Uploaded image for project: 'Hippo Site Toolkit 2'
  1. Hippo Site Toolkit 2
  2. HSTTWO-3402

Sanitize the components/jaxrs pom.xml with respect to CXF dependencies

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Normal
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 3.1.0
    • Component/s: None
    • Labels:
    • Similar issues:

      Description

      It is quite unclear what is need for what and which exclusions are still needed and which not. For example in jaxrs/pom.xml there is:

      Replacing

      <dependency>
            <groupId>org.apache.cxf</groupId>
            <artifactId>cxf-rt-frontend-jaxrs</artifactId>
            <scope>compile</scope>
            <exclusions>
              <exclusion>
                <groupId>commons-logging</groupId>
                <artifactId>commons-logging</artifactId>
              </exclusion>
              <exclusion>
                <groupId>org.springframework</groupId>
                <artifactId>spring-core</artifactId>
              </exclusion>
              <exclusion>
                <groupId>org.springframework</groupId>
                <artifactId>spring-beans</artifactId>
              </exclusion>
              <exclusion>
                <groupId>org.springframework</groupId>
                <artifactId>spring-context</artifactId>
              </exclusion>
              <exclusion>
                <groupId>org.springframework</groupId>
                <artifactId>spring-web</artifactId>
              </exclusion>
              <exclusion>
                <groupId>org.apache.geronimo.specs</groupId>
                <artifactId>geronimo-javamail_1.4_spec</artifactId>
              </exclusion>
              <exclusion>
                <groupId>com.sun.xml.bind</groupId>
                <artifactId>jaxb-impl</artifactId>
              </exclusion>
            </exclusions>
          </dependency>
      

      with

      <dependency>
            <groupId>org.apache.cxf</groupId>
            <artifactId>cxf-rt-frontend-jaxrs</artifactId>
            <scope>compile</scope>
      </dependency>
      

      results in the exact same mvn dependency:tree output. Also all the excluded dependencies seem to be on scope 'provided' in cxf, so afaics, no reason to exclude them explicitly.

      Next removing these dependencies:

      <!-- STAX API -->
          
          <dependency>
            <groupId>org.apache.geronimo.specs</groupId>
            <artifactId>geronimo-stax-api_1.2_spec</artifactId>
          </dependency>
          
          <!-- STAX Implementation -->
          
          <dependency>
            <groupId>stax</groupId>
            <artifactId>stax</artifactId>
          </dependency>
          
          <!-- STAX2 API -->
          
          <dependency>
            <groupId>org.codehaus.woodstox</groupId>
            <artifactId>stax2-api</artifactId>
          </dependency>
      

      Does not result in any failure. Some dependencies seem to me to be just unneeded, others are just transitively pulled in by cxf which seems to me to be preferable.

      Note sure about

       <dependency>
            <groupId>org.codehaus.woodstox</groupId>
            <artifactId>woodstox-core-asl</artifactId>
       </dependency>
      

      Also the HST root pom.xml has a lot of cxf dependency specifics, namely:

      <!-- STAX API -->
      
            <dependency>
              <groupId>org.apache.geronimo.specs</groupId>
              <artifactId>geronimo-stax-api_1.2_spec</artifactId>
              <version>${geronimo-stax-api_1.2_spec.version}</version>
            </dependency>
      
            <!-- STAX Implementation -->
      
            <dependency>
              <groupId>stax</groupId>
              <artifactId>stax</artifactId>
              <version>${stax.version}</version>
              <exclusions>
                <exclusion>
                  <groupId>stax</groupId>
                  <artifactId>stax-api</artifactId>
                </exclusion>
              </exclusions>
            </dependency>
      
            <!-- STAX2 API -->
      
            <dependency>
              <groupId>org.codehaus.woodstox</groupId>
              <artifactId>stax2-api</artifactId>
              <version>${stax2-api.version}</version>
              <exclusions>
                <exclusion>
                  <groupId>javax.xml.stream</groupId>
                  <artifactId>stax-api</artifactId>
                </exclusion>
                <exclusion>
                  <groupId>stax</groupId>
                  <artifactId>stax-api</artifactId>
                </exclusion>
              </exclusions>
            </dependency>
      
            <!-- STAX2 Implementation -->
      
            <dependency>
              <groupId>org.codehaus.woodstox</groupId>
              <artifactId>woodstox-core-asl</artifactId>
              <version>${woodstox.version}</version>
              <exclusions>
                <exclusion>
                  <groupId>javax.xml.stream</groupId>
                  <artifactId>stax-api</artifactId>
                </exclusion>
                <exclusion>
                  <groupId>stax</groupId>
                  <artifactId>stax-api</artifactId>
                </exclusion>
              </exclusions>
            </dependency>
      
            <dependency>
              <groupId>org.apache.cxf</groupId>
              <artifactId>cxf-rt-frontend-jaxrs</artifactId>
              <version>${cxf.version}</version>
              <exclusions>
                <exclusion>
                  <groupId>org.codehaus.woodstox</groupId>
                  <artifactId>stax2-api</artifactId>
                </exclusion>
                <exclusion>
                  <groupId>commons-logging</groupId>
                  <artifactId>commons-logging</artifactId>
                </exclusion>
                <exclusion>
                  <groupId>org.springframework</groupId>
                  <artifactId>spring-core</artifactId>
                </exclusion>
                <exclusion>
                  <groupId>org.springframework</groupId>
                  <artifactId>spring-beans</artifactId>
                </exclusion>
                <exclusion>
                  <groupId>org.springframework</groupId>
                  <artifactId>spring-context</artifactId>
                </exclusion>
                <exclusion>
                  <groupId>org.springframework</groupId>
                  <artifactId>spring-web</artifactId>
                </exclusion>
              </exclusions>
            </dependency>
      

      I really doubt we should all have this in there still. If we can get rid of it, we should.

      Note that in the distribution in the end we ship the jars

      stax-1.2.0.jar
      stax2-api-3.1.1.jar
      stax-api-1.0.1.jar

      Do we still need these?

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                aschrijvers Ard Schrijvers
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: