With 4278cc1 (#299), jakarta.security requires transitive jakarta.servlet, jakarta.security.auth.message and jakarta.json. While the Maven artifact providing jakarta.json (jakarta.json:jakarta.json-api) has <scope>compile</scope>, the artifacts providing the two other modules (jakarta.servlet:jakarta.servlet-api, jakarta.authentication:jakarta.authentication-api) have <scope>provided</scope>.
The latter therefore are not transitive dependencies of a Maven project with dependency jakarta.security.enterprise:jakarta.security.enterprise-api (see table in Maven docs).
As a consequence, if the Maven project defines a module which requires jakarta.security, it has implicit dependences on jakarta.servlet, jakarta.security.auth.message and jakarta.json, but only jakarta.json is provided by a transitive dependency.
Therefore, the build fails with e.g. "module not found: jakarta.security.auth.message", if there is no direct dependency on jakarta.authentication:jakarta.authentication-api, regardless of whether this dependency is actually used.
Example:
A Maven project with
<dependencies>
<dependency>
<groupId>jakarta.servlet</groupId>
<artifactId>jakarta.servlet-api</artifactId>
<version>6.1.0</version>
</dependency>
<dependency>
<groupId>jakarta.security.enterprise</groupId>
<artifactId>jakarta.security.enterprise-api</artifactId>
<version>4.0.0</version>
</dependency>
</dependencies>
provides all necessary classes for e.g.
public class TestAuthentication implements HttpAuthenticationMechanism {
@Override
public AuthenticationStatus validateRequest(
HttpServletRequest httpRequest,
HttpServletResponse httpResponse,
HttpMessageContext ctx
) throws AuthenticationException {
return ctx.doNothing();
}
}
If this is packaged into a module
module test {
requires jakarta.security;
requires jakarta.servlet;
}
building fails as described above.
As a work-around, an unused dependency has to be declared:
<dependency>
<groupId>jakarta.authentication</groupId>
<artifactId>jakarta.authentication-api</artifactId>
<version>3.1.0</version>
</dependency>
With 4278cc1 (#299),
jakarta.securityrequires transitivejakarta.servlet,jakarta.security.auth.messageandjakarta.json. While the Maven artifact providingjakarta.json(jakarta.json:jakarta.json-api) has<scope>compile</scope>, the artifacts providing the two other modules (jakarta.servlet:jakarta.servlet-api,jakarta.authentication:jakarta.authentication-api) have<scope>provided</scope>.The latter therefore are not transitive dependencies of a Maven project with dependency
jakarta.security.enterprise:jakarta.security.enterprise-api(see table in Maven docs).As a consequence, if the Maven project defines a module which
requires jakarta.security, it has implicit dependences onjakarta.servlet,jakarta.security.auth.messageandjakarta.json, but onlyjakarta.jsonis provided by a transitive dependency.Therefore, the build fails with e.g. "module not found: jakarta.security.auth.message", if there is no direct dependency on
jakarta.authentication:jakarta.authentication-api, regardless of whether this dependency is actually used.Example:
A Maven project with
provides all necessary classes for e.g.
If this is packaged into a module
building fails as described above.
As a work-around, an unused dependency has to be declared: