Maven执行者和wilcard依赖性排除

Question

我正在使用Maven enforcer插件来检查依赖性收敛.鉴于这个(人为的)例子:

project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
  <modelVersion>4.0.0</modelVersion>
  <groupId>warren</groupId>
  <artifactId>warren</artifactId>
  <packaging>war</packaging>
  <version>1.0-SNAPSHOT</version>
  <name>warren Maven Webapp</name>
  <url>http://maven.apache.org</url>
  <dependencies>
    <dependency>
      <groupId>junit</groupId>
      <artifactId>junit</artifactId>
      <version>3.8.1</version>
      <scope>test</scope>
    </dependency>
    <dependency>
      <groupId>net.sf.jtidy</groupId>
      <artifactId>jtidy</artifactId>
      <version>r938</version>
    </dependency>
    <dependency>
      <groupId>org.apache.maven.plugin-tools</groupId>
      <artifactId>maven-plugin-tools-api</artifactId>
      <version>2.5.1</version>
    </dependency>
  </dependencies>
  <build>
    <finalName>warren</finalName>

    <!-- The Maven Enforcer -->
    <plugins>
    <plugin>
      <groupId>org.apache.maven.plugins</groupId>
      <artifactId>maven-enforcer-plugin</artifactId>
      <version>1.4</version>
      <dependencies>
        <dependency>
          <groupId>org.codehaus.mojo</groupId>
          <artifactId>extra-enforcer-rules</artifactId>
          <version>1.0-beta-2</version>
        </dependency>
      </dependencies>
      <executions>
        <!-- ******************************************************* -->
        <!-- Ensure that certain really important things are checked -->
        <!-- and fail the build if any of these are violated         -->
        <!-- ****************************************************** -->
        <execution>
          <id>enforce-important-stuff</id>
          <goals>
            <goal>enforce</goal>
          </goals>
          <phase>validate</phase>
          <configuration>
            <rules>
              <requireMavenVersion>
                <version>3.2.1</version>
              </requireMavenVersion>
              <requireJavaVersion>
                <version>1.7</version>
              </requireJavaVersion>
              <DependencyConvergence />
              <bannedDependencies>
                <searchTransitive>true</searchTransitive>
                <excludes>
                  <!-- Should be javax.servlet:javax.servlet-api:3.0.1 -->
                  <exclude>javax.servlet:servlet-api:2.*</exclude>
                  <!-- Should be org.springframework:3.2.* . Note this is
                       for the core spring framework. Others such as
                       WS etc may be different, but the convergence to the underlying
                       core Spring framework should be the same -->
                  <exclude>org.springframework:2.*</exclude>
                  <exclude>org.springframework:3.0.*</exclude>
                  <exclude>org.springframework:3.1.*</exclude>&gt;
                  <!-- Should be slf4j 1.7.5 with logback and
                       bridges to JCL, JUL and log4j (this means these
                       individual libraries should not be included as the
                       "bridges" implement the API and redirect to the
                       underlying SLF4j impl -->
                  <exclude>log4j:log4j</exclude>
                  <exclude>commons-logging</exclude>
                  <exclude>org.slf4j:1.5*</exclude>
                  <exclude>org.slf4j:1.6*</exclude>
                </excludes>
              </bannedDependencies>
            </rules>
            <failFast>true</failFast>
          </configuration>
        </execution>
        <execution>
          <id>warn-about-stuff-which-may-cause-problems</id>
          <goals>
            <goal>enforce</goal>
          </goals>
          <phase>validate</phase>
          <configuration>
            <rules>
              <banDuplicateClasses>
                <ignoreClasses>

                </ignoreClasses>
                <findAllDuplicates>true</findAllDuplicates>
              </banDuplicateClasses>
            </rules>
            <fail>false</fail>
          </configuration>
        </execution>
      </executions>
    </plugin>
    </plugins>
  </build>
</project>

我得到这个输出:

[ERROR] +-warren:warren:1.0-SNAPSHOT
[ERROR] +-org.apache.maven.plugin-tools:maven-plugin-tools-api:2.5.1
[ERROR] +-org.codehaus.plexus:plexus-utils:1.5.6
[ERROR] and
[ERROR] +-warren:warren:1.0-SNAPSHOT
[ERROR] +-org.apache.maven.plugin-tools:maven-plugin-tools-api:2.5.1
[ERROR] +-org.codehaus.plexus:plexus-container-default:1.0-alpha-9-stable-1
[ERROR] +-org.codehaus.plexus:plexus-utils:1.0.4

所以,我天真地认为我可以改变我的pom以使用通配符排除来避免这个问题,即:

<dependency>
  <groupId>net.sf.jtidy</groupId>
  <artifactId>jtidy</artifactId>
  <version>r938</version>
</dependency>
<dependency>
  <groupId>org.apache.maven.plugin-tools</groupId>
  <artifactId>maven-plugin-tools-api</artifactId>
  <version>2.5.1</version>
  <exclusions>
    <exclusion>
      <groupId>*</groupId>
      <artifactId>*</artifactId>
    </exclusion>
  </exclusions>
</dependency>

但是Maven忽略了通配符,我得到了同样的错误.修复错误的唯一方法是明确放入组和工件ID.

  <exclusions>
    <exclusion>
      <groupId>org.codehaus.plexus</groupId>
      <artifactId>plexus-utils</artifactId>
    </exclusion>
  </exclusions>

在这种情况下是否可以使用通配符排除？注意我已经尝试过使用maven 3.0.5,3.2.1和3.3.3,但没有运气!

非常感谢

Answer 1

使用通配符排除时,dependencyConvergence存在一个未解决的问题:https://issues.apache.org/jira/browse/MENFORCER-195.

没有迹象表明我们何时可以预期修复或此问题上的任何近期活动(或问题https://issues.apache.org/jira/browse/MSHARED-339).我用maven-enforcer-plugin 1.4.1命中了它.