Bug 1022679 - Missing dependencies on Picketlink-core
Missing dependencies on Picketlink-core
Product: JBoss Enterprise Application Platform 6
Classification: JBoss
Component: Security (Show other bugs)
Unspecified Unspecified
unspecified Severity urgent
: ER7
: EAP 6.2.0
Assigned To: Peter Skopek
Josef Cacek
Russell Dickenson
Depends On:
  Show dependency treegraph
Reported: 2013-10-23 15:07 EDT by Rafael Benevides
Modified: 2013-12-15 11:48 EST (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2013-12-15 11:48:48 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

External Trackers
Tracker ID Priority Status Summary Last Updated
JBoss Issue Tracker SECURITY-760 Major Resolved Make the JBoss Negotiation dependency on JBoss Web - Provided 2014-01-28 17:16:46 EST

  None (edit)
Description Rafael Benevides 2013-10-23 15:07:36 EDT
Description of problem:
EAP 6.2.0.Beta -with-security BOM uses PL

picketlink-core has org.jboss.security:jbossxacml:2.0.8.Final declared on compile scope: http://maven.repository.redhat.com/techpreview/eap6/6.2.0.Beta/maven-repository/org/picketlink/picketlink-core/

It also declares org.jboss.security:jboss-negotiation-common:2.2.5.Final-redhat-2 which has org.jboss.web:jbossweb:7.0.16.Final http://maven.repository.redhat.com/techpreview/eap6/6.2.0.Beta/maven-repository/org/jboss/security/jboss-negotiation-common/2.2.5.Final-redhat-2/jboss-negotiation-common-2.2.5.Final-redhat-2.pom

These GAVs are not present on MavenCentral and it's only present on JBoss Nexus Server

Version-Release number of selected component (if applicable): PL

Steps to Reproduce:
1. Checkout and compile: https://github.com/jboss-developer/jboss-eap-quickstarts/tree/master/picketlink-sts

Actual results: Could not resolve dependencies for project org.jboss.quickstarts.eap:jboss-picketlink-sts:war:6.2.0-redhat-SNAPSHOT: Failed to collect dependencies for [org.picketlink:picketlink-core:jar: (provided)]: Failed to read artifact descriptor for org.jboss.security:jbossxacml:jar:2.0.8.Final

Expected results: BUILD SUCCESS

Additional info:
Comment 1 Anil Saldhana 2013-10-23 15:10:33 EDT
Peter - I am wondering if we can make the scope of xacml dependency to provided or excluded in the quickstart build.
Comment 2 JBoss JIRA Server 2013-10-24 06:39:06 EDT
Darran Lofthouse <darran.lofthouse@jboss.com> updated the status of jira SECURITY-760 to Resolved
Comment 3 sgilda 2013-10-29 07:56:19 EDT
What is the current status of this bug? I'm still getting Jenkins build errors.
Comment 4 Peter Skopek 2013-10-29 09:22:02 EDT
jbossxacml excluded from quickstart build.
PR: https://github.com/jboss-developer/jboss-eap-quickstarts/pull/704
Comment 5 Rafael Benevides 2013-10-29 10:45:23 EDT
PR merged
Comment 6 FIlip Bogyai 2013-11-01 08:50:21 EDT
Verified in 6.2.0.ER7-quickstarts

Note You need to log in before you can comment on or make changes to this bug.