Reputation: 3517
spring-security-core conflicting version issue in build tree
I am trying to install spring-security-core to my project and here's how I am doing it in my pom.xml
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>5.0.7.RELEASE</version>
</dependency>
The issue is that when I build the project I see org.springframework.security.spring-security-core with version 4.2.9.RELEASE in my artifacts instead of 5.0.7.RELEASE. My pom.xml is deep down in my build tree and it's a part of a big spring boot project. artifact spring-security-core is not present in any other pom.xml in my tree. From what I've read so far it looks like this is happening because something in the parent tree is downloading spring-security-core 4.2.9.RELEASE as a dependency without explicitly mentioning it in their pom.xml. How to debug this problem ? In one of the parent pom.xml there's a dependency like this :
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-context-support</artifactId>
<version>4.3.22.RELEASE</version>
</dependency>
Would that explain why spring-security-core old version is getting downloaded ? Any help is appreciated.
Upvotes: 0
Views: 1373
Answers (2)
Reputation: 3367
Go to the location of parent pom.xml file and as run the command
mvn dependency:tree >> tree.txt
It will create a file with dependency tree. Search for "spring-security-core" you will find which version is downloaded.
There are couple of work around:
- You can repeat this to each pom.xml as well to know from where it gets the reference.
- If one of the pom referring the version then your dependency will not consider if its got resolve earlier.
- Check if any po.xml file referring to any spring security related libraries. If so, what is there version. And if you need then as mentioned by @Vinay, exclude it so your library version gets referred.
- If you want to download this version of library then mentioned it at the top, so it gets referred and no other version will downloaded.
There is no relation for spring security with spring-context-code. Refer this maven link.
Upvotes: 1
Reputation: 93
Check the dependency tree with this command
mvn dependency:tree
If spring-context-support also has spring-security, you can exclude that from the dependency by adding exclusions example
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-context-support</artifactId>
<version>4.3.22.RELEASE</version>
<exclusions>
<exclusion>
<groupId> groupid of the jar to be excluded </groupId>
<artifactId>artifact id of the jar to be excluded</artifactId>
</exclusion>
</exclusions>
</dependency>
Upvotes: 1
Related Questions
- The dependency spring-boot-starter-security is not found in a simple Maven project
- Got an error when building spring security from source
- Version missing in dependencies for spring parent
- Java Spring conflict dependecy versions with Spring Security
- Configuring Spring Boot with Spring Security makes build fail due to reference to missing dependency
- Spring versions incompatibility
- Maven spring-boot-starter-security limiting org.springframework.security to version 3.2.8 and not using 4.0.2
- Maven build error on upgrading to new Spring Boot version
- Why does Spring Security not follow main Spring versioning?
- spring error occurs when spring-security-xxx added