Bug 999846 - Unavailable artifacts referenced in the jboss-javaee-6.0-with-security-1.0.4.Final-redhat-9.pom BOM
Unavailable artifacts referenced in the jboss-javaee-6.0-with-security-1.0.4....
Product: JBoss Enterprise Application Platform 6
Classification: JBoss
Component: Maven Repository (Show other bugs)
Unspecified Unspecified
unspecified Severity high
: ER7
: EAP 6.2.0
Assigned To: Lin Gao
Nikoleta Ziakova
Russell Dickenson
Depends On:
  Show dependency treegraph
Reported: 2013-08-22 05:09 EDT by Nikoleta Ziakova
Modified: 2014-01-23 14:31 EST (History)
7 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2013-12-15 11:22:37 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Test pom file (1.27 KB, application/xml)
2013-08-30 03:10 EDT, Nikoleta Ziakova
no flags Details
Output for test pom file (46.76 KB, text/plain)
2013-08-30 03:16 EDT, Nikoleta Ziakova
no flags Details
Modified test pom file (1.34 KB, application/xml)
2013-08-30 03:17 EDT, Nikoleta Ziakova
no flags Details

  None (edit)
Description Nikoleta Ziakova 2013-08-22 05:09:06 EDT
Description of problem:
This is problem for customers and layered products, they are not able to get all supported jars from maven repo zip.
BOM jboss-javaee-6.0-with-security is listed in EAP 6.1.1 Maven BOM Usage document - https://docspace.corp.redhat.com/docs/DOC-153970
I used this BOM from customer perspective and imported all supported/defined dependencies into my testing pom file. I executed dependency:tree goal for maven to get supported jars. The result is failure, I can't get expected files. I was using maven repo zip and central.
Problematic artifacts:

Version-Release number of selected component:
EAP 6.1.1. ER7
Comment 1 Nikoleta Ziakova 2013-08-29 09:51:01 EDT
This should be included in EAP 6.1.1 Release Notes as a Known Issue
Comment 2 sgilda 2013-08-29 15:21:01 EDT
Nikoleta: can you attach your test pom.xml file and the output of your dependency tree? We need to determine what is requesting the missing artifacts.

You are using this differently that a customer because you are attempting to load everything. The missing artifact may be so obscure it will never be used.

I spoke with Paul Gier and we don't believe we need to release note this. It's probably been like this since 6.1 and no one has hit the issue.
Comment 3 Scott Mumford 2013-08-29 19:19:31 EDT
Marking for exclusion from Release Notes as per comment 2.
Comment 4 Nikoleta Ziakova 2013-08-30 03:10:07 EDT
Created attachment 792051 [details]
Test pom file
Comment 5 Nikoleta Ziakova 2013-08-30 03:16:36 EDT
Created attachment 792053 [details]
Output for test pom file

Output of command:
mvn -X -U -e -s settings-with-central.xml -f jboss-javaee-6.0-with-security-1.0.4.Final-redhat-9.pom-test-pom dependency:tree

Error message:
[ERROR] Failed to execute goal on project repo-test: Could not resolve dependencies for project org.jboss.test:repo-test:jar:1.0.0: Could not find artifact org.jboss.web:jbossweb:jar:7.0.16.Final

Dependency tree:
[DEBUG] org.jboss.test:repo-test:jar:1.0.0
[DEBUG]    org.jboss.security:jboss-negotiation-common:jar:2.2.5.Final-redhat-2:compile
[DEBUG]       org.jboss.logging:jboss-logging:jar:3.1.2.GA:compile
[DEBUG]       org.jboss.spec.javax.servlet:jboss-servlet-api_3.0_spec:jar:1.0.2.Final-redhat-1:compile (version managed from 1.0.1.Final)
[DEBUG]       org.jboss.web:jbossweb:jar:7.0.16.Final:compile
[DEBUG]       org.picketbox:picketbox:jar:4.0.15.Final:compile
[DEBUG]       org.picketbox:picketbox-commons:jar:1.0.0.final:compile
[DEBUG]    org.jboss.security:jboss-negotiation-extras:jar:2.2.5.Final-redhat-2:compile
[DEBUG]    org.jboss.security:jboss-negotiation-ntlm:jar:2.2.5.Final-redhat-2:provided
[DEBUG]    org.jboss.security:jboss-negotiation-spnego:jar:2.2.5.Final-redhat-2:provided
Comment 6 Nikoleta Ziakova 2013-08-30 03:17:25 EDT
Created attachment 792055 [details]
Modified test pom file

Test pom file with problematic dependencies commented out.
Comment 7 Lin Gao 2013-10-22 04:38:52 EDT
The reason for the dependency on the *org.jboss.web:jbossweb:jar:7.0.16.Final* is the artifact:  org.jboss.security:jboss-negotiation-project:2.2.5.Final-redhat-2, which has the version definition: *<version.org.jboss.web>7.0.16.Final</version.org.jboss.web>*

And the EAP BOM groupId has been changed to: *org.jboss.bom.eap* in EAP 6.2.0

There are 2 approaches to solve this problem:

   * Rebuild jboss-security-negotiation to change the version definition
   * Uses the following command to build:

   mvn -s settings-with-central.xml -f jboss-javaee-6.0-with-security-1.0.4.Final-redhat-9.pom-test-pom -DdependencyManagement=org.jboss.bom:eap6-supported-artifacts:6.2.0.GA dependency:tree

   where the *-DdependencyManagement=org.jboss.bom:eap6-supported-artifacts:6.2.0.GA* specifies the version definitions, but it requires the maven-dependency-extension installed(see: https://github.com/jboss/maven-dependency-management-extension).
Comment 8 Lin Gao 2013-10-22 05:39:38 EDT
See: https://bugzilla.redhat.com/show_bug.cgi?id=1011918#c12

I think it should be OK for the artifact: org.jboss.security:jboss-negotiation-project:2.2.5.Final-redhat-2 depends on the upstream version of org.jboss:jbossweb:7.0.16.Final, customer can build it against jboss public maven repository(http://repository.jboss.org/nexus/content/groups/public/)

So as long as the documentation is updated, this would not be a problem.
Comment 9 Paul Gier 2013-10-22 10:58:29 EDT
We need some more information from the jboss security developer(s) to correctly resolve this.  The right solution seems to be one of the following:

(A) If jbossweb is not required for development using the BOM, it should be marked "optional" in the jboss-negotiation pom(s) which would prevent it from being included transitively.

(B) If jbossweb is required for development when using the BOM, it should be added to the BOM and version managed.
Comment 10 Lin Gao 2013-10-22 21:43:06 EDT
I checked the code of jboss security negotiation, the jbossweb is required(org.jboss.security.negotiation.NegotiationAuthenticator extends org.apache.catalina.authenticator.FormAuthenticator). so I will adopt plan B to add jbossweb to the -with-security bom.
Comment 11 Lin Gao 2013-10-22 22:16:39 EDT
Pull Request: https://github.com/jboss-developer/jboss-eap-boms/pull/46
Comment 12 Paul Gier 2013-10-31 15:47:24 EDT
Created a new PR with the scope set to "provided" for these two dependencies.
Comment 13 Nikoleta Ziakova 2013-11-01 05:18:15 EDT
Verified for EAP 6.2.0 ER7.1

Note You need to log in before you can comment on or make changes to this bug.