Issue with imported scope poms (spring bom io dependency issue)

Asked 13/8, 2014 at 12:41 Answered 19/1, 2017 at 21:46

My company policy restricts us from downloading thirdparty artifacts from public repositories (maven_central, spring-io etc) We use Nexus as a repository manager which hosts all the artifacts that are approved by our company policy.

We are trying to use io-platform bom pom in our project to manage all spring dependencies.

We have uploaded all boms and its dependencies in our company repository. Verified also, everything is there in the company repos.
In my settings.xml all repositories (hosted by company) are properly mentioned. But somehow for spring-framework-bom project maven searches only in central even if it is disabled in settings.xml.It should ideally search in our company repositories first.

We are getting the below exception. Exception trace: org.apache.maven.reactor.MavenExecutionException: POM 'org.springframework:spring-framework-bom' not found in repository: Unable to download the artifact from any repository org.springframework:spring-framework-bom:pom:4.0.6.RELEASE from the specified remote repositories: central (http://repo1.maven.org/maven2)

Intimist answered 13/8, 2014 at 12:41 Comment(4)

Do you have a mirror set up in your settings.xml? We have exactly the same policy here, and we use <mirrorOf>*</mirrorOf> in our settings to send all repository queries to nexus. – Overturf 13/8, 2014 at 15:59

Thanks for your suggestion. Mirroring maven_central to our Nexus repository seems to be an option for this issue. Are there any other approaches ? Any idea why this happens? – Intimist 14/8, 2014 at 5:48

I'm not sure, but I think that there may be a reference to specific repos in the spring.io bom, so maven naturally goes to these references. I believe that this is a bad practice, and that mirrorOf is the only real solution to it. – Overturf 14/8, 2014 at 18:57

Yeah, You are right. One more option is there to add specific repos in spring.boms which is Bad. I found similar issue here. jira.codehaus.org/browse/MNG-3553 These kind of issue basically comes when scope of the dependency is import. – Intimist 18/8, 2014 at 6:18

This problem comes when you have pom/artifact defined with import scope in your other pom.

Imported dependencies basically looses repository information and they try to search dependencies in maven central .

Trick is to mirror maven central repository with your companies repository. So in case of imported dependency it will search in companies repository rather than default maven central.

Hope this helps.

Intimist answered 20/8, 2014 at 18:3 Comment(0)

It's a bug. This is the proposed solution:

IMO, using the stated workaround (adding the custom repository to the POM that has the scope == import dependency) is probably the safest way to go

It works at least in Maven 3.3.9. Probably already earlier.

Subtype answered 19/1, 2017 at 21:46 Comment(0)

Recommended topics

Hot tags