[
https://jira.codehaus.org/browse/MNG-4513?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=302949#comment-302949
]
Karl Isenberg commented on MNG-4513:
------------------------------------
Could call them "inclusions". I often want to do this when using Spring
Enterprise Bundle Repository replacements with different artifactIds.
> Add "additions"/"depedencies" to "dependency" element in
> "dependencyManagement".
> --------------------------------------------------------------------------------
>
> Key: MNG-4513
> URL: https://jira.codehaus.org/browse/MNG-4513
> Project: Maven 2 & 3
> Issue Type: New Feature
> Components: Dependencies
> Affects Versions: 2.2.1
> Reporter: Maarten Billemont
> Fix For: Issues to be reviewed for 3.x
>
>
> Quite often we need ugly hacks in our poms because of broken dependencies in
> artifacts we depend on.
> For example, org.apache.ws.security:wss4j depends on xalan:xalan, but that
> dependency is outdated or badly maintained (not sure now, but irrelevant); so
> we need to exclude it and replace it with org.apache.xalan:xalan. Only; we
> can't do this from our dependencyManagement section for all our project
> modules, no, we can exclude xalan:xalan, but for EACH module that uses wss4j,
> we need to MANUALLY specify the dependency on org.apache.xalan:xalan; even
> though this SHOULD be a transitional dependency from wss4j. This is dirty
> and causes unacceptable bugs and maintenance when artifact dependencies
> change or artifacts are distributed to third parties.
> To fix this, we need to either host our own fixed version of wss4j, or Maven
> would have to introduce a method of doing BOTH the exclusion of xalan:xalan
> AND the addition of org.apache.xalan:xalan to the wss4j artifact from the
> dependencyManagement section. Personally; I'm not sure it makes much sense
> supporting only one of the two.
> In this example, I'd like to see the following in my project's parent pom:
> <dependencyManagement>
> <dependencies>
> <dependency>
> <groupId>org.apache.ws.security</groupId>
> <artifactId>wss4j</artifactId>
> <version>${wss4j.version}</version>
> <exclusions>
> <!-- We use org.apache.* instead -->
> <exclusion>
> <groupId>xalan</groupId>
> <artifactId>xalan</artifactId>
> </exclusion>
> <exclusion>
> <groupId>xerces</groupId>
> <artifactId>xercesImpl</artifactId>
> </exclusion>
> <exclusion>
> <groupId>xml-security</groupId>
> <artifactId>xmlsec</artifactId>
> </exclusion>
> <exclusion>
> <groupId>xml-apis</groupId>
> <artifactId>xml-apis</artifactId>
> </exclusion>
> </exclusions>
> <dependencies>
> <dependency>
> <groupId>org.apache.xalan</groupId>
> <artifactId>xalan</artifactId>
> <version>${xalan.version}</version>
> </dependency>
> <dependency>
> <groupId>org.apache.xerces</groupId>
> <artifactId>xercesImpl</artifactId>
> <version>${xercesImpl.version}</version>
> </dependency>
> <dependency>
> <groupId>org.apache.santuario</groupId>
> <artifactId>xmlsec</artifactId>
> <version>${xmlsec.version}</version>
> </dependency>
> <dependency>
> <groupId>org.apache.santuario</groupId>
> <artifactId>xmlsec</artifactId>
> <version>${xmlsec.version}</version>
> </dependency>
> </dependencies>
> </dependency>
> </dependencies>
> </dependencyManagement>
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://jira.codehaus.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
