Search code examples
mavenapache-cameltransitive-dependencymaven-enforcer-plugincamel-cxf

Maven Enforcer plugin identifies Dependency Convergence issue within Camel-CXF

The Maven enforcer plugin is identifying a code convergence issue with a 3rd party library I'm using. How can I ignore this whilst still running the enforcer plugin on the project over the rest of the project or how else should I resolve the issue without changing the library's version?

My project consumes camel-cxf 2.13.2 which it turns out depends on two separate transitive versions of jaxb-impl; 2.1.13 and 2.2.6. The enforcer plugin identifies this and fails the build.

Here is how I'm configuring the plugin:

<plugin>
        <groupId>org.apache.maven.plugins</groupId>
        <artifactId>maven-enforcer-plugin</artifactId>
        <version>1.3.1</version>
        <configuration>
            <rules>
                <DependencyConvergence/>
            </rules>
        </configuration>
    </plugin>

When I run mvn enforcer:enforce I get

Rule 0: org.apache.maven.plugins.enforcer.DependencyConvergence failed with message:
Failed while enforcing releasability the error(s) are [
Dependency convergence error for com.sun.xml.bind:jaxb-impl:2.2.6 paths to dependency are:
+-com.myModule:module:18.0.0-SNAPSHOT
  +-org.apache.camel:camel-cxf:2.13.2
    +-org.apache.camel:camel-core:2.13.2
      +-com.sun.xml.bind:jaxb-impl:2.2.6
and
+-com.myModule:module:18.0.0-SNAPSHOT
  +-org.apache.camel:camel-cxf:2.13.2
    +-org.apache.cxf:cxf-rt-bindings-soap:2.7.11
      +-org.apache.cxf:cxf-rt-databinding-jaxb:2.7.11
        +-com.sun.xml.bind:jaxb-impl:2.1.13
and
+-com.myModule:module:18.0.0-SNAPSHOT
  +-org.apache.cxf:cxf-rt-management:2.7.11
    +-org.apache.cxf:cxf-rt-core:2.7.11
      +-com.sun.xml.bind:jaxb-impl:2.1.13
Solution

  • In the end I added exclusions to the specific sub dependencies which were pulling in the older, clashing versions of jaxb-impl.

    <dependency>
    <groupId>org.apache.cxf</groupId>
    <artifactId>cxf-rt-core</artifactId>
    <version>${cxf.version}</version>
    <exclusions>
        <exclusion>
            <groupId>com.sun.xml.bind</groupId>
            <artifactId>jaxb-impl</artifactId>
        </exclusion>
    </exclusions>
    <scope>${framework.scope}</scope>
</dependency>
<dependency>
    <groupId>org.apache.cxf</groupId>
    <artifactId>cxf-rt-databinding-jaxb</artifactId>
    <version>${cxf.version}</version>
    <exclusions>
        <exclusion>
            <groupId>com.sun.xml.bind</groupId>
            <artifactId>jaxb-impl</artifactId>
        </exclusion>
    </exclusions>
</dependency>

    This way I can still run the enforcer plugin on the rest of the project and fail builds if new convergence issues are identified.