Spring Security
  1. Spring Security
  2. SEC-1488

all modules depend directly on commons logging

    Details

    • Type: Improvement Improvement
    • Status: Closed
    • Priority: Minor Minor
    • Resolution: Fixed
    • Affects Version/s: 3.0.2
    • Fix Version/s: 3.0.3, 3.1.0.M1
    • Component/s: Build and Admin
    • Labels:
      None

      Description

      Please remove commons logging dependency from all modules except of core. All modules will still be commons logging dependent and exclusion of commons logging in projects using slf4j will be simpler.

      Spring framework uses same system.

        Activity

        Hide
        Luke Taylor added a comment -

        I assume you're talking about the maven poms. The commons-logging dependency is marked as "optional" in the parent pom, so it shouldn't be included as a transitive dependency in other projects. Could you clarify exactly what the problem is please?

        Show
        Luke Taylor added a comment - I assume you're talking about the maven poms. The commons-logging dependency is marked as "optional" in the parent pom, so it shouldn't be included as a transitive dependency in other projects. Could you clarify exactly what the problem is please?
        Hide
        Tomas Vojtech added a comment -

        yes I am talking about maven poms

        if I try mvn dependency:tree without exclusion in my projects pom I get
        [INFO] +- org.springframework.security:org.springframework.security.config:jar:3.0.2.RELEASE:compile
        [INFO] | - org.apache.commons:com.springsource.org.apache.commons.logging:jar:1.1.1:compile

        mvn package packs the logging artifact in final war file

        problem is that each module has defined dependency in its own pom with scope compile

        Show
        Tomas Vojtech added a comment - yes I am talking about maven poms if I try mvn dependency:tree without exclusion in my projects pom I get [INFO] +- org.springframework.security:org.springframework.security.config:jar:3.0.2.RELEASE:compile [INFO] | - org.apache.commons:com.springsource.org.apache.commons.logging:jar:1.1.1:compile mvn package packs the logging artifact in final war file problem is that each module has defined dependency in its own pom with scope compile
        Hide
        Luke Taylor added a comment -

        It looks like Maven is ignoring the "optional" element in the parent pom, which is annoying. I've removed the references to commons-logging entirely, since the dependency is pulled in transitively via the spring-core dependency anyway, and we always require that. We will probably ditch the use of maven for the 3.1 release onwards, so the maven pom issue will be revisited again when that happens.

        Show
        Luke Taylor added a comment - It looks like Maven is ignoring the "optional" element in the parent pom, which is annoying. I've removed the references to commons-logging entirely, since the dependency is pulled in transitively via the spring-core dependency anyway, and we always require that. We will probably ditch the use of maven for the 3.1 release onwards, so the maven pom issue will be revisited again when that happens.

          People

          • Assignee:
            Luke Taylor
            Reporter:
            Tomas Vojtech
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: