Excluding nested transitive dependencies

Shin · December 20, 2012, 3:49pm

I have the following dependency tree:

+--- org.apache.cxf:cxf-rt-frontend-jaxws:2.7.0
|
  +--- org.apache.cxf:cxf-api:2.7.0
|
  |
  +--- org.apache.ws.xmlschema:xmlschema-core:2.0.3
|
  |
  +--- org.apache.geronimo.specs:geronimo-javamail_1.4_spec:1.7.1
|
  |
  +--- wsdl4j:wsdl4j:1.6.2
|
  |
  \--- org.codehaus.woodstox:woodstox-core-asl:4.1.4
|
  |
       \--- org.codehaus.woodstox:stax2-api:3.1.1

Can anyone tell me if it’s possible to exclude geronimo-javamail without having to explicitly declare each sub dependency? For example, I think I have to do this:

runtime "org.apache.cxf:cxf-rt-frontend-jaxws:2.70"
runtime "org.apache.cxf:cxf-api:2.7.0" {
  exclude module: geronimo-javamail_1.4_spec
}

But really I’d like to do:

runtime "org.apache.cxf:cxf-rt-frontend-jaxws:2.70" {
  exclude module: geronimo-javamail_1.4_spec
}

Or is that a dumb thing to do and I’m missing something?

Thanks

Peter_Niederwieser · December 20, 2012, 3:53pm

The latter should work as-is.

Shin · December 20, 2012, 4:00pm

Dang you’re right. I just tried it out on a test project.

Hmmm must be something else that’s introducing it into the war.

Thanks Peter

Sergey1 · September 26, 2013, 10:45am

Does a ‘dependencies’ task on gradle command line should reflect these exclusions specified per dependency ? Seem that (at least as I’ve tested on Gradle v1.8) exclude() method does not work on transitive dependencies of second and more in deep levels… Is it a bug ?

Peter_Niederwieser · September 26, 2013, 11:13am

Works fine for me. Please provide a minimal self-contained example that demonstrates the issue.

On a side note, it’s often more convenient to add excludes on the configuration level, rather than the dependency level.

Sergey1 · September 30, 2013, 8:01am

build.gradle: -----------------

def javaProjects() {
   return subprojects.findAll { new File(it.projectDir, "src").exists() }
}
 configure(javaProjects()) { project ->
    apply plugin: 'java'
    apply from: rootProject.projectDir.absolutePath + "/libraries.gradle"
      group = '...'
    version = '...'
    defaultTasks 'build'
      dependencies {
        ...
        compile(libraries.apacheCxf)
        ...
    }
}

libraries.gradle: ----------------------

ext {
    ....
    // ========================== Web Services ======================
    // Apache CXF
    apacheCxfVersion = '2.7.6'
    ....
    libraries = [
        ...
        apacheCxf: dependencies.create("org.apache.cxf:apache-cxf:${apacheCxfVersion}")
         {
            exclude group: 'org.springframework'
            exclude group: 'stax', module: 'stax-api'
            force = true
        },
        ....
    ]
}

Note that I’ve also tried to use the configuration closure with exclude method immediately after the compile configuration in dependencies section with the same effect - dependencies task output shows ‘stax:stax’ artifact(which is on third transitive level ONLY), but hides ‘org.springframework’ artifacts (which EXIST on the first transitive level).

Rene · September 30, 2013, 8:33am

just tested your snippet. it seems that you’re dragging in different versions of the stax-api module (with different group names)

this should do the trick to exclude both types:

dependencies.create("org.apache.cxf:apache-cxf:${apacheCxfVersion}"){
  exclude group: 'org.springframework'
  exclude group:'stax', module:'stax-api'
  exclude group:'javax.xml.stream', module:'stax-api'
     }

cheers, René

Sergey1 · October 8, 2013, 12:21pm

I hoped that when I specify the transitive dependency in exclude method by using group and module attributes (as they appeared in the dependency tree output of dependencies task) - the dependency should disappear in the subsequent dependencies task tree output for the original/top level/ dependency, but that’s not a case and that nested transitive dependency still exists in dependencies tree output(with the same group and module) and in the resulting war file… Is that a bug ? Does anybody else (except me and topic starter) run into such behavior ?

Sergey1 · October 8, 2013, 1:19pm

I’ve found some more or less workaround for this problem, e.g. for above mentioned approach (when all dependencies defined in one place - libraries.gradle) - you can use the following code snippet to force exclude the nested transitive dependency from ALL grouped first level dependencies (despite of present this nested dependency in the particular top level dependency sub-tree or not - as dependencies task output shows):

...,
        // Apache CXF
        apacheCxf: [
            dependencies.create("org.apache.cxf:cxf-rt-frontend-jaxws:${apacheCxfVersion}"),
            dependencies.create("org.apache.cxf:cxf-rt-transports-http:${apacheCxfVersion}")
        ].each{configure(it){
            exclude group: 'org.codehaus.woodstox', module: 'woodstox-core-asl'
        }},
        ...

Topic		Replies	Views
Something fishy with transitive dependencies Old Forum Archive	4	1467	May 16, 2014
Excluding nested transient dependencies from WAR without having to specify provided compile Help/Discuss	0	1732	July 2, 2015
Excluding transitive dependencies in the new software model Help/Discuss	1	642	February 11, 2016
How to exclude transitive dependency Old Forum Archive	6	172958	April 5, 2012
Exclude transitive dependency using wildcard? Old Forum Archive	1	3908	February 22, 2013

Excluding nested transitive dependencies

Related topics