[
https://issues.apache.org/jira/browse/MNG-6650?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16833318#comment-16833318
]
Jörg Hohwiller edited comment on MNG-6650 at 5/5/19 11:06 AM:
--------------------------------------------------------------
Thanks for this feedback. Seems you are right. I just wanted to upgrade my
project to Java11 and now it still works with Java 1.8 but it should work with
Java 9+ though it does not.
However, the actual reason seems to be related to a bug in the profile
triggered by jdk 9+ that for some yet unclear reason results in an empty list
of dependencies (so the direct dependencies as well as those added by the
profile and up as empty where as with Java 1.8 the direct dependencies are used
and the profile is not triggered).
What I also found out is that if I just create a maven project with two modules
A and B and in A I add the spring-security dependency containg the CsrfToken
and also add a copy of that Java9+ triggered profile and then in B do the same
as in the example project (depend on A and have a class requireing CsrfToken)
the error is not reproduced. So there is yet another circumstance that needs to
be added to cause this effect. However, I assume someone who is capable do run
Maven on the provided project in debug mode and set a breakpoint in the
dependency evaluation will easily be able to spot down this bug. I always
failed to properly debug maven core. If you have any working instructions
provide a link here and I might give it a try.
was (Author: hohwille):
Thanks for this feedback. Seems you are right. I just wanted to upgrade my
project to Java11 and now it still works with Java 1.8 but it should work with
Java 9+ though it does not.
However, the actual reason seems to be related to a bug in the profile
triggered by jdk 9+ that for some yet unclear reason results in an empty list
of dependencies (so the direct dependencies as well as those added by the
profile and up as empty where as with Java 1.8 the direct dependencies are used
and the profile is not triggered).
What I also found out is that if I just create a maven project with two modules
A and B and in A I add the spring-security dependency containg the CsrfToken
and also add a copy of that Java9+ triggered profile and then in B do the same
as in the example project (depend on A and have a class requireing CsrfToken)
the error is not reproduced. Some there is yet another circumstance that needs
to be added to cause this effect. However, I assume someone who is capable do
run Maven on the provided project in debug mode and set a breakpoint in the
dependency evaluation will easily be able to spot down this bug. I always
failed to properly debug maven core. If you have any working instructions
provide a link here and I might give it a try.
> Java11 Regression Bug: Transitive dependencies not resolved
> -----------------------------------------------------------
>
> Key: MNG-6650
> URL: https://issues.apache.org/jira/browse/MNG-6650
> Project: Maven
> Issue Type: Bug
> Components: Dependencies
> Affects Versions: 3.6.0
> Environment: Works with Java 1.8
> Fails with Java 11
> Reproduced on Mac and Windows as well as in travis-ci (linux).
> Reporter: Jörg Hohwiller
> Priority: Major
> Attachments: MNG-6650.tgz
>
>
> I have found a strange situation where maven seems to be unable to resolve
> transitive dependencies for a particular dependency but only in Java11+
> The failing build can be found here with all the analysis:
> [https://github.com/devonfw/devon4j/pull/82]
> As you can read there with all the details the error is related to a profile
> with
> <activation>
> <jdk>[9,)</jdk>
> </activation>
> That should fire on Java11 and seems to do but as a result all dependencies
> are eliminated in this case what seems like a strange maven bug.
> The Code to reproduce the issue locally can also be cloned from here:
> [https://github.com/hohwille/devon4j/tree/feature/16-java-11]
> (be sure to checkout this "feature/16-java-11" branch)
> After building you can even reduce and reproduce the error from
> {{templates/server/target/test-classes/projects/basic/project/basic}}
> Just "cd" there and run "mvn clean install" with Java1.8 and with Java11.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
