Maven: Force the exclusion of dependencies

In large Maven-based projects consisting of several high-level frameworks sooner or later there will come the time, when there are two versions of the same dependency in the classpath. For example: two versions of the same logging framework.

One approach to solve such ambiguity is to choose one of the versions (which is hopefully compatible) and to use it as an explicit dependency. Nevertheless other dependencies may still introduce other version as transitive dependencies. This may be caused by different groupIds, which will result in two similar named jar.

Once you got a candidate you can start finding all the possible sources of the dependency.

mvn dependency:tree -Dverbose -Dincludes=log4j:log4j

will show you the dependency-tree, but only the relevant excerpt. Using this information you can now add your exclusions to the affected pom.xml files.
Exclusions are configured via the exclusion-tag [1], which excludes specific transitive dependencies. For example:

<dependency>
	<groupId>sample.ProjectB</groupId>
	<artifactId>Project-B</artifactId>
	<version>1.0-SNAPSHOT</version>
	<exclusions>
		<exclusion>
			<groupId>log4j</groupId>
			<artifactId>log4j</artifactId>
		</exclusion>
	</exclusions>
</dependency>

By the way: Java IDEs can help you doing this.

After that you can make sure the faulty dependency versions will never ever be included again. This can be done using the maven-enforcer-plugin [2]

      
<build>
	<plugins>
		<plugin>
			<groupId>org.apache.maven.plugins</groupId>
			<artifactId>maven-enforcer-plugin</artifactId>
			<version>1.3.1</version>
			<executions>
				<execution>
					<id>enforce-version</id>
					<goals>
						<goal>enforce</goal>
					</goals>
					<configuration>
						<rules>
							<bannedDependencies>
								<excludes>
									<!-- exclude all versions lower than 1.2.17-->									
									<exclude>log4j:log4j:[0.0,1.2.17)</exclude>
								</excludes>
							</bannedDependencies>
						</rules>
					</configuration>
				</execution>
			</executions>
		</plugin>
	</plugins>
</build>

[1] http://maven.apache.org/guides/introduction/introduction-to-optional-and-excludes-dependencies.html
[2] http://maven.apache.org/enforcer/maven-enforcer-plugin/

Advertisements

One thought on “Maven: Force the exclusion of dependencies

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s