Bug 999846
| Summary: | Unavailable artifacts referenced in the jboss-javaee-6.0-with-security-1.0.4.Final-redhat-9.pom BOM | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| Product: | [JBoss] JBoss Enterprise Application Platform 6 | Reporter: | Nikoleta Hlavickova <nziakova> | ||||||||
| Component: | Maven Repository | Assignee: | Lin Gao <lgao> | ||||||||
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Nikoleta Hlavickova <nziakova> | ||||||||
| Severity: | high | Docs Contact: | Russell Dickenson <rdickens> | ||||||||
| Priority: | unspecified | ||||||||||
| Version: | 6.1.1 | CC: | bsutter, lgao, myarboro, pskopek, sgilda, smumford, ttarrant | ||||||||
| Target Milestone: | ER7 | ||||||||||
| Target Release: | EAP 6.2.0 | ||||||||||
| Hardware: | Unspecified | ||||||||||
| OS: | Unspecified | ||||||||||
| Whiteboard: | |||||||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||||||
| Doc Text: | Story Points: | --- | |||||||||
| Clone Of: | Environment: | ||||||||||
| Last Closed: | 2013-12-15 16:22:37 UTC | Type: | Bug | ||||||||
| Regression: | --- | Mount Type: | --- | ||||||||
| Documentation: | --- | CRM: | |||||||||
| Verified Versions: | Category: | --- | |||||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||||
| Embargoed: | |||||||||||
| Attachments: |
|
||||||||||
|
Description
Nikoleta Hlavickova
2013-08-22 09:09:06 UTC
This should be included in EAP 6.1.1 Release Notes as a Known Issue Nikoleta: can you attach your test pom.xml file and the output of your dependency tree? We need to determine what is requesting the missing artifacts. You are using this differently that a customer because you are attempting to load everything. The missing artifact may be so obscure it will never be used. I spoke with Paul Gier and we don't believe we need to release note this. It's probably been like this since 6.1 and no one has hit the issue. Marking for exclusion from Release Notes as per comment 2. Created attachment 792051 [details]
Test pom file
Created attachment 792053 [details]
Output for test pom file
Output of command:
mvn -X -U -e -s settings-with-central.xml -f jboss-javaee-6.0-with-security-1.0.4.Final-redhat-9.pom-test-pom dependency:tree
Error message:
[ERROR] Failed to execute goal on project repo-test: Could not resolve dependencies for project org.jboss.test:repo-test:jar:1.0.0: Could not find artifact org.jboss.web:jbossweb:jar:7.0.16.Final
Dependency tree:
[DEBUG] org.jboss.test:repo-test:jar:1.0.0
[DEBUG] org.jboss.security:jboss-negotiation-common:jar:2.2.5.Final-redhat-2:compile
[DEBUG] org.jboss.logging:jboss-logging:jar:3.1.2.GA:compile
[DEBUG] org.jboss.spec.javax.servlet:jboss-servlet-api_3.0_spec:jar:1.0.2.Final-redhat-1:compile (version managed from 1.0.1.Final)
[DEBUG] org.jboss.web:jbossweb:jar:7.0.16.Final:compile
[DEBUG] org.picketbox:picketbox:jar:4.0.15.Final:compile
[DEBUG] org.picketbox:picketbox-commons:jar:1.0.0.final:compile
[DEBUG] org.jboss.security:jboss-negotiation-extras:jar:2.2.5.Final-redhat-2:compile
[DEBUG] org.jboss.security:jboss-negotiation-ntlm:jar:2.2.5.Final-redhat-2:provided
[DEBUG] org.jboss.security:jboss-negotiation-spnego:jar:2.2.5.Final-redhat-2:provided
Created attachment 792055 [details]
Modified test pom file
Test pom file with problematic dependencies commented out.
The reason for the dependency on the *org.jboss.web:jbossweb:jar:7.0.16.Final* is the artifact: org.jboss.security:jboss-negotiation-project:2.2.5.Final-redhat-2, which has the version definition: *<version.org.jboss.web>7.0.16.Final</version.org.jboss.web>* And the EAP BOM groupId has been changed to: *org.jboss.bom.eap* in EAP 6.2.0 There are 2 approaches to solve this problem: * Rebuild jboss-security-negotiation to change the version definition * Uses the following command to build: mvn -s settings-with-central.xml -f jboss-javaee-6.0-with-security-1.0.4.Final-redhat-9.pom-test-pom -DdependencyManagement=org.jboss.bom:eap6-supported-artifacts:6.2.0.GA dependency:tree where the *-DdependencyManagement=org.jboss.bom:eap6-supported-artifacts:6.2.0.GA* specifies the version definitions, but it requires the maven-dependency-extension installed(see: https://github.com/jboss/maven-dependency-management-extension). See: https://bugzilla.redhat.com/show_bug.cgi?id=1011918#c12 I think it should be OK for the artifact: org.jboss.security:jboss-negotiation-project:2.2.5.Final-redhat-2 depends on the upstream version of org.jboss:jbossweb:7.0.16.Final, customer can build it against jboss public maven repository(http://repository.jboss.org/nexus/content/groups/public/) So as long as the documentation is updated, this would not be a problem. We need some more information from the jboss security developer(s) to correctly resolve this. The right solution seems to be one of the following: (A) If jbossweb is not required for development using the BOM, it should be marked "optional" in the jboss-negotiation pom(s) which would prevent it from being included transitively. (B) If jbossweb is required for development when using the BOM, it should be added to the BOM and version managed. I checked the code of jboss security negotiation, the jbossweb is required(org.jboss.security.negotiation.NegotiationAuthenticator extends org.apache.catalina.authenticator.FormAuthenticator). so I will adopt plan B to add jbossweb to the -with-security bom. Created a new PR with the scope set to "provided" for these two dependencies. https://github.com/jboss-developer/jboss-eap-boms/pull/47 Verified for EAP 6.2.0 ER7.1 |