tags:

views:

35

answers:

1
+2  Q: 

Managing dependencies with Maven 2

Hi,

I have a web application with more than 100 jar files dragged by Maven and things went a bit out of control.

For example, I ended up with 3 versions of Spring core classes which caused the application deployment to fail sometimes (it seems the order of the jars loaded from WEB-INF/lib is not always the same with Weblogic):

spring-2.5.6.SEC01.jar
spring-2.5.6.A.jar
spring-core-2.0.8.jar

So I'm trying to clean-up the mess. I started using mainly exclusions but I wonder if I shouldn't rely on dependencyManagement element in my own pom files instead. What is the best practice about that?

Also, the version of transitive dependencies is often not specified. For example, in spring-security-core 2.0.5.RELEASE pom file there is:

<dependency>
    <groupId>org.springframework</groupId>
    <artifactId>spring-core</artifactId>
</dependency>

Which version of spring-core will be loaded if I don't specify anything? The latest available? Will it change over time?

Thanks.

+2  A: 

So I'm trying to clean-up the mess. I started using mainly exclusions but I wonder if I shouldn't rely on dependencyManagement element in my own pom files instead. What is the best practice about that?

  • You should definitely use the dependencyManagement element to control the versions of artifacts in transitive dependencies, that's the way to go.
  • You could also create POMs to group dependencies.
  • Use excludes when groupId or artifactId don't match (e.g. spring-core and the monolithic spring jar).

Also, the version of transitive dependencies is often not specified (...). Which version of spring-core will be loaded if I don't specify anything? The latest available? Will it change over time?

They are specified, they are declared in the dependencyManagement section of the spring-security-parent POM. The version is 2.0.8. It won't change over time for this released artifact.

And if you want to control the version of this transitive dependency, use the dependencyManagement element as I wrote.

And don't forget mvn dependency:tree (or any graphical front-end), ti's your best weapon here.

Pascal Thivent  2010-09-02 20:48:55
Very complete and useful answer. I was already using a visual dependency:tree in eclipse which helped me to spot the problems but I was more wondering about how to fix it. Thanks a lot.
Damien  2010-09-02 21:08:25
@Damien You're welcome.
Pascal Thivent  2010-09-02 21:11:11

related questions

Different dependency settings for 'Debug' and 'Release' build configuration in VisualC++ 6.0
Tools for finding unused references
Eclipse: Dependency Management
Is it possible to simulate installation of Debian packages, still marking them installed?
MSBuild doesn't pick up references of the referenced project
Unit testing code with a file system dependency
Specifying a non-.NET dependency in Visual Studio
Cyclic Dependencies
In continuous integration what is the best way to deal with external application dependencies
What is a good reference for how calculation engines such as Excel work?
Good tool to generate dependency diagram?
force Maven2 to copy dependencies into target/lib
gcc dependency generation for a different output directory
How can I generate a list of function dependencies in MATLAB?
How can I build a 'dependency tree diagram' from my .NET solution
Find minimal necessary java classpath
How should I detect unnecessary #include files in a large C++ project?
How can I efficiently build different versions of a component with one Makefile
java package cycle detection: how to find the specific classes involved ?
Getting a list of assemblies needed by application
How do I tell Maven to use the latest version of a dependency?
How can I manage OSGi build dependencies?
Add .NET 2.0 SP1 as a prerequisite for deployment project
.NET Framework dependency
Lingering assembly dependency in C# .NET