1022679 – Missing dependencies on Picketlink-core 2.1.6.3.Final-redhat-2

Bug 1022679 - Missing dependencies on Picketlink-core 2.1.6.3.Final-redhat-2

Summary: Missing dependencies on Picketlink-core 2.1.6.3.Final-redhat-2

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	JBoss Enterprise Application Platform 6
Classification:	JBoss
Component:	Security
Sub Component:
Version:	6.2.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	urgent
Target Milestone:	ER7
Target Release:	EAP 6.2.0
Assignee:	Peter Skopek
QA Contact:	Josef Cacek
Docs Contact:	Russell Dickenson
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2013-10-23 19:07 UTC by Rafael Benevides
Modified:	2013-12-15 16:48 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2013-12-15 16:48:48 UTC
Type:	Bug
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Issue Tracker	SECURITY-760	0	Major	Resolved	Make the JBoss Negotiation dependency on JBoss Web - Provided	2014-01-28 22:16:46 UTC

Description Rafael Benevides 2013-10-23 19:07:36 UTC

Description of problem:
EAP 6.2.0.Beta -with-security BOM uses PL 2.1.6.3.Final-redhat-2.

picketlink-core has org.jboss.security:jbossxacml:2.0.8.Final declared on compile scope: http://maven.repository.redhat.com/techpreview/eap6/6.2.0.Beta/maven-repository/org/picketlink/picketlink-core/2.1.6.3.Final-redhat-2/picketlink-core-2.1.6.3.Final-redhat-2.pom

It also declares org.jboss.security:jboss-negotiation-common:2.2.5.Final-redhat-2 which has org.jboss.web:jbossweb:7.0.16.Final http://maven.repository.redhat.com/techpreview/eap6/6.2.0.Beta/maven-repository/org/jboss/security/jboss-negotiation-common/2.2.5.Final-redhat-2/jboss-negotiation-common-2.2.5.Final-redhat-2.pom

These GAVs are not present on MavenCentral and it's only present on JBoss Nexus Server

Version-Release number of selected component (if applicable): PL 2.1.6.3.Final-redhat-2



Steps to Reproduce:
1. Checkout and compile: https://github.com/jboss-developer/jboss-eap-quickstarts/tree/master/picketlink-sts


Actual results: Could not resolve dependencies for project org.jboss.quickstarts.eap:jboss-picketlink-sts:war:6.2.0-redhat-SNAPSHOT: Failed to collect dependencies for [org.picketlink:picketlink-core:jar:2.1.6.3.Final-redhat-2 (provided)]: Failed to read artifact descriptor for org.jboss.security:jbossxacml:jar:2.0.8.Final


Expected results: BUILD SUCCESS


Additional info:

Comment 1 Anil Saldhana 2013-10-23 19:10:33 UTC

Peter - I am wondering if we can make the scope of xacml dependency to provided or excluded in the quickstart build.

Comment 2 JBoss JIRA Server 2013-10-24 10:39:06 UTC

Darran Lofthouse <darran.lofthouse> updated the status of jira SECURITY-760 to Resolved

Comment 3 sgilda 2013-10-29 11:56:19 UTC

What is the current status of this bug? I'm still getting Jenkins build errors.

Comment 4 Peter Skopek 2013-10-29 13:22:02 UTC

jbossxacml excluded from quickstart build.
PR: https://github.com/jboss-developer/jboss-eap-quickstarts/pull/704

Comment 5 Rafael Benevides 2013-10-29 14:45:23 UTC

PR merged

Comment 6 FIlip Bogyai 2013-11-01 12:50:21 UTC

Verified in 6.2.0.ER7-quickstarts

Note You need to log in before you can comment on or make changes to this bug.