Kyle, Tell me if I'm wrong but I suspect you tried Acegi versions prior 1.0.3 - right?
If this is the case, I recommend you clean your Maven local repository (delete the .m2/repository directory) - then retry your build. Something tells me the problem will be gone :) Then tell us the result. If it work, I'll try to explain the reason. In short, this is due to the way Maven resolves transitive dependencies and the quality of the information it obtains from the repository... /bertrand > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf > Of Kyle Mallory > Sent: vendredi 16 février 2007 19:38 > To: acegisecurity-developer@lists.sourceforge.net > Subject: Re: [Acegisecurity-developer] Maven2 POM for Acegi-Security > > Carlos, > > > exclusions are for things you DON'T want. If you exclude a dependency, > > that one and all its children will be excluded, so you don't need to > > go one by one > > if you want a different version you have to explicitly add that as a > > dependency and maven will use YOUR version instead of the one that > > acegi uses > > That it not what is happening. If I specify two separate dependencies > for Spring-2.0.2, and Acegi-Security-1.0.3, I get BOTH Spring 2.0.2 AND > Spring 1.2.8, as well as all of the 1.2.8 submodules. > > > Why should resin be optional in acegi-security-resin? if you want the > > resin extension you absolutely need the resin classes > > I'm choosing the resin module specifically because my container is Resin > (2.1.17, not 3.0.9). This is like making the argument that Spring or > Acegi should be dependent (and require) Java 1.4.2_09, and as a result, > forcing a download of that JVM. Sure, it requires Java, but (hopefully) > it doesn't require a specific version (even though it is compatible with > _02 or 1.5). And, since it is an implied requirement/dependency that is > met by the parent/container, it (maven and POM author) should trust that > those dependencies will be there when the time is right. Maybe > "optional" isn't the right flag, but certainly, it shouldn't be > downloading a new Resin for me. > > > You need to depend in whatever spring-*-2.0.2 jar you need. > > And here lies the real issue... I don't need any other spring- > submodules, except spring-mock. I don't need them for Resin, not for > Acegi, and not for Spring... So why am I getting them? > > And I don't need Spring-1.2.8, or any of its submodules for Acegi or > anything else (the project compiles and runs fine without them), so why > am I getting them? > > > It's not a big deal, and if this is the way it is, I'll go back to our > old build-system, and just use Maven2 for specific packages that work > the way I expect. Perhaps this is better left to the Maven folks. > > > Kyle > > > ------------------------------------------------------------------------- > Take Surveys. Earn Cash. Influence the Future of IT > Join SourceForge.net's Techsay panel and you'll get the chance to share > your > opinions on IT & business topics through brief surveys-and earn cash > http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV > _______________________________________________ > Home: http://acegisecurity.org > Acegisecurity-developer mailing list > Acegisecurity-developer@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
