Jun 3rd, 2010, 05:19 AM
Dependency issue with "spring-security-parent-3.0.2.RELEASE.pom"
In "spring-security-parent-3.0.2.RELEASE.pom" I found:
This seems to be incorrect, so that I've to add the following to my maven dependencyManagement
to avoid having "spring-expression-3.0.1.RELEASE.jar" and "spring-expression-3.0.2.RELEASE.jar" inside my WAR file.
Am I right? Is it a bug inside the spring-security-parent-pom?
Jun 3rd, 2010, 06:21 AM
Why would it be a bug... Spring security 3.0.2 has a spring 3.0.1 dependency... i don't see what is wrong with that...
Jun 3rd, 2010, 06:28 AM
Marten, thanks for your reply.
Yes you're right, normally this wouldn't be a problem. But we've several webapps using shared 3rd-party JAR files which resides in a shared tomcat folder, i.e. the JARs are _not_ included in the WAR files. All webapps have a dependency to expression-3.0.2 except the one using spring-security (which leads into expression-3.0.1 dependency. And 2 different versions of the same JAR file seems not to be a good idea. Isn't it?
Jun 3rd, 2010, 06:37 AM
Spring Security 3.0.2 was released on 19th February, at which point the latest Spring release was 3.0.1. Spring 3.0.2 wasn't released until April.
Ultimately, it's up to you to manage your application dependencies and resolve any conflicts you might find. The Spring Security poms are just a statement of what the project dependencies are for a particular release.
Jun 3rd, 2010, 07:12 AM
Ah, ok. So it's not a bug and I've to adjust my dependencyManagement by myself like described above. Thanks for the explanation.