[GitHub] [ofbiz-framework] girishvasmatkar opened a new pull request #249: Fixed: javax.ws.rs-api dependency download issue by excluding it as a…

girishvasmatkar opened a new pull request #249:
URL: https://github.com/apache/ofbiz-framework/pull/249


   Fixed:(OFBIZ-)
   
   Explanation
   
   The problem stems from an invalid POM for the artifact javax.ws.rs-api with version 2.1.1. javax.ws.rs-api gets somehow included as a transitive dependency by tika-parsers:1.20 and javax.ws.rs-api:2.1.1 has an invalid POM definition for the packaging.
   I checked file https://repo1.maven.org/maven2/javax/ws/rs/javax.ws.rs-api/2.1/javax.ws.rs-api-2.1.pom and this is what I see -
   <packaging>${packaging.type}</packaging>
   
   So gradle tries to actually go to https://jcenter.bintray.com/javax/ws/rs/javax.ws.rs-api/2.1.1/javax.ws.rs-api-2.1.1.$%7Bpackaging.type%7D instead of 
   https://jcenter.bintray.com/javax/ws/rs/javax.ws.rs-api/2.1.1/javax.ws.rs-api-2.1.1.jar which is a valid URL and JAR does exist.
   
   So the first issue is that the POM file is messed up and it is actually an issue with other versions as well of the artifact javax.ws.rs-api. 
   There are two fixes as suggested here - https://github.com/gradle/gradle/issues/3065
   1. Exclude javax.ws.rs-api from tika-parsers:1.20 and add it's dependency explicitly using @jar to indicate the packaging type. We will go back to tika-parsers:1.20 because the later version is creating dependency hell problems as pointed out by Jacopo.compile 'org.apache.tika:tika-core:1.20'
   compile('org.apache.tika:tika-parsers:1.20') {
    exclude group: 'javax.ws.rs'
   }compile "javax.ws.rs:javax.ws.rs-api:2.1.1@jar" // @jar will make sure packaging 'jar' is used to resolve the URLI have tested the above fix and it is working properly. No 404 issue while the solr test is running too.
   2. Upgrade Gradle version to 4.5 (see the explanation at https://github.com/gradle/gradle/issues/3065).     I have tested upgrading to 4.5 while being on commit 2d15771d56ab1637efa5685799f86a7bb118cee4. I think Gradle upgrade will be a big upgrade for the release and would probably require proper testing. I am personally not for Gradle upgrade.
   
   Thanks:
   Girish


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[hidden email]

sonarcloud[bot] commented on pull request #249:
URL: https://github.com/apache/ofbiz-framework/pull/249#issuecomment-753763055


   Kudos, SonarCloud Quality Gate passed!
   
   [<img src='https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/bug.png' alt='Bug' width='16' height='16' />](https://sonarcloud.io/project/issues?id=apache_ofbiz-framework&pullRequest=249&resolved=false&types=BUG) [<img src='https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A.png' alt='A' width='16' height='16' />](https://sonarcloud.io/project/issues?id=apache_ofbiz-framework&pullRequest=249&resolved=false&types=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_ofbiz-framework&pullRequest=249&resolved=false&types=BUG)  
   [<img src='https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/vulnerability.png' alt='Vulnerability' width='16' height='16' />](https://sonarcloud.io/project/issues?id=apache_ofbiz-framework&pullRequest=249&resolved=false&types=VULNERABILITY) [<img src='https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A.png' alt='A' width='16' height='16' />](https://sonarcloud.io/project/issues?id=apache_ofbiz-framework&pullRequest=249&resolved=false&types=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_ofbiz-framework&pullRequest=249&resolved=false&types=VULNERABILITY)  
   [<img src='https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/security_hotspot.png' alt='Security Hotspot' width='16' height='16' />](https://sonarcloud.io/project/security_hotspots?id=apache_ofbiz-framework&pullRequest=249&resolved=false&types=SECURITY_HOTSPOT) [<img src='https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A.png' alt='A' width='16' height='16' />](https://sonarcloud.io/project/security_hotspots?id=apache_ofbiz-framework&pullRequest=249&resolved=false&types=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_ofbiz-framework&pullRequest=249&resolved=false&types=SECURITY_HOTSPOT)  
   [<img src='https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/code_smell.png' alt='Code Smell' width='16' height='16' />](https://sonarcloud.io/project/issues?id=apache_ofbiz-framework&pullRequest=249&resolved=false&types=CODE_SMELL) [<img src='https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A.png' alt='A' width='16' height='16' />](https://sonarcloud.io/project/issues?id=apache_ofbiz-framework&pullRequest=249&resolved=false&types=CODE_SMELL) [0 Code Smells](https://sonarcloud.io/project/issues?id=apache_ofbiz-framework&pullRequest=249&resolved=false&types=CODE_SMELL)
   
   [<img src='https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/CoverageChart/NoCoverageInfo.png' alt='No Coverage information' width='16' height='16' />](https://sonarcloud.io/component_measures?id=apache_ofbiz-framework&pullRequest=249) No Coverage information  
   [<img src='https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/Duplications/NoDuplicationInfo.png' alt='No Duplication information' width='16' height='16' />](https://sonarcloud.io/component_measures?id=apache_ofbiz-framework&pullRequest=249&metric=duplicated_lines_density&view=list) No Duplication information
   
   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[hidden email]

dixitdeepak commented on a change in pull request #249:
URL: https://github.com/apache/ofbiz-framework/pull/249#discussion_r551129977



##########
File path: build.gradle
##########
@@ -139,8 +139,11 @@ dependencies {
     compile 'org.apache.httpcomponents:httpclient-cache:4.5.4'
     compile 'org.apache.logging.log4j:log4j-api:2.10.0' // the API of log4j 2
     compile 'org.apache.shiro:shiro-core:1.4.0'
-    compile 'org.apache.tika:tika-core:1.24.1'
-    compile 'org.apache.tika:tika-parsers:1.24.1'
+    compile 'org.apache.tika:tika-core:1.20'

Review comment:
       Hi Girish,
   We need to update tika-core to 1.24.1
   https://issues.apache.org/jira/browse/OFBIZ-12080




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[hidden email]

martnaum commented on pull request #249:
URL: https://github.com/apache/ofbiz-framework/pull/249#issuecomment-756771221


   Hi Girish,
   
   switching to tika-core:1.24.1 and tika-parsers:1.24.1 fixes the problem for me. 1.25 also seems to work but we'll stick to 1.24.1 first after @dixitdeepak 's comment. There's no need to exclude javax.ws.rs in both cases.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[hidden email]

martnaum edited a comment on pull request #249:
URL: https://github.com/apache/ofbiz-framework/pull/249#issuecomment-756771221


   Hi Girish,
   
   switching to tika-core:1.24.1 and tika-parsers:1.24.1 fixed the problem for me. 1.25 also seems to work but we'll stick to 1.24.1 first after @dixitdeepak 's comment. There's no need to exclude javax.ws.rs in both cases.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[hidden email]

martnaum edited a comment on pull request #249:
URL: https://github.com/apache/ofbiz-framework/pull/249#issuecomment-756771221


   Hi Girish,
   
   switching to tika-core:1.24.1 and tika-parsers:1.24.1 fixed the problem for us. 1.25 also seems to work but we'll stick to 1.24.1 first after @dixitdeepak 's comment. There's no need to exclude javax.ws.rs in both cases.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[hidden email]

girishvasmatkar commented on pull request #249:
URL: https://github.com/apache/ofbiz-framework/pull/249#issuecomment-757200352


   Hi @martnaum, @dixitdeepak  : Yes, I noticed there was a security vulnerability for lower tika version so it made sense to update it and hence solr/lucene had to be updated to so that makes sense.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[hidden email]

girishvasmatkar closed pull request #249:
URL: https://github.com/apache/ofbiz-framework/pull/249


   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[hidden email]

martnaum commented on pull request #249:
URL: https://github.com/apache/ofbiz-framework/pull/249#issuecomment-756771221


   Hi Girish,
   
   switching to tika-core:1.24.1 and tika-parsers:1.24.1 fixes the problem for me. 1.25 also seems to work but we'll stick to 1.24.1 first after @dixitdeepak 's comment. There's no need to exclude javax.ws.rs in both cases.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[hidden email]

girishvasmatkar commented on pull request #249:
URL: https://github.com/apache/ofbiz-framework/pull/249#issuecomment-757200352


   Hi @martnaum, @dixitdeepak  : Yes, I noticed there was a security vulnerability for lower tika version so it made sense to update it and hence solr/lucene had to be updated to so that makes sense.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[hidden email]

girishvasmatkar closed pull request #249:
URL: https://github.com/apache/ofbiz-framework/pull/249


   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[hidden email]

martnaum edited a comment on pull request #249:
URL: https://github.com/apache/ofbiz-framework/pull/249#issuecomment-756771221






----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[hidden email]