pulls in renamed com.springsource.* jars which cause conflicts with the original jars

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: Grails-Spring-Security-OpenID 1.0
Fix Version/s: Grails-Spring-Security-OpenID 1.0.3
Labels:
None
Environment:
OpenJDK 6, Debian Linux, Grails 1.3.4

Description

The spring-security-openid gets dependencies from the ebr() repository, which pulls in renamed copies of commons-httpclient, commons-codec and a few more. This is disastrous when an app depends on newer versions of those, with the original names. Both the original and the renamed jars will be included in the war file, causing disasters at runtime with war deployment when the older versions happen to get in the way.

I got around it by replacing the transitive dependencies of the plugin with the following:

runtime(group: 'org.springframework.security', name: 'org.springframework.security.openid', version: '3.0.3.RELEASE') {
    transitive = false
}
runtime(group: 'org.openid4java', name: 'openid4java-consumer', version: '0.9.5') {
    excludes 'xercesImpl'
}

Activity

Hide

Permalink

Burt Beckwith added a comment - 20/Jul/12 12:10 PM

Changed to use Maven Central

Show

Burt Beckwith added a comment - 20/Jul/12 12:10 PM Changed to use Maven Central

People

Assignee:

Burt Beckwith

Reporter:

Marcus Better

Vote (0)

Watch (1)

Dates

Created:

20/Sep/10 8:18 AM

Updated:

20/Jul/12 12:10 PM

Resolved:

20/Jul/12 12:10 PM

Agile

View on Board