开发者

Managing dependencies with Maven 2

开发者 https://www.devze.com 2023-01-14 11:43 出处:网络
I have a web application with more than 100 jar files dragged by Maven and things went a bit out of control.

I have a web application with more than 100 jar files dragged by Maven and things went a bit out of control.

For example, I ended up with 3 versions of Spring core classes which caused the application deployment to fail sometimes (it seems the order of the jars loaded from WEB-INF/lib is not always the same with Weblogic):

spring-2.5.6.SEC01.jar
spring-2.5.6.A.jar
spring-core-2.0.8.jar

So I'm 开发者_如何学运维trying to clean-up the mess. I started using mainly exclusions but I wonder if I shouldn't rely on dependencyManagement element in my own pom files instead. What is the best practice about that?

Also, the version of transitive dependencies is often not specified. For example, in spring-security-core 2.0.5.RELEASE pom file there is:

<dependency>
    <groupId>org.springframework</groupId>
    <artifactId>spring-core</artifactId>
</dependency>

Which version of spring-core will be loaded if I don't specify anything? The latest available? Will it change over time?

Thanks.


So I'm trying to clean-up the mess. I started using mainly exclusions but I wonder if I shouldn't rely on dependencyManagement element in my own pom files instead. What is the best practice about that?

  • You should definitely use the dependencyManagement element to control the versions of artifacts in transitive dependencies, that's the way to go.
  • You could also create POMs to group dependencies.
  • Use excludes when groupId or artifactId don't match (e.g. spring-core and the monolithic spring jar).

Also, the version of transitive dependencies is often not specified (...). Which version of spring-core will be loaded if I don't specify anything? The latest available? Will it change over time?

They are specified, they are declared in the dependencyManagement section of the spring-security-parent POM. The version is 2.0.8. It won't change over time for this released artifact.

And if you want to control the version of this transitive dependency, use the dependencyManagement element as I wrote.

And don't forget mvn dependency:tree (or any graphical front-end), ti's your best weapon here.

0

精彩评论

暂无评论...
验证码 换一张
取 消