exclude dependencies when running sonar analysis - maven-2

I have a test project requiring some heavy jars which i put in ${M2_HOME}\test\src\main\resources\ and add them in the pom.xml using :
<dependency>
<groupId>server</groupId>
<artifactId>server</artifactId>
<version>1.0</version>
<scope>system</scope>
<systemPath>${M2_HOME}\test\src\main\resources\server.jar</systemPath>
</dependency>
<dependency>
<groupId>client</groupId>
<artifactId>client</artifactId>
<version>6.0</version>
<scope>system</scope>
<systemPath>${M2_HOME}\test\src\main\resources\client.jar</systemPath>
</dependency>
I want to know if it possible to exclude them during sonar analysis, or generally just analyze java sources folder.

If the problem is that these JARs are included in sonar analysis because they are located in src/main/resources, then one obvious solution would be to put them somewhere else (see the post scriptum). If for whatever reason this is not possible, please clarify (I'd really like to know why you put these JARs under resources).
If the problem is that these JARs are declared as dependencies, you could use a specific profile not including them to run sonar.
PS: Note that using the system scope is a bad practice and has several drawbacks (as mentioned here or here). A cleaner approach would be to use a file based repository as suggested in this answer.

Related

PDFBox jpeg2000 rendering with e.g. twelvemonkeys-jpeg to avoid patent issues

I got a pdf file which I open with PDFBox (version 2.0.20, but should be not version related). The file has a page which is actually a JPEG2000 image.
First I got the well known error : Cannot read JPEG2000 image: Java Advanced Imaging (JAI) Image I/O Tools are not installed.
I added the JAI core tools and the corresponding jpeg2000 plugin in my POM:
<dependency>
<groupId>com.github.jai-imageio</groupId>
<artifactId>jai-imageio-core</artifactId>
<version>1.4.0</version>
</dependency>
<dependency>
<groupId>com.github.jai-imageio</groupId>
<artifactId>jai-imageio-jpeg2000</artifactId>
<version>1.3.0</version>
</dependency>
And everything works fine!
BUT: the internet says, that the usage of jai-imageio-jpeg2000 infringes patents if you use without paying.
Therefore my question is, can I make PDFBox use a different module? I understood that twelvemonkeys is a good choice and I have read some threads where it was tested. But I have found no howto, HOW to make pdfbox switch to e.g. twelvemonkeys.
I removed the above from the POM and added the twelvemonkeys, but that does not work (got again the error message from above)
<dependency>
<groupId>com.twelvemonkeys.imageio</groupId>
<artifactId>imageio-jpeg</artifactId>
<version>3.8.2</version>
</dependency>
So finally I used the JDeli library. It is a commercial library and at time of writing you need to pay between 800$ per year or a one-time payment of 4000$. But based on the fact that with patent problem of the JJ2000 code you might run into even bigger issues, I decided for our project to go with it.
Money is one topic but do my jpeg2000 problems with the pdfbox disappear? Yes!
I followed the instructions on the web page (https://support.idrsolutions.com/jdeli/tutorials/add-jdeli-as-a-maven-dependency):
I downloaded the trial lib, added to my maven archive and added this to my pom.xml:
<dependency>
<groupId>com.idrsolutions</groupId>
<artifactId>jdeli</artifactId>
<version>1.0</version>
</dependency>
As I wanted to use the product as JAI plugin I also checked out the git project for the plugin : https://github.com/idrsolutions/JDeli_ImageIO_Plugin
After checkout I did the mvn install and the plugin was in my mvn repo. I added then also the plugin as dependency to my pom.xml:
<dependency>
<groupId>com.idrsolutions</groupId>
<artifactId>JDeli_ImageIO_Plugin</artifactId>
<version>1.0</version>
</dependency>
From here my pdfs with the jpeg2000 images inside could be loaded with pdfbox as expected.
So this will not answer my question how to use twelvemonkeys to read pdfs with jpeg2000 inside with pdfbox as it is not possible (see above), but it provides an alternative which worked at least for me as long as you can accept to pay for the library.

how to use arquillian for integration tests having multi maven modules

I have multiple maven modules: DBLayer (Contains all entities),UserManagement (User management services), WebApp
For setting up the testing i need to understand how to structure everything.
I want to test each module in an embedded container. As you all know, in each module I have my test folder where I put my test classes. Do I have to put the ShrinkWrap setup in each module test class (code that prepares embedded container for testing), or is that only needed in the webapp?
I also have the arquillian dependencies in each module pom file. Is there a better way to add these dependencies?
Thank you in advance.
I want to test each module in an embedded container (...)
If you are considering an embedded container, please take a look at this answer. Dan Allen explains it in details in his short article The Danger of Embedded Containers. Please take a look at it.
It looks to me that you are using Maven, then the following answer you may find useful in terms of separating integration tests from unit tests. To be short: stick to the Maven naming conventions (just name your integration tests with *IT suffix, e.g. MyClassIT.java) and let maven-failsafe-plugin do its job.
Do I have to put the ShrinkWrap setup in each module test class (code
that prepares embedded container for testing), or is that only needed
in the webapp?
Unfortunately yes. That is because you may want to prepare a different deployment for each test class. But drawbacks are clear:
Usually repeated deployment's setup.
Slowed down execution of tests (there is a new deploy operation for every test case)
Fortunately, there is Arquillian Suite Extension that lets you achive that. The Extension will force all classes in a TestSuite to run from the same DeploymentScenario. But as far as I know, it is more complex topic than it would appear on the surface - just keep in mind that this extension (although extremely useful) may not work with some other arquillian extensions.
I also have the arquillian dependencies in each module pom file. Is
there a better way to add these dependencies?
Your intuition is correct:) Yes, there are better ways. Personally I would recommend keep dependency to the arquillian only in a parent pom.xml file, then all sub-modules would inherit this dependency.
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.jboss.arquillian</groupId>
<artifactId>arquillian-bom</artifactId>
<version>1.1.5.Final</version>
<scope>import</scope>
<type>pom</type>
</dependency>
</dependencies>
</dependencyManagement>
Generally, be sure to read Getting started with Arquillian Guide.

apache tomcat catalina as maven dependency for CORS filter

I'm using org.apache.catalina.filters.CorsFilter in my webapp. So I specify the maven dependency
<dependency>
<groupId>org.apache.tomcat</groupId>
<artifactId>tomcat-catalina</artifactId>
<version>7.0.50</version>
</dependency>
Now, If I say the scope is "provide" or "runtime" the server doesn't start, because of
java.lang.ClassNotFoundException: org.apache.catalina.filters.CorsFilter
This class is not available in the catalina jar from jbossews/lib which is 7.0.40
Is it easy to "upgrade" tomcat on openshift? or if anybody can suggest a solution, it is much appreciated.
Many thanks,
This worked for me:
<dependency>
<groupId>org.apache.tomcat</groupId>
<artifactId>tomcat-catalina</artifactId>
<version>7.0.42</version>
<scope>provided</scope>
</dependency>
Trying 7.0.50 also worked. Can you double-check that there are no competing jar file versions lying around? Perhaps there is an older version without the class actually getting used by the JVM. Under Linux, "ls -l /proc/$CATALINA_PID/fd", may show which jar file is being used.
Also make sure to run this in a recent enough version of the Tomcat server.
You can add the jar to your repository and modify the .openshift/config/catalina.properties to let tomcat see it:
shared.loader=${catalina.home}/../app-root/runtime/repo/_your_jar_folder_
You can also use the common.loader - look up tomcat's refs for difference.

Source of org.hibernate.validator.engine.ConfigurationImpl

OK, I'm trying to get a validator working with a jsp form.. Have just started using maven, so it's all a bit new... what's the best way of locating which repository I should be selecting for the above class? I already have the following entries for validation:
<dependency>
<groupId>javax.validation</groupId>
<artifactId>validation-api</artifactId>
<version>1.0.0.GA</version>
</dependency>
<dependency>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-validator-annotation-processor</artifactId>
<version>4.1.0.Final</version>
</dependency>
<dependency>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-validator</artifactId>
<version>4.1.0.Final</version>
</dependency>
I tried loading hibernate itself, but that broke the build: I'm using eclipse for persistence, and building fails after dragging in a huge number of prerequisite libraries.
I figured that I should get a better strategy than just stabbing away with repositories..
Just to be clear: I'm getting the error:
java.lang.NoClassDefFoundError: Could not initialize class org.hibernate.validator.engine.ConfigurationImpl
This should be in the hibernate-validator dependency, so not behaving as I would expect.
Do you have slf4j-api on the classpath (this should be pulled in by HV, but just to make sure)?
The NoClassDefFoundError doesn't mean that ConfigurationImpl is not available, but it couldn't be loaded (typically due to problems in the static initializer or by imports of the loaded class which are not available).
A side note on using the annotation processor: instead of adding it as project dependency you can also use it via the Maven annotation processor plugin. That way you can't accidentally import classes from it in your project. The set-up is described in detail in the Hibernate Validator reference guide.
OP probably won't need it anymore, but maybe somebody else will.
I've had a similar problem with combination of Hibernate Validator 4.3 Final and slf4j 1.5.11
Finally I've found pair of versions that are willing to work together namely:
-Hibernate Validator Final 4.2
-slf4j 1.6.6

Attaching source to a system scoped dependency

I have a dependency which is scoped as "system".
I'd like to know if there's a way to define the attached source and javadoc for the dependency. This seems like something that should've been taken care of, but I can't seem to fine any documentation on it or why it was neglected.
I am specifically looking for the configuration solution, not installing it to my local repo, or deploying it to a common repo. For the sake of this discussion, those options are out.
Do you mean attach sources using m2eclipse?
If so, you just need to ensure the sources jar is in the same directory. I tried this by copying commons-io-1.4.jar to some other directory and setting the system path, if commons-io-1.4-sources.jar is in the same directory, m2eclipse finds and attaches the sources.
<dependency>
<groupId>commons-io</groupId>
<artifactId>commons-io</artifactId>
<version>1.4</version>
<scope>system</scope>
<systemPath>C:\test\lib\commons-io-1.4.jar</systemPath>
</dependency>
And the source jar is
C:\test\lib\commons-io-1.4-sources.jar
I guess it'll work the same for javadoc, not tried it though.