apache
exclude org.glassfish.web:javax.servlet.jsp from storm-autocreds hbase-server dependency
What is the purpose of the change
The failure is to avoid
[ERROR] Failed to execute goal on project storm-autocreds: Could not resolve dependencies for project org.apache.storm:storm-autocreds:jar:2.3.0-SNAPSHOT: Failed to collect dependencies at org.apache.hbase:hbase-server:jar:2.1.3 -> org.glassfish.web:javax.servlet.jsp:jar:2.3.2 -> org.glassfish:javax.el:jar:3.0.1-b06-SNAPSHOT: Failed to read artifact descriptor for org.glassfish:javax.el:jar:3.0.1-b06-SNAPSHOT: Failure to transfer org.glassfish:javax.el:pom:3.0.1-b06-SNAPSHOT from https://maven.java.net/content/repositories/snapshots was cached in the local repository, resolution will not be reattempted until the update interval of jvnet-nexus-snapshots has elapsed or updates are forced. Original error: Could not transfer artifact org.glassfish:javax.el:pom:3.0.1-b06-SNAPSHOT from/to jvnet-nexus-snapshots (https://maven.java.net/content/repositories/snapshots): Transfer failed for https://maven.java.net/content/repositories/snapshots/org/glassfish/javax.el/3.0.1-b06-SNAPSHOT/javax.el-3.0.1-b06-SNAPSHOT.pom -> [Help 1]
How was the change tested
(Explain what tests did you do to verify the code change)
Just curious, do we know why it started to fail? And how do we make sure that org.glassfish.web:javax.servlet.jsp can be excluded without introducing any issues? Thanks
The travis build failures are related to MODULES=Check-Updated-License-Files
travis failure: Dependencies in LICENSE-binary that appear unused: org.glassfish.web:javax.servlet.jsp:2.3.2 org.glassfish:javax.el:3.0.1-b12
This "Could not resolve dependencies" error seems intermittent, probably due to some issue happened on maven.java.net. This issue is not happening now (even without this change).
But I do agree that we should exclude dependencies if they are not needed, to reduce the possibility of build failures like this.
I agree that org.glassfish.web:javax.servlet.jsp doesn't seem needed, since hbase-server is pulled in only for org.apache.hadoop.hbase.security.token.TokenUtil class.
But I was still hoping this change can be tested so we can be sure, since issues like ClassNotFound at runtime can't be captured at compilation time. Also I hope we can create a JIRA for this so we can refer to it in the future.
For future reference, this is the part of the dependency tree of storm-autocreds:
....
[INFO] +- org.apache.hbase:hbase-server:jar:2.1.3:compile
[INFO] | +- org.apache.hbase:hbase-http:jar:2.1.3:compile
[INFO] | | +- org.eclipse.jetty:jetty-util:jar:9.4.14.v20181114:compile
[INFO] | | +- org.eclipse.jetty:jetty-util-ajax:jar:9.4.14.v20181114:compile
[INFO] | | +- org.eclipse.jetty:jetty-http:jar:9.4.14.v20181114:compile
[INFO] | | +- org.eclipse.jetty:jetty-security:jar:9.4.14.v20181114:compile
[INFO] | | +- org.glassfish.jersey.core:jersey-server:jar:2.29:compile
[INFO] | | | +- org.glassfish.jersey.core:jersey-common:jar:2.29:compile
[INFO] | | | | \- org.glassfish.hk2:osgi-resource-locator:jar:1.0.3:compile
[INFO] | | | +- org.glassfish.jersey.core:jersey-client:jar:2.29:compile
[INFO] | | | +- jakarta.ws.rs:jakarta.ws.rs-api:jar:2.1.5:compile
[INFO] | | | +- org.glassfish.jersey.media:jersey-media-jaxb:jar:2.29:compile
[INFO] | | | +- jakarta.annotation:jakarta.annotation-api:jar:1.3.4:compile
[INFO] | | | +- org.glassfish.hk2.external:jakarta.inject:jar:2.5.0:compile
[INFO] | | | \- javax.validation:validation-api:jar:2.0.1.Final:compile
[INFO] | | +- org.glassfish.jersey.containers:jersey-container-servlet-core:jar:2.29:compile
[INFO] | | \- javax.ws.rs:javax.ws.rs-api:jar:2.0.1:compile
[INFO] | +- org.apache.hbase:hbase-procedure:jar:2.1.3:compile
[INFO] | +- org.apache.hbase:hbase-zookeeper:jar:2.1.3:compile
[INFO] | +- org.apache.hbase:hbase-replication:jar:2.1.3:compile
[INFO] | +- org.apache.hbase:hbase-metrics-api:jar:2.1.3:compile
[INFO] | +- org.apache.hbase:hbase-metrics:jar:2.1.3:compile
[INFO] | +- org.eclipse.jetty:jetty-server:jar:9.4.14.v20181114:compile
[INFO] | | \- org.eclipse.jetty:jetty-io:jar:9.4.14.v20181114:compile
[INFO] | +- org.eclipse.jetty:jetty-servlet:jar:9.4.14.v20181114:compile
[INFO] | +- org.eclipse.jetty:jetty-webapp:jar:9.4.14.v20181114:compile
[INFO] | | \- org.eclipse.jetty:jetty-xml:jar:9.4.14.v20181114:compile
[INFO] | +- org.glassfish.web:javax.servlet.jsp:jar:2.3.2:compile
[INFO] | | \- org.glassfish:javax.el:jar:3.0.1-b12:compile (version selected from constraint [3.0.0,))
[INFO] | +- javax.servlet.jsp:javax.servlet.jsp-api:jar:2.3.1:compile
[INFO] | +- org.apache.commons:commons-math3:jar:3.6.1:compile
[INFO] | +- log4j:log4j:jar:1.2.17:compile
[INFO] | +- org.jamon:jamon-runtime:jar:2.4.1:compile
[INFO] | +- javax.servlet:javax.servlet-api:jar:3.1.0:compile
[INFO] | +- com.fasterxml.jackson.core:jackson-core:jar:2.9.8:compile
[INFO] | +- com.fasterxml.jackson.core:jackson-annotations:jar:2.9.0:compile
[INFO] | +- com.lmax:disruptor:jar:3.3.6:compile
[INFO] | +- commons-logging:commons-logging:jar:1.2:compile
[INFO] | \- org.apache.hadoop:hadoop-hdfs:jar:2.8.5:compile
[INFO] | +- org.mortbay.jetty:jetty:jar:6.1.26:compile
[INFO] | +- org.mortbay.jetty:jetty-util:jar:6.1.26:compile
[INFO] | +- com.sun.jersey:jersey-core:jar:1.9:compile
[INFO] | +- com.sun.jersey:jersey-server:jar:1.9:compile
[INFO] | | \- asm:asm:jar:3.1:compile
[INFO] | +- commons-daemon:commons-daemon:jar:1.0.13:compile
[INFO] | +- io.netty:netty-all:jar:4.1.30.Final:compile
[INFO] | \- org.fusesource.leveldbjni:leveldbjni-all:jar:1.8:compile
...
The related part is
[INFO] | +- org.glassfish.web:javax.servlet.jsp:jar:2.3.2:compile
[INFO] | | \- org.glassfish:javax.el:jar:3.0.1-b12:compile (version selected from constraint [3.0.0,))
Does not happen anymore. Perhaps because the version range syntax now references an available artifact or the related transient dependency was removed due to an dependency upgrade. Closing here.
