To solve the version mismatch issue, you can use the concept of a “bill of materials” (BOM) dependency. A BOM dependency keeps track of version numbers and ensures that all dependencies (both direct and transitive) are at the same version.
1. Why do we need the BOM file?
If you have worked on maven in your projects for dependency management, then you must have faced one problem at least once or maybe more than that. And the problem is version mismatch. It generally happens when you have some dependencies that bring their related dependencies (transitive dependencies) together with a certain version. If you have included those dependencies with different version numbers already, they can face undesired results in compile time as well as runtime.
Ideally, to avoid the above issue you need to explicitly exclude the related dependency, but it is quite possible that you can forget to do so.
Maven BOM is a special type of POM file that manages a group of dependencies and their versions. BOM files are used to ensure that all dependencies within a group (like a set of Spring or Hibernate modules) are compatible with each other. This eliminates version conflicts and simplifies dependency management.
2. How to add maven BOM dependency
Maven provides a tag dependencyManagement for this purpose. You need to add the maven bom information in this tag as follows. I am taking the example of the Spring bom file.
To import a BOM, we use the <dependencyManagement> section in your pom.xml. The BOM itself is specified as a dependency with the import scope.
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-framework-bom</artifactId>
<version>6.1.8</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>An added benefit of using the BOM is that you no longer need to specify the version attribute when depending on Spring framework artifacts. So it will work perfectly fine.
<dependencies>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-context</artifactId>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-web</artifactId>
</dependency>
<dependencies>3. Each Project has its own Maven BOM file
Please note that there is no common or universal bom file. Each project (if supports this feature) provides its bom file and manages versions of its related dependencies.
A few examples of various bom files are below:
3.1. RESTEasy Maven BOM dependency
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.jboss.resteasy</groupId>
<artifactId>resteasy-bom</artifactId>
<version>3.0.6.Final</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>3.2. JBOSS Maven BOM dependency
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.jboss.bom</groupId>
<artifactId>jboss-javaee-6.0-with-tools</artifactId>
<version>${some.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement> 3.3. Jersey Maven BOM dependency
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.glassfish.jersey</groupId>
<artifactId>jersey-bom</artifactId>
<version>${jersey.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>Those are a few examples. So whenever you work next time in Maven, try to explore this feature.
4. Maven BOM vs POM
First of all, BOMs are ordinary pom.xml files — they contain no source code and their only purpose is to declare their bundled modules. It defines the versions of all the artifacts that will be created in the library. Other projects that wish to use the library should import this pom into the dependencyManagement section of their pom.
POM files are more than just dependencies. For example organization and licenses, the URL of where the project lives, the project’s dependencies, plugins, profiles, and many such things. It also controls the complete build process of the project.
Happy Learning !!
Reference:
Comments