0

I have the spring-ws-security dependency in a Spring Boot 2.1.7 project:

<dependency>
    <groupId>org.springframework.ws</groupId>
    <artifactId>spring-ws-security</artifactId>
</dependency>

Internally, the spring-ws-security pom has this dependency:

<dependency>
    <groupId>org.apache.wss4j</groupId>
    <artifactId>wss4j-ws-security-dom</artifactId>
    <version>${wss4j.version}</version>
    <exclusions>
        ...
    </exclusions>
</dependency>

The parent of spring-ws-security is spring-ws, whose pom has a property:

<wss4j.version>2.2.0</wss4j.version>

I am trying to override this property in my pom file:

<properties>
    <wss4j.version>2.2.4</wss4j.version>
    ...
</properties>

But it keeps taking the original 2.2.0 version:

$ mvn dependency:tree | grep wss4j
[INFO] |  +- org.apache.wss4j:wss4j-ws-security-dom:jar:2.2.0:compile
[INFO] |  |  \- org.apache.wss4j:wss4j-ws-security-common:jar:2.2.0:compile

It takes the 2.2.4 version only if I explicitly supply the dependencies:

<dependency>
    <groupId>org.apache.wss4j</groupId>
    <artifactId>wss4j-ws-security-dom</artifactId>
    <version>2.2.4</version>
</dependency>
<dependency>
    <groupId>org.apache.wss4j</groupId>
    <artifactId>wss4j</artifactId>
    <version>2.2.4</version>
    <type>pom</type>
</dependency>

Isn't overriding the property enough? Am I doing something wrong?

Kartik
  • 7,677
  • 4
  • 28
  • 50
  • Please follow this link: It already has answers which might help to resolve this issue. https://stackoverflow.com/questions/3937195/maven-how-to-override-the-dependency-added-by-a-library or you should explicitly exclude the dependency from the jar which is providing it and then add your required dependency manually. – Brooklyn99 Sep 03 '19 at 03:34

2 Answers2

1

Here there are two points to consider:

  1. One if you want to override the version in the properties in pom.xml, then your pom should have a parent-child relationship

  2. second is if you want to use a particular version then we need to declare the required version in your pom.xml explicitly and may exclude the dependency from the third party jar and do a mvn clean install

Here is more information on dependency management and properties in maven

Brooklyn99
  • 987
  • 13
  • 24
  • Thank you. Your point 1: "_if you want to override the version in the properties in pom.xml, then your pom should have a parent-child relationship_" is the answer. – Kartik Sep 03 '19 at 05:24
  • Supporting documentation can be found [here](https://docs.spring.io/spring-boot/docs/current/reference/htmlsingle/#howto-customize-dependency-versions). – Kartik Sep 03 '19 at 05:26
0

As I know, if you leave it blank without define any version. it will get the newest version of its library. So, you are right if you want to override the newest version to old version or certain version, by put the specific version. Have you trying to "mvn clean install" for that project?

madqori
  • 37
  • 8
  • `mvn clean install` didn't help. BTW your first statement looks incorrect. – Kartik Sep 03 '19 at 03:51
  • I was tried to put this dependency. org.apache.wss4j wss4j-ws-security-dom 2.2.4 and its work +- org.apache.wss4j:wss4j-ws-security-dom:jar:2.2.4:compile [INFO] | +- org.apache.wss4j:wss4j-ws-security-common:jar:2.2.4:compile nothing wrong, with your code. maybe delete all current download dependency in m2 will solve the problem. and download it again. – madqori Sep 03 '19 at 04:07
  • Perhaps you missed something in the question. Adding the dependency like this works fine for me too. But it should work by just defining the property `2.2.4` instead of adding the dependency. – Kartik Sep 03 '19 at 04:31
  • Will that work?. doesn't the properties can only be overridden if pom has a parent-child relationship.Because the jar you are trying to modify is from a different dependency which is not a parent pom of your pom.xml. – Brooklyn99 Sep 03 '19 at 04:46
  • @Santos Oh, maybe that's the answer! If you can update your answer with this and some supporting URL, I'll accept it. Thanks. – Kartik Sep 03 '19 at 04:54