file dependencies list once i add the bundle build is fine but it is in Installed state only because of the below two errors.
<dependency>
<groupId>com.day.cq.workflow</groupId>
<artifactId>cq-workflow-api</artifactId>
<version>5.6.2</version>
<scope>provided</scope>
</dependency>
i have tried adding the dependency but still no use, the error remains same
<dependency>
<groupId>net.sf.ehcache</groupId>
<artifactId>ehcache</artifactId>
<version>2.8.3</version>
<scope>provided</scope>
And also i have tried to keep the imports as optional still no use
<Import-Package>net.sf.ehcache,net.spy.memcached,*;resolution:=optional</Import-Package>
Error Message:
Simply add the build time dependencies to ehcache and memcached as <optional>true</optional> in the maven pom. bnd will then create the imports as optional and it should work. No need to have a Import-Package Element.
Recently I've been working on some improvements in a project developed some time ago, and here's what I found. A lot of dependencies in the pom files go without versions specified, and yet they are resolved. The project consists of 1 root module and 2 submodules. The Aggregator pattern is used, meaning there's no dependencyManagement section at all. The upper-project simply aggregates 2 modules and that's all it does. Subprojects don't refer to it as to a parent. They have a different parent. What I can't grasp is that neither subprojects themselves nor their parent(as a matter of fact, it doesn't have dependencyManagement either) specify versions for some of the dependencies. For instance:
<dependency>
<groupId>javax.mail</groupId>
<artifactId>javax.mail-api</artifactId>
</dependency>
<dependency>
<groupId>com.sun.mail</groupId>
<artifactId>javax.mail</artifactId>
</dependency>
<dependency>
<groupId>com.sun.mail</groupId>
<artifactId>imap</artifactId>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>jcl-over-slf4j</artifactId>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>jul-to-slf4j</artifactId>
</dependency>
<dependency>
<groupId>ch.qos.logback</groupId>
<artifactId>logback-classic</artifactId>
</dependency>
Can someone help me figure this out? Is maven handling versioning with some default strategy? What is that default strategy?
Ok, I think I'm gonna answer it myself. Of course I took a look at dependency:tree, but all the dependencies that I mentioned were first-level members of the tree. What I failed to notice right away, is that dependencyManagement is not present in the parent, but it is however present in the submodules, and what is more interesting it contains:
<dependency>
<groupId>io.spring.platform</groupId>
<artifactId>platform-bom</artifactId>
<version>1.0.2.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
I've never used Spring IO Platform before, so this is a totally new concept for me. As it turns out the platform includes quite a few preconfigured dependencies:
http://docs.spring.io/platform/docs/current/reference/htmlsingle/#appendix-dependency-versions
It is impossible for maven to work without defining versions of the artifacts. They should be defined somewhere in dependencyManagement tag either in the submodule or parent. Please check your pom hierarchy. Use mvn help:effective-pom in the submodule directory of the project. Also you can use mvn dependency:tree in order to find out which artifacts - along with full artifact information including version numbers - are resolved in the result of dependency management.
Use
mvn -P<my_profile_of_interest> help:effective-pom -Dverbose
Verbose mode (Since: 3.2.0) adds XML comments containing precise reference to a place where dependency declaration is coming from.
Each maven dependency defined in the pom must have a version either directly or indirectly for example, through dependencyManagement or parent. That being said, if the version is not given, then the version provided in the dependencyManagement or the parent pom will be used.
For example: in the pom (only important sections are mentioned) given below, no version is provided for the artifact jstl. However, in the "mvn dependency:tree", it shows that jstl version 1.2 is included. And looking at the spring-boot-starter-parent, for the version 2.3.3.RELEASE pom, it includes jstl version 1.2.
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>1.3.3.RELEASE</version>
</parent>
<dependencies>
....
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>jstl</artifactId>
</dependency>
....
</dependencies>
In my case if i was using Spring boot starter parent to manage all dependency and lombok version is managed by Spring boot , This problem was coming due to higher java version JAVA 11 . I exported JAVA 8 in to my compile time environment and after using JAVA 8 this problem was gone.
I'm trying to build a Maven based Java EE project on Jenkins, but I'm getting compilation errors. The reason seems to be that the Java EE dependencies that are marked as provided in the POM logically enough aren't downloaded when the project is built.
How can I set up the POM so that the build works in Jenkins, but the EE dependencies aren't included in the WAR file?
My thanks in advance for any input you can provide.
That's strange, AFAIK the dependencies with scope "provided" are simply not placed in the built file, they should however be downloaded. Are you sure your Maven is correctly configured to download dependencies - maybe there's a proxy that's not configured.
Not sure if its the best solution, but you can add EE dependencies with scope "provided", like the example:
<dependency>
<groupId>org.apache.tomcat</groupId>
<artifactId>tomcat-servlet-api</artifactId>
<version>7.0.27</version>
<type>jar</type>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>javax.el</groupId>
<artifactId>javax.el-api</artifactId>
<version>2.2.4</version>
<type>jar</type>
<scope>provided</scope>
</dependency>
Maybe there is a plugin who provides all of them to you, but I'm not sure about that.
Hope that helps