Skip to content

Inconsistent dependency configuration #8

New issue
New issue
Open
Open
Inconsistent dependency configuration#8
@jgrandja

Description

@jgrandja
jgrandja
opened on May 24, 2017

Given the following build from the Spring Security sample helloworld:

apply plugin: 'io.spring.convention.spring-sample-boot'

dependencies {
	compile project(':spring-security-config')
	compile project(':spring-security-web')
	compile 'org.springframework.boot:spring-boot-starter-security'
	compile 'org.springframework.boot:spring-boot-starter-thymeleaf'
	compile 'org.springframework.boot:spring-boot-starter-web'
	compile 'org.thymeleaf.extras:thymeleaf-extras-springsecurity4'

	testCompile project(':spring-security-test')
	testCompile 'org.springframework.boot:spring-boot-starter-test'
}

Both spring-security-config and spring-security-web are configured as provided as a result of importing org.springframework.boot:spring-boot-starter-security.

However...

Given the following build from the Spring Security sample oauth2Login:

apply plugin: 'io.spring.convention.spring-sample-boot'

dependencies {
	compile project(':spring-security-config')
	compile project(':spring-security-web')
	compile project(':spring-security-oauth2-client')
	compile 'org.springframework.boot:spring-boot-starter-security'
	compile 'org.springframework.boot:spring-boot-starter-thymeleaf'
	compile 'org.springframework.boot:spring-boot-starter-web'
	compile 'org.thymeleaf.extras:thymeleaf-extras-springsecurity4'

	testCompile project(':spring-security-test')
	testCompile 'net.sourceforge.htmlunit:htmlunit'
	testCompile 'org.springframework.boot:spring-boot-starter-test'
}

Only spring-security-config is configured as provided as a result of importing org.springframework.boot:spring-boot-starter-security. But spring-security-web is configured as compille. The expectation would be that it also would be configured as provided as is the case in the helloworld sample.

Furthermore, I feel that project imports should take precedence over dependency imports. So in both cases above, although org.springframework.boot:spring-boot-starter-security imports spring-security-config and spring-security-web, if they are explicitly imported as projects than I feel the configuration should be compile.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions