Bug 1022679

Summary: Missing dependencies on Picketlink-core 2.1.6.3.Final-redhat-2
Product: [JBoss] JBoss Enterprise Application Platform 6 Reporter: Rafael Benevides <benevides>
Component: SecurityAssignee: Peter Skopek <pskopek>
Status: CLOSED CURRENTRELEASE QA Contact: Josef Cacek <jcacek>
Severity: urgent Docs Contact: Russell Dickenson <rdickens>
Priority: unspecified    
Version: 6.2.0CC: asaldhan, darran.lofthouse, fbogyai, sgilda
Target Milestone: ER7   
Target Release: EAP 6.2.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-12-15 16:48:48 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Rafael Benevides 2013-10-23 19:07:36 UTC 
Description of problem:
EAP 6.2.0.Beta -with-security BOM uses PL 2.1.6.3.Final-redhat-2.

picketlink-core has org.jboss.security:jbossxacml:2.0.8.Final declared on compile scope: http://maven.repository.redhat.com/techpreview/eap6/6.2.0.Beta/maven-repository/org/picketlink/picketlink-core/2.1.6.3.Final-redhat-2/picketlink-core-2.1.6.3.Final-redhat-2.pom

It also declares org.jboss.security:jboss-negotiation-common:2.2.5.Final-redhat-2 which has org.jboss.web:jbossweb:7.0.16.Final http://maven.repository.redhat.com/techpreview/eap6/6.2.0.Beta/maven-repository/org/jboss/security/jboss-negotiation-common/2.2.5.Final-redhat-2/jboss-negotiation-common-2.2.5.Final-redhat-2.pom

These GAVs are not present on MavenCentral and it's only present on JBoss Nexus Server

Version-Release number of selected component (if applicable): PL 2.1.6.3.Final-redhat-2



Steps to Reproduce:
1. Checkout and compile: https://github.com/jboss-developer/jboss-eap-quickstarts/tree/master/picketlink-sts


Actual results: Could not resolve dependencies for project org.jboss.quickstarts.eap:jboss-picketlink-sts:war:6.2.0-redhat-SNAPSHOT: Failed to collect dependencies for [org.picketlink:picketlink-core:jar:2.1.6.3.Final-redhat-2 (provided)]: Failed to read artifact descriptor for org.jboss.security:jbossxacml:jar:2.0.8.Final


Expected results: BUILD SUCCESS


Additional info:
Comment 1 Anil Saldhana 2013-10-23 19:10:33 UTC 
Peter - I am wondering if we can make the scope of xacml dependency to provided or excluded in the quickstart build.
Comment 2 JBoss JIRA Server 2013-10-24 10:39:06 UTC 
Darran Lofthouse <darran.lofthouse> updated the status of jira SECURITY-760 to Resolved
Comment 3 sgilda 2013-10-29 11:56:19 UTC 
What is the current status of this bug? I'm still getting Jenkins build errors.
Comment 4 Peter Skopek 2013-10-29 13:22:02 UTC 
jbossxacml excluded from quickstart build.
PR: https://github.com/jboss-developer/jboss-eap-quickstarts/pull/704
Comment 5 Rafael Benevides 2013-10-29 14:45:23 UTC 
PR merged
Comment 6 FIlip Bogyai 2013-11-01 12:50:21 UTC 
Verified in 6.2.0.ER7-quickstarts