Fix dependencies with Maven Enforcer Plug-in

[kinow]

This PR introduces the Maven Enforcer Plugin to the verify phase of the project build lifecycle.

And it utilises a plug-in that makes sure we do not use transitive dependencies. It means that if we have dependencies like commons-collections (which includes commons-lang version 2.x) and commons-lang3, in case we use StringUtils from commons-lang 2.x, the build will fail. As commons-lang 2.x is a transitive dependency.

When running mvn verify -DskipTests=true, I initially got the following errors:

[WARNING] Rule 0: de.is24.maven.enforcer.rules.IllegalTransitiveDependencyCheck failed with message:
Found 53 illegal transitive type dependencies in artifact 'edu.illinois.library.cantaloupe:Cantaloupe:war:3.4-SNAPSHOT':
1.) ch.qos.logback.core.Context
2.) ch.qos.logback.core.filter.Filter
3.) ch.qos.logback.core.spi.FilterReply
4.) ch.qos.logback.core.util.StatusPrinter
5.) com.amazonaws.ClientConfiguration
6.) com.amazonaws.auth.AWSCredentials
7.) com.amazonaws.auth.AWSCredentialsProvider
8.) com.amazonaws.auth.AWSCredentialsProviderChain
9.) com.amazonaws.auth.EnvironmentVariableCredentialsProvider
10.) com.amazonaws.auth.InstanceProfileCredentialsProvider
11.) com.amazonaws.auth.SystemPropertiesCredentialsProvider
12.) com.amazonaws.auth.profile.ProfileCredentialsProvider
13.) com.amazonaws.client.builder.AwsClientBuilder
14.) com.fasterxml.jackson.annotation.JsonIgnore
15.) com.fasterxml.jackson.annotation.JsonInclude
16.) com.fasterxml.jackson.annotation.JsonInclude$Include
17.) com.fasterxml.jackson.annotation.JsonProperty
18.) com.fasterxml.jackson.annotation.JsonPropertyOrder
19.) com.fasterxml.jackson.core.JsonProcessingException
20.) com.fasterxml.jackson.databind.ObjectMapper
21.) com.fasterxml.jackson.databind.ObjectWriter
22.) com.fasterxml.jackson.databind.SerializationFeature
23.) com.sun.media.imageio.plugins.tiff.TIFFDirectory
24.) com.sun.media.imageio.plugins.tiff.TIFFField
25.) javax.media.jai.Interpolation
26.) javax.media.jai.JAI
27.) javax.media.jai.LookupTableJAI
28.) javax.media.jai.OpImage
29.) javax.media.jai.PlanarImage
30.) javax.media.jai.ROIShape
31.) javax.media.jai.RenderedOp
32.) javax.media.jai.operator.TransposeType
33.) org.apache.commons.codec.binary.Hex
34.) org.apache.commons.codec.digest.DigestUtils
35.) org.apache.commons.lang.StringUtils
36.) org.apache.jena.rdf.model.Literal
37.) org.apache.jena.rdf.model.Model
38.) org.apache.jena.rdf.model.ModelFactory
39.) org.apache.jena.rdf.model.NodeIterator
40.) org.apache.jena.rdf.model.Property
41.) org.apache.jena.rdf.model.RDFNode
42.) org.apache.jena.riot.RIOT
43.) org.apache.jena.riot.RiotException
44.) org.apache.velocity.app.Velocity
45.) org.apache.velocity.runtime.RuntimeServices
46.) org.apache.velocity.runtime.log.LogChute
47.) org.apache.velocity.runtime.resource.loader.ClasspathResourceLoader
48.) org.eclipse.jetty.http.HttpField
49.) org.eclipse.jetty.http.HttpFields
50.) org.eclipse.jetty.http.HttpMethod
51.) org.eclipse.jetty.io.EofException
52.) org.eclipse.jetty.util.ssl.SslContextFactory
53.) org.jruby.RubyHash

These 53 classes are currently used in the project, but they are available through transitive dependencies. In most cases it will build fine, but we could be either using the wrong class (the example above, for StringUtils from commons-lang 2.x actually exists in the project) or have a problem later on, when we added another version with a different transitive dependency version.

The PR also includes fixes for all the 53 cases. For each case, I simply looked in Eclipse which jar contained the class, then looked up in http://search.maven.org. Had a bit of problem with jai_core classes, as the jar doesn't seem to be available in Maven Central, but only pom and javadoc.

Also updated Commons Lang, Jena, and LogBack, that are dependencies that I use in other projects and am a bit familiar with.

Cheers
Bruno

[adolski]

Thanks @kinow. To get the tests to pass I had to add:

<dependency>
  <groupId>org.jruby</groupId>
  <artifactId>jruby</artifactId>
  <version>9.1.10.0</version>
</dependency>

In addition to jruby-core. I guess jruby-core is missing some ruby libs.

[kinow]

Oh, I didn't run the tests because of the other other issue that had the test profiles. I've rebased this branch against develop now, and am running the tests.

Looks like one is getting stuck, and looking at jruby in the dependency hierarchy in Eclipse, it seems to bring jruby-core and jruby-stdlib. Looks like jruby-stdlib is a runtime dependency.

[kinow]

Done in caf4819

With mvn clean test -Pnodeps, I get:

Results :

Failed tests: 
  Java2DUtilTest.testApplyOverlayWithStringOverlay:164

Tests run: 1217, Failures: 1, Errors: 0, Skipped: 20

Which is the same I'm getting right now running the tests in the develop branch (in Travis CI I got the same IIRC).

Sorry for not running the tests.

Cheers
Bruno

[adolski]

Thank you!