999846 – Unavailable artifacts referenced in the jboss-javaee-6.0-with-security-1.0.4.Final-redhat-9.pom BOM

Bug 999846 - Unavailable artifacts referenced in the jboss-javaee-6.0-with-security-1.0.4.Final-redhat-9.pom BOM

Summary: Unavailable artifacts referenced in the jboss-javaee-6.0-with-security-1.0.4....

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	JBoss Enterprise Application Platform 6
Classification:	JBoss
Component:	Maven Repository
Sub Component:
Version:	6.1.1
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	high
Target Milestone:	ER7
Target Release:	EAP 6.2.0
Assignee:	Lin Gao
QA Contact:	Nikoleta Hlavickova
Docs Contact:	Russell Dickenson
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2013-08-22 09:09 UTC by Nikoleta Hlavickova
Modified:	2014-01-23 19:31 UTC (History)
CC List:	7 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2013-12-15 16:22:37 UTC
Type:	Bug
Embargoed:

Attachments	(Terms of Use)
Test pom file (1.27 KB, application/xml) 2013-08-30 07:10 UTC, Nikoleta Hlavickova	no flags	Details
Output for test pom file (46.76 KB, text/plain) 2013-08-30 07:16 UTC, Nikoleta Hlavickova	no flags	Details
Modified test pom file (1.34 KB, application/xml) 2013-08-30 07:17 UTC, Nikoleta Hlavickova	no flags	Details
View All

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Bugzilla	999848	unspecified	CLOSED	Unavailable artifacts referenced in the jboss-javaee-6.0-with-infinispan-1.0.4.Final-redhat-9.pom BOM	2021-02-22 00:41:40 UTC
Red Hat Bugzilla	1011918	unspecified	CLOSED	Unable to get dependencies for jbossws-cxf-client -- Failure to find org.apache.ws.security:wss4j:jar:1.6.11-redhat-1	2021-02-22 00:41:40 UTC
Red Hat Bugzilla	1056639	unspecified	CLOSED	Unavailable artifacts referenced in the jboss-javaee-6.0-with-security BOM	2021-02-22 00:41:40 UTC

Internal Links: 999848 1011918 1056639

Description Nikoleta Hlavickova 2013-08-22 09:09:06 UTC

Description of problem:
This is problem for customers and layered products, they are not able to get all supported jars from maven repo zip.
BOM jboss-javaee-6.0-with-security is listed in EAP 6.1.1 Maven BOM Usage document - https://docspace.corp.redhat.com/docs/DOC-153970
 
I used this BOM from customer perspective and imported all supported/defined dependencies into my testing pom file. I executed dependency:tree goal for maven to get supported jars. The result is failure, I can't get expected files. I was using maven repo zip and central.
 
Problematic artifacts:
org.jboss.web:jbossweb:jar:7.0.16.Final

Version-Release number of selected component:
EAP 6.1.1. ER7

Comment 1 Nikoleta Hlavickova 2013-08-29 13:51:01 UTC

This should be included in EAP 6.1.1 Release Notes as a Known Issue

Comment 2 sgilda 2013-08-29 19:21:01 UTC

Nikoleta: can you attach your test pom.xml file and the output of your dependency tree? We need to determine what is requesting the missing artifacts.

You are using this differently that a customer because you are attempting to load everything. The missing artifact may be so obscure it will never be used.

I spoke with Paul Gier and we don't believe we need to release note this. It's probably been like this since 6.1 and no one has hit the issue.

Comment 3 Scott Mumford 2013-08-29 23:19:31 UTC

Marking for exclusion from Release Notes as per comment 2.

Comment 4 Nikoleta Hlavickova 2013-08-30 07:10:07 UTC

Created attachment 792051 [details]
Test pom file

Comment 5 Nikoleta Hlavickova 2013-08-30 07:16:36 UTC

Created attachment 792053 [details]
Output for test pom file

Output of command:
mvn -X -U -e -s settings-with-central.xml -f jboss-javaee-6.0-with-security-1.0.4.Final-redhat-9.pom-test-pom dependency:tree

Error message:
[ERROR] Failed to execute goal on project repo-test: Could not resolve dependencies for project org.jboss.test:repo-test:jar:1.0.0: Could not find artifact org.jboss.web:jbossweb:jar:7.0.16.Final

Dependency tree:
[DEBUG] org.jboss.test:repo-test:jar:1.0.0
[DEBUG]    org.jboss.security:jboss-negotiation-common:jar:2.2.5.Final-redhat-2:compile
[DEBUG]       org.jboss.logging:jboss-logging:jar:3.1.2.GA:compile
[DEBUG]       org.jboss.spec.javax.servlet:jboss-servlet-api_3.0_spec:jar:1.0.2.Final-redhat-1:compile (version managed from 1.0.1.Final)
[DEBUG]       org.jboss.web:jbossweb:jar:7.0.16.Final:compile
[DEBUG]       org.picketbox:picketbox:jar:4.0.15.Final:compile
[DEBUG]       org.picketbox:picketbox-commons:jar:1.0.0.final:compile
[DEBUG]    org.jboss.security:jboss-negotiation-extras:jar:2.2.5.Final-redhat-2:compile
[DEBUG]    org.jboss.security:jboss-negotiation-ntlm:jar:2.2.5.Final-redhat-2:provided
[DEBUG]    org.jboss.security:jboss-negotiation-spnego:jar:2.2.5.Final-redhat-2:provided

Comment 6 Nikoleta Hlavickova 2013-08-30 07:17:25 UTC

Created attachment 792055 [details]
Modified test pom file

Test pom file with problematic dependencies commented out.

Comment 7 Lin Gao 2013-10-22 08:38:52 UTC

The reason for the dependency on the *org.jboss.web:jbossweb:jar:7.0.16.Final* is the artifact:  org.jboss.security:jboss-negotiation-project:2.2.5.Final-redhat-2, which has the version definition: *<version.org.jboss.web>7.0.16.Final</version.org.jboss.web>*

And the EAP BOM groupId has been changed to: *org.jboss.bom.eap* in EAP 6.2.0

There are 2 approaches to solve this problem:

   * Rebuild jboss-security-negotiation to change the version definition
   * Uses the following command to build:

   mvn -s settings-with-central.xml -f jboss-javaee-6.0-with-security-1.0.4.Final-redhat-9.pom-test-pom -DdependencyManagement=org.jboss.bom:eap6-supported-artifacts:6.2.0.GA dependency:tree

   where the *-DdependencyManagement=org.jboss.bom:eap6-supported-artifacts:6.2.0.GA* specifies the version definitions, but it requires the maven-dependency-extension installed(see: https://github.com/jboss/maven-dependency-management-extension).

Comment 8 Lin Gao 2013-10-22 09:39:38 UTC

See: https://bugzilla.redhat.com/show_bug.cgi?id=1011918#c12

I think it should be OK for the artifact: org.jboss.security:jboss-negotiation-project:2.2.5.Final-redhat-2 depends on the upstream version of org.jboss:jbossweb:7.0.16.Final, customer can build it against jboss public maven repository(http://repository.jboss.org/nexus/content/groups/public/)

So as long as the documentation is updated, this would not be a problem.

Comment 9 Paul Gier 2013-10-22 14:58:29 UTC

We need some more information from the jboss security developer(s) to correctly resolve this.  The right solution seems to be one of the following:

(A) If jbossweb is not required for development using the BOM, it should be marked "optional" in the jboss-negotiation pom(s) which would prevent it from being included transitively.

(B) If jbossweb is required for development when using the BOM, it should be added to the BOM and version managed.

Comment 10 Lin Gao 2013-10-23 01:43:06 UTC

I checked the code of jboss security negotiation, the jbossweb is required(org.jboss.security.negotiation.NegotiationAuthenticator extends org.apache.catalina.authenticator.FormAuthenticator). so I will adopt plan B to add jbossweb to the -with-security bom.

Comment 11 Lin Gao 2013-10-23 02:16:39 UTC

Pull Request: https://github.com/jboss-developer/jboss-eap-boms/pull/46

Comment 12 Paul Gier 2013-10-31 19:47:24 UTC

Created a new PR with the scope set to "provided" for these two dependencies.
https://github.com/jboss-developer/jboss-eap-boms/pull/47

Comment 13 Nikoleta Hlavickova 2013-11-01 09:18:15 UTC

Verified for EAP 6.2.0 ER7.1

Note You need to log in before you can comment on or make changes to this bug.