Description of problem: EAP 6.2.0.Beta -with-security BOM uses PL 2.1.6.3.Final-redhat-2. picketlink-core has org.jboss.security:jbossxacml:2.0.8.Final declared on compile scope: http://maven.repository.redhat.com/techpreview/eap6/6.2.0.Beta/maven-repository/org/picketlink/picketlink-core/2.1.6.3.Final-redhat-2/picketlink-core-2.1.6.3.Final-redhat-2.pom It also declares org.jboss.security:jboss-negotiation-common:2.2.5.Final-redhat-2 which has org.jboss.web:jbossweb:7.0.16.Final http://maven.repository.redhat.com/techpreview/eap6/6.2.0.Beta/maven-repository/org/jboss/security/jboss-negotiation-common/2.2.5.Final-redhat-2/jboss-negotiation-common-2.2.5.Final-redhat-2.pom These GAVs are not present on MavenCentral and it's only present on JBoss Nexus Server Version-Release number of selected component (if applicable): PL 2.1.6.3.Final-redhat-2 Steps to Reproduce: 1. Checkout and compile: https://github.com/jboss-developer/jboss-eap-quickstarts/tree/master/picketlink-sts Actual results: Could not resolve dependencies for project org.jboss.quickstarts.eap:jboss-picketlink-sts:war:6.2.0-redhat-SNAPSHOT: Failed to collect dependencies for [org.picketlink:picketlink-core:jar:2.1.6.3.Final-redhat-2 (provided)]: Failed to read artifact descriptor for org.jboss.security:jbossxacml:jar:2.0.8.Final Expected results: BUILD SUCCESS Additional info:
Peter - I am wondering if we can make the scope of xacml dependency to provided or excluded in the quickstart build.
Darran Lofthouse <darran.lofthouse> updated the status of jira SECURITY-760 to Resolved
What is the current status of this bug? I'm still getting Jenkins build errors.
jbossxacml excluded from quickstart build. PR: https://github.com/jboss-developer/jboss-eap-quickstarts/pull/704
PR merged
Verified in 6.2.0.ER7-quickstarts