I have a web application with more than 100 jar files dragged by Maven and things went a bit out of control.
For example, I ended up with 3 versions of Spring core classes which caused the application deployment to fail sometimes (it seems the order of the jars loaded from WEB-INF/lib is not always the same with Weblogic):
spring-2.5.6.SEC01.jar
spring-2.5.6.A.jar
spring-core-2.0.8.jar
So I’m trying to clean-up the mess. I started using mainly exclusions but I wonder if I shouldn’t rely on dependencyManagement element in my own pom files instead. What is the best practice about that?
Also, the version of transitive dependencies is often not specified. For example, in spring-security-core 2.0.5.RELEASE pom file there is:
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-core</artifactId>
</dependency>
Which version of spring-core will be loaded if I don’t specify anything? The latest available? Will it change over time?
Thanks.
dependencyManagementelement to control the versions of artifacts in transitive dependencies, that’s the way to go.excludeswhengroupIdorartifactIddon’t match (e.g.spring-coreand the monolithicspringjar).They are specified, they are declared in the
dependencyManagementsection of the spring-security-parent POM. The version is 2.0.8. It won’t change over time for this released artifact.And if you want to control the version of this transitive dependency, use the
dependencyManagementelement as I wrote.And don’t forget
mvn dependency:tree(or any graphical front-end), ti’s your best weapon here.