how to exclude all artifacts from a group in maven?

Question

I am using maven 3 with the Enforcer plugin configured to force version convergence. I am using Spring 3.1.2 and Spring Security 3.1.3.

The problem is that Spring 3.1.3 POM declares dependencies on Spring 3.0.7 because that is the minimum version need for spring security. This means that the enforcer plugin complains because the transitive dependency graph has both Spring 3.1.2 and Spring 3.0.7 in it.

The fix is to explicitly exclude spring 3.0.7 as a dependency of spring security so that the enforcer plugin in happy.

The code snippet below does just that, the problem with it is that I am having to repeat the same snippet over and over gain for each jar of spring security, this is tedious and makes the pom hard to read, is there a way to tell maven something along the lines.

for the dependency org.springframework.security no matter what artificatId ignore the dependency of the security framework on the spring framework?

<dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-acl</artifactId>
            <version>${spring.security.version}</version>
            <exclusions>
                <exclusion>
                    <artifactId>spring-tx</artifactId>
                    <groupId>org.springframework</groupId>
                </exclusion>
                <exclusion>
                    <artifactId>spring-asm</artifactId>
                    <groupId>org.springframework</groupId>
                </exclusion>

                <exclusion>
                    <artifactId>spring-core</artifactId>
                    <groupId>org.springframework</groupId>
                </exclusion>
                <exclusion>
                    <artifactId>spring-aop</artifactId>
                    <groupId>org.springframework</groupId>
                </exclusion>
                <exclusion>
                    <artifactId>spring-beans</artifactId>
                    <groupId>org.springframework</groupId>
                </exclusion>
                <exclusion>
                    <artifactId>spring-jdbc</artifactId>
                    <groupId>org.springframework</groupId>
                </exclusion>
                <exclusion>
                    <artifactId>spring-expression</artifactId>
                    <groupId>org.springframework</groupId>
                </exclusion>
                <exclusion>
                    <artifactId>spring-context</artifactId>
                    <groupId>org.springframework</groupId>
                </exclusion>
            </exclusions>
        </dependency>
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-web</artifactId>
            <version>${spring.security.version}</version>
            <exclusions>
                <exclusion>
                    <artifactId>spring-aop</artifactId>
                    <groupId>org.springframework</groupId>
                </exclusion>
                <exclusion>
                    <artifactId>spring-core</artifactId>
                    <groupId>org.springframework</groupId>
                </exclusion>
                <exclusion>
                    <artifactId>spring-expression</artifactId>
                    <groupId>org.springframework</groupId>
                </exclusion>
                <exclusion>
                    <artifactId>spring-beans</artifactId>
                    <groupId>org.springframework</groupId>
                </exclusion>
                <exclusion>
                    <artifactId>spring-context</artifactId>
                    <groupId>org.springframework</groupId>
                </exclusion>
                <exclusion>
                    <artifactId>aopalliance</artifactId>
                    <groupId>aopalliance</groupId>
                </exclusion>
                <exclusion>
                    <artifactId>spring-web</artifactId>
                    <groupId>org.springframework</groupId>
                </exclusion>
                <exclusion>
                    <artifactId>spring-jdbc</artifactId>
                    <groupId>org.springframework</groupId>
                </exclusion>
                <exclusion>
                    <artifactId>spring-tx</artifactId>
                    <groupId>org.springframework</groupId>
                </exclusion>
            </exclusions>
        </dependency>

Answer 1

This worked for me, excluding all artifacts for groupId org.springframework:

<exclusions>
    <exclusion>
        <groupId>org.springframework</groupId>
        <artifactId>*</artifactId>
    </exclusion>
</exclusions>

Answer 2

This probably won't help you much, but there is a feature request to allow wildcards in exclusions, however it is not in the current release version of Maven (3.0.4). (Edit: this feature is now present in Maven 3.2.1)

https://issues.apache.org/jira/browse/MNG-3832

Interesting is a comment in this JIRA issue:

Not sure what's going on, but this seems to work in Maven 3.0.3, using this:

<exclusion>
    <groupId>*</groupId>
    <artifactId>*</artifactId>
</exclusion>

However, this produces these warnings:

[WARNING] 'dependencies.dependency.exclusions.exclusion.groupId' for my.groupid:my.artifactid:ejb-client with value '*' does not match a valid id pattern. @ line 31, column 30

[WARNING] 'dependencies.dependency.exclusions.exclusion.artifactId' for my.groupid:my.artifactid:ejb-client with value '*' does not match a valid id pattern. @ line 32, column 33

So I probably shouldn't be doing it, but it does work.

So you might be able to use an artifactId wildcard in Maven 3.0.3 or later and have it work, but with warnings and with no guarantee of compatibility with later versions.

Answer 3

I encountered the same problem. I think you should explicit include Spring 3.2.x in your pom.xml to enforce the spring version in level 0 when Maven solve the conflict jars. Please refer to: http://www.baeldung.com/spring-security-with-maven