Question

I'm tryin to use Maven Enforcer's banned dependencies where I want to ban that there are compile and runtime dependencies to any artifact that contains -redhat-. The background of this: The JEE API and other stuff already exists in the JBoss AS and should never be included in the EAR.

This is what I'm trying, but it doesn't work:

      <execution>
        <id>banned-dependencies</id>
        <goals>
          <goal>enforce</goal>
        </goals>
        <configuration>
          <rules>
            <bannedDependencies>
              <searchTransitive>false</searchTransitive>
              <excludes>
                <exclude>*:*:*-redhat-*:*:compile</exclude>
                <exclude>*:*:*-redhat-*:*:runtime</exclude>
              </excludes>
            </bannedDependencies>
          </rules>
          <fail>true</fail>
        </configuration>
      </execution>
Was it helpful?

Solution

As you have discovered this wont work the way you are wanting. (I presume you are finding that the enforcer plugin is matching all dependencies listed in your pom?)

The problem is that Maven expects the version given to either be a single * or to conform to maven's Version Spec. (i.e. 1.0, [1.0,) etc) It can't handle the multiple wildcards that you are using.

Unfortunately I don't really have a solution for you. You could potentially Write Your Own Rule and extend the BannedDependencies rule and have it work the way you would like.

What follows is a dive into the code that is causing your issue

In the BannedDependencies class there is the following check for the version given in the exclude string:

if (pattern[2].equals("*") || artifact.getVersion().equals(pattern[2]) ) {
    result = true;
} else {
    try {
        result = AbstractVersionEnforcer.containsVersion(
                VersionRange.createFromVersionSpec(pattern[2]),
                new DefaultArtifactVersion(artifact.getBaseVersion()));
    } catch ( InvalidVersionSpecificationException e ) {
        throw new EnforcerRuleException("Invalid Version Range: ", e);
    }
}

The specific problem for you is

AbstractVersionEnforcer.containsVersion(
       VersionRange.createFromVersionSpec(pattern[2]),
       new DefaultArtifactVersion(artifact.getBaseVersion()))

You can see that it is expecting a VersionRange due to VersionRange.createFromVersionSpec(). The code for that can be seen here: VersionRange source code

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top