Avoid child dependencies override parent dependencies using Maven 3

Question

I'm using multiple spring based maven repositories in a web project, and I'm having problems with the dependencies used by child POM.

I have a parent POM like this:

<dependencyManagement>
    <dependencies>

        <!-- SPRING -->            
        <dependency>
            <groupId>org.springframework</groupId>
            <artifactId>spring-framework-bom</artifactId>
            <version>4.3.0.RELEASE</version>
            <type>pom</type>
            <scope>import</scope>
        </dependency>

        <!-- SPRING SECURITY -->

        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-bom</artifactId>
            <version>4.1.0.RELEASE</version>
            <type>pom</type>
            <scope>import</scope>
        </dependency>

        <!-- SPRING BOOT -->
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-dependencies</artifactId>
            <version>1.3.5.RELEASE</version>
            <type>pom</type>
            <scope>import</scope>
        </dependency>

        <!-- SPRING WS -->

        <dependency>
            <groupId>org.springframework.ws</groupId>
            <artifactId>spring-ws-core</artifactId>
            <version>2.2.3.RELEASE</version>
        </dependency>

        <dependency>
            <groupId>org.springframework.ws</groupId>
            <artifactId>spring-ws-security</artifactId>
            <version>2.2.3.RELEASE</version>
        </dependency>
        <!-- OTHER DEPENDENCIES OMITTED -->
    </dependencies>
</dependencyManagement>

And a child POM like this:

<dependencies>
    <dependency>
        <groupId>org.springframework.ws</groupId>
        <artifactId>spring-ws-security</artifactId>
        <exclusions>
            <exclusion>
                <groupId>org.springframework</groupId>
                <artifactId>spring-core</artifactId>
            </exclusion>
        </exclusions>
    </dependency>

    <dependency>
        <groupId>org.springframework</groupId>
        <artifactId>spring-core</artifactId>
    </dependency>
    <!-- OTHER DEPENDENCIES OMITTED -->
</dependencies>

As far as my understanding of maven exclusion goes, this should avoid the overriding of the parent POM version, but due to the fact that spring-ws-security depends on a lower version of spring-core (4.0.9) whose method have been changed I can't deploy the app on a tomcat local server because of a NoSuchMethodError Exception, which can be also triggered when the app is actually deployed but the dependences to the old spring-core version remains.

How can I avoid this overriding of dependencies? Or is there some way of using both dependencies (which as far as I've searched is not secure)?

Links visited already:

Similar problem, but from child to parent,

Exclusions example

Just a few mentions, I've visited others as well but forgot the links.

Edit: spring-ws dependencies use spring 4.0.9 which is overriding the 4.3.0 version (the one I need to use) I've defined in the parent POM.

+- org.springframework.ws:spring-ws-core:jar:2.2.3.RELEASE:compile
[INFO] |  |  |  +- org.springframework:spring-oxm:jar:4.3.0.RELEASE:compile (version managed from 4.0.9.RELEASE)
[INFO] |  |  |  +- org.springframework:spring-web:jar:4.3.0.RELEASE:compile (version managed from 4.0.9.RELEASE)
[INFO] |  |  |  \- org.springframework:spring-webmvc:jar:4.3.0.RELEASE:compile (version managed from 4.0.9.RELEASE)

Answer 1

You can simply do explicit override in your child pom by mentioning the version 4.0.9, like below.

 <dependency>
        <groupId>org.springframework</groupId>
        <artifactId>spring-core</artifactId>
        <version>4.0.9</version>
 </dependency>

As quoted below, this version will affect the child-of-child pom, if any.

Forcing a version

A version will always be honoured if it is declared in the current POM with a particular version - however, it should be noted that this will also affect other poms downstream if it is itself depended on using transitive dependencies.