How to make a maven sub-dependency "provided" in 3rd party dependency?

Question

I am getting this error, when I run mvn tomcat:run in my web modulo.

SEVERE: Servlet /web threw load() exception
java.lang.ClassCastException: org.springframework.web.servlet.DispatcherServlet cannot be cast to javax.servlet.Servlet

The problem happens when I add a dependency to one other modulo I have, specifically because that other modulo contains com.google.gdata:core dependency. I ran mvn dependency:tree I saw that this google dependency has servlet-api down its dependency tree, and so I think this is the problem. But I dont know how to fix it.

|  \- com.google.gdata:core:jar:1.47.1:compile
|     +- com.google.guava:guava:jar:13.0.1:compile
|     +- com.google.oauth-client:google-oauth-client-jetty:jar:1.11.0-beta:compile
|     |  +- com.google.oauth-client:google-oauth-client-java6:jar:1.11.0-beta:compile
|     |  |  \- com.google.oauth-client:google-oauth-client:jar:1.11.0-beta:compile
|     |  |     \- com.google.http-client:google-http-client:jar:1.11.0-beta:compile
|     |  |        +- org.apache.httpcomponents:httpclient:jar:4.0.3:compile
|     |  |        |  \- org.apache.httpcomponents:httpcore:jar:4.0.1:compile
|     |  |        \- xpp3:xpp3:jar:1.1.4c:compile
|     |  \- org.mortbay.jetty:jetty:jar:6.1.26:compile
|     |     +- org.mortbay.jetty:jetty-util:jar:6.1.26:compile
|     |     \- org.mortbay.jetty:servlet-api:jar:2.5-20081211:compile
|     +- com.google.code.findbugs:jsr305:jar:1.3.7:compile
|     \- javax.mail:mail:jar:1.4:compile
|        \- javax.activation:activation:jar:1.1:compile

This answer suggests making servlet-api dependency provided, but how can do this inside a dependency I do not own?

Answer 1

You cannot change POM of a 3rd party dependency. But you can exclude its dependencies.

<dependency>
  <groupId>.....</groupId>
  <artifactId>.....</artifactId>
  <version>.....</version>
  <scope>compile</scope>
  <exclusions>
    <exclusion>
      <groupId>org.mortbay.jetty</groupId>
      <artifactId>servlet-api</artifactId>
    </exclusion>
  </exclusions> 
</dependency>

Important:

1. Use <exclusions> in the correct <dependency>. Otherwise it will have no effect.
2. <exclusions> works for the whole sub-tree of <dependency>, including all its nested dependencies. Just find the top level <dependency> in your POM that brings undesired jar and use <exclusions> there.
3. The same undesired jar may come via multiple dependencies. After you excluded it in one place, refresh the dependency tree, and check if undesired jar comes via some other dependency. If yes, then exclude it also on other places.