Add "additions"/"depedencies" to "dependency" element in "dependencyManagement".
--------------------------------------------------------------------------------
Key: MNG-4513
URL: http://jira.codehaus.org/browse/MNG-4513
Project: Maven 2 & 3
Issue Type: New Feature
Components: Dependencies
Affects Versions: 2.2.1
Reporter: Maarten Billemont
Quite often we need ugly hacks in our poms because of broken dependencies in
artifacts we depend on.
For example, org.apache.ws.security:wss4j depends on xalan:xalan, but that
dependency is outdated or badly maintained (not sure now, but irrelevant); so
we need to exclude it and replace it with org.apache.xalan:xalan. Only; we
can't do this from our dependencyManagement section for all our project
modules, no, we can exclude xalan:xalan, but for EACH module that uses wss4j,
we need to MANUALLY specify the dependency on org.apache.xalan:xalan; even
though this SHOULD be a transitional dependency from wss4j. This is dirty and
causes unacceptable bugs and maintenance when artifact dependencies change or
artifacts are distributed to third parties.
To fix this, we need to either host our own fixed version of wss4j, or Maven
would have to introduce a method of doing BOTH the exclusion of xalan:xalan AND
the addition of org.apache.xalan:xalan to the wss4j artifact from the
dependencyManagement section. Personally; I'm not sure it makes much sense
supporting only one of the two.
In this example, I'd like to see the following in my project's parent pom:
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.apache.ws.security</groupId>
<artifactId>wss4j</artifactId>
<version>${wss4j.version}</version>
<exclusions>
<!-- We use org.apache.* instead -->
<exclusion>
<groupId>xalan</groupId>
<artifactId>xalan</artifactId>
</exclusion>
<exclusion>
<groupId>xerces</groupId>
<artifactId>xercesImpl</artifactId>
</exclusion>
<exclusion>
<groupId>xml-security</groupId>
<artifactId>xmlsec</artifactId>
</exclusion>
<exclusion>
<groupId>xml-apis</groupId>
<artifactId>xml-apis</artifactId>
</exclusion>
</exclusions>
<dependencies>
<dependency>
<groupId>org.apache.xalan</groupId>
<artifactId>xalan</artifactId>
<version>${xalan.version}</version>
</dependency>
<dependency>
<groupId>org.apache.xerces</groupId>
<artifactId>xercesImpl</artifactId>
<version>${xercesImpl.version}</version>
</dependency>
<dependency>
<groupId>org.apache.santuario</groupId>
<artifactId>xmlsec</artifactId>
<version>${xmlsec.version}</version>
</dependency>
<dependency>
<groupId>org.apache.santuario</groupId>
<artifactId>xmlsec</artifactId>
<version>${xmlsec.version}</version>
</dependency>
</dependencies>
</dependency>
</dependencies>
</dependencyManagement>
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
