Uploaded image for project: '[Read Only] - Hippo Site Toolkit 2'
  1. [Read Only] - Hippo Site Toolkit 2
  2. HSTTWO-3402

Sanitize the components/jaxrs pom.xml with respect to CXF dependencies

    XMLWordPrintable

Details

    • Improvement
    • Status: Closed
    • Normal
    • Resolution: Fixed
    • None
    • 3.1.0
    • None

    Description

      It is quite unclear what is need for what and which exclusions are still needed and which not. For example in jaxrs/pom.xml there is:

      Replacing 

      <dependency>
      <groupId>org.apache.cxf</groupId>
      <artifactId>cxf-rt-frontend-jaxrs</artifactId>
      <scope>compile</scope>
      <exclusions>
        <exclusion>
          <groupId>commons-logging</groupId>
          <artifactId>commons-logging</artifactId>
        </exclusion>
        <exclusion>
          <groupId>org.springframework</groupId>
          <artifactId>spring-core</artifactId>
        </exclusion>
        <exclusion>
          <groupId>org.springframework</groupId>
          <artifactId>spring-beans</artifactId>
        </exclusion>
        <exclusion>
          <groupId>org.springframework</groupId>
          <artifactId>spring-context</artifactId>
        </exclusion>
        <exclusion>
          <groupId>org.springframework</groupId>
          <artifactId>spring-web</artifactId>
        </exclusion>
        <exclusion>
          <groupId>org.apache.geronimo.specs</groupId>
          <artifactId>geronimo-javamail_1.4_spec</artifactId>
        </exclusion>
        <exclusion>
          <groupId>com.sun.xml.bind</groupId>
          <artifactId>jaxb-impl</artifactId>
        </exclusion>
      </exclusions>
    </dependency>

      with 

      <dependency>
      <groupId>org.apache.cxf</groupId>
      <artifactId>cxf-rt-frontend-jaxrs</artifactId>
      <scope>compile</scope>
</dependency>

      results in the exact same mvn dependency:tree output. Also all the excluded dependencies seem to be on scope 'provided' in cxf, so afaics, no reason to exclude them explicitly.

      Next removing these dependencies:

      <!-- STAX API -->
    
    <dependency>
      <groupId>org.apache.geronimo.specs</groupId>
      <artifactId>geronimo-stax-api_1.2_spec</artifactId>
    </dependency>
    
    <!-- STAX Implementation -->
    
    <dependency>
      <groupId>stax</groupId>
      <artifactId>stax</artifactId>
    </dependency>
    
    <!-- STAX2 API -->
    
    <dependency>
      <groupId>org.codehaus.woodstox</groupId>
      <artifactId>stax2-api</artifactId>
    </dependency>

      Does not result in any failure. Some dependencies seem to me to be just unneeded, others are just transitively pulled in by cxf which seems to me to be preferable.

      Note sure about 

       <dependency>
      <groupId>org.codehaus.woodstox</groupId>
      <artifactId>woodstox-core-asl</artifactId>
 </dependency>

      Also the HST root pom.xml has a lot of cxf dependency specifics, namely:

      <!-- STAX API -->

      <dependency>
        <groupId>org.apache.geronimo.specs</groupId>
        <artifactId>geronimo-stax-api_1.2_spec</artifactId>
        <version>${geronimo-stax-api_1.2_spec.version}</version>
      </dependency>

      <!-- STAX Implementation -->

      <dependency>
        <groupId>stax</groupId>
        <artifactId>stax</artifactId>
        <version>${stax.version}</version>
        <exclusions>
          <exclusion>
            <groupId>stax</groupId>
            <artifactId>stax-api</artifactId>
          </exclusion>
        </exclusions>
      </dependency>

      <!-- STAX2 API -->

      <dependency>
        <groupId>org.codehaus.woodstox</groupId>
        <artifactId>stax2-api</artifactId>
        <version>${stax2-api.version}</version>
        <exclusions>
          <exclusion>
            <groupId>javax.xml.stream</groupId>
            <artifactId>stax-api</artifactId>
          </exclusion>
          <exclusion>
            <groupId>stax</groupId>
            <artifactId>stax-api</artifactId>
          </exclusion>
        </exclusions>
      </dependency>

      <!-- STAX2 Implementation -->

      <dependency>
        <groupId>org.codehaus.woodstox</groupId>
        <artifactId>woodstox-core-asl</artifactId>
        <version>${woodstox.version}</version>
        <exclusions>
          <exclusion>
            <groupId>javax.xml.stream</groupId>
            <artifactId>stax-api</artifactId>
          </exclusion>
          <exclusion>
            <groupId>stax</groupId>
            <artifactId>stax-api</artifactId>
          </exclusion>
        </exclusions>
      </dependency>

      <dependency>
        <groupId>org.apache.cxf</groupId>
        <artifactId>cxf-rt-frontend-jaxrs</artifactId>
        <version>${cxf.version}</version>
        <exclusions>
          <exclusion>
            <groupId>org.codehaus.woodstox</groupId>
            <artifactId>stax2-api</artifactId>
          </exclusion>
          <exclusion>
            <groupId>commons-logging</groupId>
            <artifactId>commons-logging</artifactId>
          </exclusion>
          <exclusion>
            <groupId>org.springframework</groupId>
            <artifactId>spring-core</artifactId>
          </exclusion>
          <exclusion>
            <groupId>org.springframework</groupId>
            <artifactId>spring-beans</artifactId>
          </exclusion>
          <exclusion>
            <groupId>org.springframework</groupId>
            <artifactId>spring-context</artifactId>
          </exclusion>
          <exclusion>
            <groupId>org.springframework</groupId>
            <artifactId>spring-web</artifactId>
          </exclusion>
        </exclusions>
      </dependency>

      I really doubt we should all have this in there still. If we can get rid of it, we should.

      Note that in the distribution in the end we ship the jars

      stax-1.2.0.jar
      stax2-api-3.1.1.jar
      stax-api-1.0.1.jar

      Do we still need these?

      Attachments

        Issue Links

          relates to

          Improvement - An improvement or enhancement to an existing feature or task. HSTTWO-3401 HST jaxrs dependency compiles against geronimo-annotation where the same annotations are already provided by cxf through javax.annotations

          • Normal - Normal priority, tasks to be done before next intermediate release
          • Closed

          Activity

            People

              Unassigned Unassigned
              aschrijvers Ard Schrijvers
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: