After having some problems to update log4j in a Grails 2.4 project (which I don't think I have accomplised yet, btw)
Update log4j in Grails 2.4 results in "Could not transfer artifact from/to grailsCentral"
Now I am finding problems to get rid of the old log4j version from the dependency list.
Interestingly enough, Grails 2.4.2 documentation explains how to exclude precisely log4j from the global set:
https://grails.github.io/grails2-doc/2.4.2/guide/conf.html#logging
So, this is my dependency resolution section:
grails.project.dependency.resolution = {
inherits("global") {
excludes "grails-plugin-logging", "log4j"
}
log "verbose" // log level of Ivy resolver, either 'error', 'warn', 'info', 'debug' or 'verbose'
checksums true // Whether to verify checksums on resolve
legacyResolve false // whether to do a secondary resolve on plugin installation, not advised and here for backwards compatibility
repositories {
inherits true // Whether to inherit repository definitions from plugins
grailsPlugins()
grailsHome()
mavenLocal()
//grailsCentral()
//mavenCentral()
mavenRepo 'https://repo.grails.org/grails/plugins'
mavenRepo 'https://repo1.maven.org/maven2/'
mavenRepo 'https://repo.maven.apache.org/maven2/'
}
dependencies {
...
compile "org.apache.logging.log4j:log4j-core:2.17.1"
compile "org.apache.logging.log4j:log4j-api:2.17.1"
}
plugins {
// plugins for the build system only
....
}
}
However, after cleaning and building again my application, if a run a dependency-report, log4j-1.2.17 still shows there.
Even more, as I've said before, something tells that I am neither using the new version of log4j. But I don't know how to test it.
If I put this in the "excludes":
inherits("global") {
excludes "grails-plugin-log4j", "grails-plugin-logging", "log4j"
}
Then build fails because
[groovyc] groovy.lang.GroovyRuntimeException: Unable to load logging class
which I guess it's related with the myriad of default Grails files that have this line:
import groovy.util.logging.Log4j
I am starting to think that updating log4j version is next to impossible in Grails. In my opinion, with the last CVE regarding log4j (even though this version is not affected), they should have released some document explaining how to update to the last version.
Does someone know how to do this properly?
I am trying to do this myself. I am in progress, but it looks so far like you are missing an important piece... From the Log4J documentaion:
Optional Components
Log4j 2.x contains several optional components that can be included in an application.
Log4j 1.x API Bridge
If existing components use Log4j 1.x and you want to have this logging routed to Log4j 2, then remove any log4j 1.x dependencies and add the following.
[various include types are below]
https://logging.apache.org/log4j/2.x/maven-artifacts.html
Related
For an older project running grails 2.1.2, I want to get the spring-security-core plugin RC-2 downloaded but it's not being resolved as yet.
Even if I create a new grails project on grails 2.1.2, I can't add this plugin either by defining build dependency or even by trying to install using command:
grails install-plugin spring-security-core
Figured out that my local plugins-list-grailsCentral.xml isn't being examined when checking for plugin. Not sure, why?
From this xml, I downloaded the zip file then copied it in grails-install-dir/lib/org.grails.plugins/spring-security-core/jars (just because I saw that this path was being looked for by grails) and that dependency resolved.
I have now few other plugins not being resolved yet. How can I ask grails to look for this central grails plugin list? I already have following in BuildConfig.groovy.
repositories {
inherits true // Whether to inherit repository definitions from plugins
grailsCentral()
grailsPlugins()
grailsHome()
mavenLocal()
mavenCentral()
}
appreciate your assistance
Phew;
Issue resolved by using another mavenRepo http://repo.grails.org/grails/repo/
My BuildConfig.groovy repositories structure now looks like:
repositories {
inherits true
grailsCentral()
grailsPlugins()
grailsHome()
mavenLocal()
mavenCentral()
mavenRepo 'http://repo.grails.org/grails/repo/'
}
Special thanks to
Why do I receive grails module not found and unresolved dependency warnings?
and grails-2.3.7 plugins/repository not found
Grails "rendering" plugin uses org.xhtmlrenderer. Grails itself comes packaged with org.xhtmlrenderer:core-renderer:R8, which apparently from dependency-report is used grails-docs.
There's a bug in this version of xhtmlrender which conflicts with twitter bootstrap and which is only fixed in the github repository. I've built this new version and successfully installed it via maven, but for the life of me I can't get the "rendering" plugin to use it. I've even tried to build my own version of the rendering plugin, but that doesn't work, and according to dependency-report "rendering" doesn't even depend on org.xhtmlrenderer:core-renderer:R8.
In BuildConfig.groovy, I've tried (among many, many other things):
inherits("global") {
// specify dependency exclusions here; for example, uncomment this to disable ehcache:
// excludes 'ehcache'
excludes 'core-renderer-M8', 'org.xhtmlrenderer', 'core-renderer'
}
and
compile 'org.xhtmlrenderer:flying-saucer-core:9.0.1-custom'
runtime 'org.xhtmlrenderer:flying-saucer-core:9.0.1-custom'
to no avail.
How can I get "rendering" to use my custom build of org.xhtmlrenderer? Is the trick to build a local version of the "rendering" plugin and add the exclude and dependency info I tried in the project BuildConfig.groovy to the plugin BuildConfig.groovy?
What you need to do is exclude grails-docs from the inherited global dependencies and then specifically add it excluding xhtmlrenderer (although it looks like that's just the package name and you need to exclude flying-sauce-core). This will let you specify your own version of the library.
grails.project.dependency.resolution = {
// inherit Grails' default dependencies
inherits("global") {
excludes 'grails-docs'
}
dependencies {
// specify dependencies here under either 'build', 'compile', 'runtime', 'test' or 'provided' scopes e.g.
// runtime 'mysql:mysql-connector-java:5.1.24'
build('org.grails:grails-docs:2.3.7') {
excludes 'flying-saucer-core'
}
}
}
I played with Grails 3.0.0.M1 today and tried to make a small application using mongodb, however I couldn't manage to add it correctly to my build.gradle file. What is the correct syntax? I tried (excerpt):
repositories {
mavenLocal()
maven { url "http://repo.grails.org/grails/core" }
}
dependencyManagement {
imports {
mavenBom "org.grails:grails-bom:$grailsVersion"
}
applyMavenExclusions false
}
dependencies {
//...
compile ':mongodb:3.0.2'
//...
}
as that plugin's documentation suggested, but ended up with it not being found. I also noted that the grailsCentral() shortcut didn't work.
I then tried to add postgresql-extensions, but it was the same. Has the syntax changed, are these plugins not supported at the time, or what gives?
Also, could someone with competence add a grails-3.0 tag?
I'm one of the authors of postgresql-extensions. At this moment the plugin is not compatible with Grails 3.0. We need to wait until the Grails team publish an updated documentation of how to migrate the plugins from 2.x to 3.0.
For mongodb use:
compile 'org.grails.plugins:mongodb:4.0.0.M1'
A grails application I work with has two ways to include plugins:
first in the application.properties file:
plugins.cache-headers=1.0.4
plugins.cached-resources=1.1
plugins.database-migration=1.1
plugins.export=1.5
plugins.font-awesome-resources=3.2.1.2
and in the BuildConfig.groovy file:
runtime ":resources:1.1.6"
compile ":database-migration:1.3.6"
compile ":quartz:0.4.2"
compile ":export:1.5"
compile ":font-awesome-resources:3.2.1.2"
It seems confusing that the database migration plugin is version 1.1 in application resources and 1.3.6 in BuildConfig.
Why are there two ways to configure plugins for grails?
Yes there are two ways of installing plugins.
The old way of declaring dependencies, using the command install-plugin. This will work with application.properties.
In Grails 2.x the preferred way is to use BuildConfig.groovy since this is more flexible, you can exclude jars/dependencies, define the scope and config the dependency to not be exported.
plugins {
test() //test scoped plugin
compile("group:name:version") {
excludes "some-dependency" //install the plugin, but not his dependency
}
compile("...") {
export = false //use this dependency, but not export.
}
}
With install-plugin, all your dependencies will be compile scoped.
More about in this discussion.
I'm totally confused how and where to specify my own plugin dependencies in Grails 2.2.X The documentation (Understanding Plugin Load Order) says that you can specify the dependencies in plugin descriptor class MyGrailsPlugin.groovy. Whereas, the "Upgrading from" chapter says that only pom dependencies will be taken into account. As I understand this unclear statement, only if I would specify the dependency in BuildConfig as a compile dependency that it would be used.
Using dependsOn brought me some problems in my main application (could not resolve a dependency in plugin even if it exists - I think some wild card problem "def dependsOn =['jquery-ui': "* > 1.8.24"]").
The only way how the plugin dependency works for me is specifying it in BuildConfig (MyPlugin):
grails.project.work.dir = 'target'
grails.project.dependency.resolution = {
inherits 'global'
log 'warn'
repositories {
grailsCentral()
mavenLocal()
mavenCentral()
}
plugins {
build(':release:2.2.1', ':rest-client-builder:1.0.3') {
export = false
}
compile ":resources:1.1.6"
compile ":jquery:1.8.3"
compile ":jquery-ui:1.8.24"
}
}
But my application uses resources plugin of version 1.2. When I run the app it always asks me if I'd like to upgrade to 1.1.6.
So the question is, how and where should I specify my dependencies.
Thanks,
Mateo
Actually, I am using grails 2.1.0. In that i replace resource with 1.2( runtime ":resources:1.2") in BuildConfig.groovy.
And then refresh dependencies. It is worked fine.
After reading more about Grails plug-in I realized that this behavior makes sense. If the plugin specify certain version of its dependency and your project specifies a different one, you're in conflict. You need to use following in order to exclude dependecy from the plugin and use yours:
runtime ":resources:1.2"
compile ':my-plugin:2.0.8', {
exclude 'resources'
}
In this case the plugin creator cannot assure that his plugin will run properly with newer version of dependency.
Regarding the resources plugin dependency. In my opinion it is better to use following
compile ":resources:1.1.6" {
export = false
}
which won't include the dependency for your plugin. This should be used just when you defines some ApplicationResources.groovy. If you use something from this plugin in your plugin you should not exclude resource plugin...
In my opinion you should specify your plugin dependencies in BuildConfig.groovy
Hope these things will be improved in further Grails versions.
Further reading from Burt:
http://www.slideshare.net/burtbeckwith/plugins-21828912