传递依赖检查

我们通过maven插件org.apache.maven.plugins:maven-enforcer-plugin启用<requireUpperBoundDeps/> 来检查传递依赖是否高于直接依赖,如果传递依赖的版本比直接依赖的版本高,则打包失败.

<requireUpperBoundDeps/>解释如下:

IF:

	A-->B1-->C2

	A-->C1

	C2>C1

THEN:

	throw Exception;

我觉得这个检查很有必要,但是解析的范围太宽了.一个项目依赖了很多的开源组件,我们最好是限制这个检查只检查我们自己的jar包.

修改插件默认行为,在org.apache.maven.plugins.enforcer.RequireUpperBoundDeps$RequireUpperBoundDepsVisitor#containsConflicts中加入:

String key=  resolvedPair.constructKey();
if(key!=null && !key.startsWith("com.xxx")){//不检查groupId中包括非com.xxx开头的jar包
  		return false;
}	

demo

下面说下检查出来的提示信息分析,比如下面的情况:

Failed while enforcing RequireUpperBoundDeps. The error(s) are [
	Require upper bound dependencies error for xxx.interchange:interchange-facade-settle:1.0.0.20121009 paths to dependency are:
	+-xxx.ppm:ppm-integration:1.0.1.6
 	 		+-xxx.interchange:interchange-facade-settle:1.0.0.20121009
	and
	+-xxx.ppm:ppm-integration:1.0.1.6
 	 		+-xxx.core.payengine:payengine-facade:2.0.0.20140314
   	 			+-xxx.interchange:interchange-facade-settle:1.0.0.20121009 (managed) <-- xxx.interchange:interchange-facade-settle:1.3.0.20140303

第一个告诉我们ppm-integration–>interchange-facade-settle:1.0.0.20121009.

第二个告诉我们ppm-integration–>payengine-facade:2.0.0.20140314–>interchange-facade-settle:1.3.0.20140303

根据maven 最短路径优先原则,ppm-integration最终会依赖interchange-facade-settle:1.0.0.20121009.但是payengine-facade:2.0.0.20140314它依赖interchange-facade-settle:1.3.0.20140303.如果classpath中只有interchange-facade-settle:1.0.0.20121009,运行时payengine-facade就有可能报找不到类,找不到方法之类的错误.

遇到这样的场景,最好是修改我们项目的直接依赖,让ppm-integration–>interchange-facade-settle:1.3.0.20140303,然后测试下是否ok.

2016年05月Reading Notes

## 服务发现服务发现用于动态感知服务提供方地址,并提供服务路由分发策略能力。### 客户端发现客户端从注册中心获取服务列表,客户端监听服务列表的变化,客户端通过路由策略选择合适的服务端地址。服务端在停服务时,需要先通知客户端不要发送新请求过来,等服务端把当前请求处理完后,...… Continue reading

2016年05月Reading Notes

Published on June 19, 2016

2016年05月Reading Notes

Published on May 11, 2016