Tomas Vojtech (Migrated from SEC-1488) said:
Please remove commons logging dependency from all modules except of core. All modules will still be commons logging dependent and exclusion of commons logging in projects using slf4j will be simpler.
Spring framework uses same system.
Luke Taylor said:
I assume you're talking about the maven poms. The commons-logging dependency is marked as "optional" in the parent pom, so it shouldn't be included as a transitive dependency in other projects. Could you clarify exactly what the problem is please?
Tomas Vojtech said:
yes I am talking about maven poms
if I try mvn dependency:tree without exclusion in my projects pom I get
[INFO] +- org.springframework.security:org.springframework.security.config:jar:3.0.2.RELEASE:compile
[INFO] | - org.apache.commons:com.springsource.org.apache.commons.logging:jar:1.1.1:compile
mvn package packs the logging artifact in final war file
problem is that each module has defined dependency in its own pom with scope compile
It looks like Maven is ignoring the "optional" element in the parent pom, which is annoying. I've removed the references to commons-logging entirely, since the dependency is pulled in transitively via the spring-core dependency anyway, and we always require that. We will probably ditch the use of maven for the 3.1 release onwards, so the maven pom issue will be revisited again when that happens.