This service will be undergoing maintenance at 00:00 UTC, 2017-10-23 It is expected to last about 30 minutes
Bug 986998 - opensampl in EAP 611 ER3 has dependency on org.apache.commons.ssl:not-yet-commons-ssl which is not present
opensampl in EAP 611 ER3 has dependency on org.apache.commons.ssl:not-yet-com...
Product: JBoss Enterprise Application Platform 6
Classification: JBoss
Component: Maven Repository (Show other bugs)
Unspecified Unspecified
unspecified Severity unspecified
: ER5
: EAP 6.1.1
Assigned To: Paul Gier
Depends On:
  Show dependency treegraph
Reported: 2013-07-22 10:55 EDT by Rostislav Svoboda
Modified: 2013-09-16 16:29 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2013-09-16 16:29:23 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Rostislav Svoboda 2013-07-22 10:55:46 EDT
org.apache.commons.ssl:not-yet-commons-ssl is dependency of org.opensaml:xmltooling:1.3.2-redhat-2, this issue is fixed in org.opensaml:xmltooling:1.3.2-redhat-4 which is present in maven repo too.

Please fix org.opensaml:opensaml dependencies to use org.opensaml:xmltooling:1.3.2-redhat-4 to avoid org.apache.commons.ssl:not-yet-commons-ssl

[INFO] |  +- org.apache.cxf:cxf-rt-ws-security:jar:2.6.8-redhat-1:compile (version managed from 2.6.8)
[INFO] |  |  +- net.sf.ehcache:ehcache-core:jar:2.5.1:compile
[INFO] |  |  \- (version managed from 1.6.10)
[INFO] |  |     \- org.opensaml:opensaml:jar:2.5.1-redhat-1:compile (version managed from 2.5.1-1)
[INFO] |  |        \- org.opensaml:openws:jar:1.4.2-redhat-2:compile
[INFO] |  |           \- org.opensaml:xmltooling:jar:1.3.2-redhat-2:compile
Comment 1 Rostislav Svoboda 2013-07-22 10:56:36 EDT
The same problem was in jbossws-cxf-client which was fixed in EAP 6.1.0 ER6 - see BZ 953819
Comment 2 Rostislav Svoboda 2013-07-22 10:57:39 EDT
FYI - blocker proposal because we are in 'blockers only' mode
Comment 3 Paul Gier 2013-07-30 00:10:03 EDT
Added exclusion for org.apache.commons.ssl:not-yet-commons-ssl
This should be fixed in the new build of jbossws-cxf.
Comment 4 Nikoleta Ziakova 2013-08-06 07:52:55 EDT
When trying to receive dependency tree of opensaml-2.5.1-redhat-1.pom in EAP 6.1.1 ER4 I get error message:

Caused by: org.sonatype.aether.resolution.DependencyResolutionException: Failure to find org.opensaml:xmltooling:jar:1.3.2-redhat-3 in was cached in the local repository, resolution will not be reattempted until the update interval of central has elapsed or updates are forced
	at org.sonatype.aether.impl.internal.DefaultRepositorySystem.resolveDependencies(
	at org.apache.maven.project.DefaultProjectDependenciesResolver.resolve(
	... 23 more

There is no org.opensaml:xmltooling:jar:1.3.2-redhat-3 in 6.1.1 ER4 maven repo. It should be org.opensaml:xmltooling:jar:1.3.2-redhat-4. The correct version is defined in jboss-component-version-master-6.1.1.Final-redhat-26.pom but jboss-component-version-master-6.1.0-redhat-1.pom is used (it is parent of jboss-parent-10-redhat-1.pom):

Comment 5 Paul Gier 2013-08-12 09:52:36 EDT
I'll rebuild opensaml for ER5 to fix this.  However, after the rebuild, the opensaml poms will depend on community versions.  This will allow you to resolve the dependency tree, but the transitive dependencies versions should not be relied on for testing.
Comment 7 Nikoleta Ziakova 2013-08-15 07:22:42 EDT
Verified for EAP 6.1.1 ER5

Note You need to log in before you can comment on or make changes to this bug.