Spring Security OpenID Plugin

pulls in renamed com.springsource.* jars which cause conflicts with the original jars

Details

  • Type: Bug Bug
  • Status: Closed Closed
  • Priority: Major Major
  • Resolution: Fixed
  • Affects Version/s: Grails-Spring-Security-OpenID 1.0
  • Fix Version/s: Grails-Spring-Security-OpenID 1.0.3
  • Labels:
    None
  • Environment:
    OpenJDK 6, Debian Linux, Grails 1.3.4

Description

The spring-security-openid gets dependencies from the ebr() repository, which pulls in renamed copies of commons-httpclient, commons-codec and a few more. This is disastrous when an app depends on newer versions of those, with the original names. Both the original and the renamed jars will be included in the war file, causing disasters at runtime with war deployment when the older versions happen to get in the way.

I got around it by replacing the transitive dependencies of the plugin with the following:

runtime(group: 'org.springframework.security', name: 'org.springframework.security.openid', version: '3.0.3.RELEASE') {
    transitive = false
}
runtime(group: 'org.openid4java', name: 'openid4java-consumer', version: '0.9.5') {
    excludes 'xercesImpl'
}

Activity

Ascending order - Click to sort in descending order
Marcus Better made changes -
Field Original Value New Value
Description The spring-security-openid gets dependencies from the ebr() repository, which pulls in renamed copies of commons-httpclient, commons-codec and a few more. This is disastrous when an app depends on newer versions of those, with the original names. Both the original and the renamed jars will be included in the war file, causing disasters at runtime with war deployment when the older versions happen to get in the way.

I got around it by replacing the transitive dependencies of the plugin with the following:
{code}
    runtime(group: 'org.springframework.security', name: 'org.springframework.security.openid', version: '3.0.3.RELEASE') {
        transitive = false
    }
    runtime(group: 'org.openid4java', name: 'openid4java-consumer', version: '0.9.5') {
        excludes 'xercesImpl'
    }
{code}
 The spring-security-openid gets dependencies from the ebr() repository, which pulls in renamed copies of commons-httpclient, commons-codec and a few more. This is disastrous when an app depends on newer versions of those, with the original names. Both the original and the renamed jars will be included in the war file, causing disasters at runtime with war deployment when the older versions happen to get in the way.

I got around it by replacing the transitive dependencies of the plugin with the following:
{code}
runtime(group: 'org.springframework.security', name: 'org.springframework.security.openid', version: '3.0.3.RELEASE') {
    transitive = false
}
runtime(group: 'org.openid4java', name: 'openid4java-consumer', version: '0.9.5') {
    excludes 'xercesImpl'
}
{code}
Contegix Support made changes -
Project Import Thu Mar 24 21:55:00 CDT 2011 [ 1301021700396 ]
Yue Cui made changes -
Key GRAILSPLUGINS-2503 GPSPRINGSECURITYOPENID-6
Project Grails Plugins [ 10021 ]  Spring Security OpenID Plugin [ 10232 ]
Component/s Grails-Spring-Security-OpenID [ 10608 ]
Affects Version/s Grails-Spring-Security-OpenID 1.0 [ 11465 ]
Affects Version/s Grails-Spring-Security-OpenID 1.0 [ 11917 ]
Burt Beckwith made changes -
Status Open [ 1 ] Closed [ 6 ]
Fix Version/s Grails-Spring-Security-OpenID 1.0.3 [ 13214 ]
Resolution Fixed [ 1 ]

People

  • Assignee:
    Burt Beckwith
    Reporter:
    Marcus Better
Vote (0)
Watch (1)

Dates

  • Created:
    Updated:
    Resolved: