Giter VIP home page Giter VIP logo

alfresco-extension-inspector's Introduction

alfresco-extension-inspector

Build Status License

alfresco-extension-inspector is a tool that scans and validates an Alfresco extension (amp or jar) against an alfresco.war file.

The tool parses an extension and generates a report on possible overrides, discouraged usage of non-public API, Alfresco's 3rd-party libraries.

The project has three main modules, one for parsing the war files - the Inventory, one for analysing custom extensions against the inventory - the Analyser, and one for packaging the Inventory and the Analyser in one executable tool.

License

This project is released under the Apache License, Version 2.0 license. If you are an Enterprise customer check with Alfresco Support.

Packaging

The Application is a Spring Boot application, implemented in the module extension-inspector-packaging. The application merges the Inventory and Analyser libraries in one tool.

Use mvn clean package to build the project. This creates an executable jar, alfresco-extension-inspector-<version>.jar.

Usage:

# Analyse a given Alfresco extension
   java -jar alfresco-extension-inspector.jar <extension-filename> [--target-version=6.1.0[-7.0.0] | --target-inventory=<report_file_path>.json] [--verbose=[true | false]]

# Generate an inventory report for a given war file
   java -jar alfresco-extension-inspector.jar --inventory <alfresco-war-filename> [--o=<report_file_path>.json]

# Help command
   java -jar alfresco-extension-inspector.jar --help

# List all versions with bundled inventories 
   java -jar alfresco-extension-inspector.jar --list-known-alfresco-versions

Options:

   --target-version                     An Alfresco version or a range of Alfresco versions.
   --target-inventory                   A file path of an existing WAR inventory.
   --verbose                            Verbose output.
   --inventory                          Creates an inventory report in json format for the specified war or extension file.
   [--o=<report_file_path>.json]        A file path for the new inventory report.
   --help                               Shows this screen.
   --list-known-alfresco-versions       Lists all Alfresco versions with inventory reports included in the tool.

Inventory

The InventoryApplication is a Spring Boot application, implemented in the module extension-inspector-inventory. The application generates a report file in json format for a war file.

Use mvn clean package to build the project. This creates the alfresco-extension-inspector-inventory-<version>.jar library.

Inventory command:

java -jar alfresco-extension-inspector-<version>.jar --inventory <alfresco_war_path> [--o=<report_file_path>]
  • the first parameter is a path to a valid war file
  • the optional --o parameter is for the output of the report, a given file or a folder location where a report with the default name, <war_name>.inventory.json, is generated.

Output

Example structure of the report:

{
  "schemaVersion" : "1.0",
  "alfrescoVersion" : "6.2.1",
  "resources" : 
    {
      "ALFRESCO_PUBLIC_API" : 
      [ 
        {
         "type" : "ALFRESCO_PUBLIC_API",
         "id" : "package.ClassName1",
         "deprecated" : false,
         "implicit" : false
        },
        {
         "type" : "ALFRESCO_PUBLIC_API",
         "id" : "package.ClassName2",
         "deprecated" : true,
         "implicit" : true
        },
        ...
      ],
      "CLASSPATH_ELEMENT" : 
      [
        {
          "type" : "CLASSPATH_ELEMENT",
          "id" : "org/alfresco/package1/AClass.class",
          "definingObject" : "WEB-INF/lib/alfresco-library.jar"
        },
        {
          "type" : "CLASSPATH_ELEMENT",
          "id" : "com/3rdparty/packageA/AClass.class",
          "definingObject" : "WEB-INF/lib/3rdparty-library.jar"
        },
        ...
      ],
      "BEAN" : 
      [
        {
         "type" : "BEAN",
         "id" : "beanName",
         "definingObject" : "alfresco/aContext.xml@WEB-INF/lib/alfresco-library.jar"
        },
       ...
      ],
      "FILE" : 
      [
        {
          "type" : "FILE",
          "id" : "WEB-INF/classes/aFile.ext",
          "definingObject" : "WEB-INF/classes/aFile.ext"
        },
        {
          "type" : "FILE",
          "id" : "WEB-INF/lib/aLibrary.jar",
          "definingObject" : "WEB-INF/lib/aLibrary.jar"
        },
        ...
      ]
}

Adding a new supported inventory to the Inspector

Analyser

The AnalyserApplication is a Spring Boot application, implemented in the module alfresco-extension-inspector-analyser. This application analyses custom extensions against war inventories.

Use mvn clean package to build the project. This creates the alfresco-extension-inspector-analyser-<version>.jar library.

Analyser command:

java -jar alfresco-extension-inspector-<version>.jar <extension-filename> [--target-version=6.1.0[-7.0.0] | --target-inventory =/path/to/war_inventory.json] [--verbose=[true | false]]

Options:

   --target-version                     An Alfresco version or a range of Alfresco versions.
   --target-inventory                   A file path of an existing WAR inventory.
   --verbose                            Verbose output.

Output

When running the analysing command, alfresco-extension-inspector writes the conflicts directly to the console, grouped by their type.

The conflict types that can be detected by alfresco-extension-inspector are the following:

  • File overwrites (FILE_OVERWRITE)
  • Bean overwrites (BEAN_OVERWRITE)
  • Classpath conflicts (CLASSPATH_CONFLICT)
  • Beans instantiating restricted classes (BEAN_RESTRICTED_CLASS)
  • Usage of non @AlfrescoPublicAPI classes (ALFRESCO_INTERNAL_USAGE)
  • Usage of 3rd party libraries (WAR_LIBRARY_USAGE)
  • Jakarta migration dependency conflicts (JAKARTA_MIGRATION_CONFLICT)

Example of output:

Bean naming conflicts
---------------------
The following Spring beans defined in the extension module are in conflict with beans defined in the ACS repository:
    extension_bean
Spring beans are the basic building blocks of the ACS repository. Replacing these will alter the behaviour of the system and can lead to unexpected behaviour.
Since all these beans are subject to change between Alfresco versions and even in service packs, these modifications are typically bound to a specific Alfresco version.
You should avoid redefining default beans of the ACS repository in your extensions to reduce the cost of upgrades.
It is possible that these conflicts only exist in specific ACS versions. Run this tool with the -verbose option to get a complete list of versions where each of these files has conflicts.

Beans instantiating internal classes
------------------------------------
The following Spring beans defined in the extension module instantiate internal classes:
    extension_bean (class=org.alfresco.repo.... )

These classes are considered an internal implementation detail of the ACS repository and do not constitute a supported extension point. They might change or completely disappear between ACS versions and even in service packs.

Classpath conflicts
-------------------
The following files and libraries in the extension module cause conflicts on the Java classpath:
    /lib/alfresco-test.jar

Ambiguous resources on the Java classpath render the behaviour of the JVM undefined (see Java specification).
Although it might be possible that the repository can still start-up, you can expect erroneous behavior in certain situations. Problems of this kind are typically very hard to detect and trace back to their root cause.
It is possible that these conflicts only exist in specific ACS versions. Run this tool with the -verbose option to get a complete list of versions where each of these files has conflicts.

Custom code using internal classes
----------------------------------
The following classes defined in the extension module are using internal repository classes:
    org.alfresco.repo...

Internal repository classes:
    org.alfresco.repo...

These classes are considered an internal implementation detail of the ACS repository and might change or completely disappear between ACS versions and even between service packs.
For a complete usage matrix, use the -verbose option of this tool.

Custom code using 3rd party libraries managed by the ACS repository
-------------------------------------------------------------------
The code provided by the extension module is using these 3rd party libraries brought by the ACS repository:
    /WEB-INF/lib/test-1.0.0.jar

These 3rd party libraries are managed by the ACS repository and are subject to constant change, even in service packs and hotfixes.
Each of these libraries has its own backward compatibility strategy, which will make it really hard for this extension to keep up with these changes.

Incompatible jakarta migration dependencies
-------------------------------------------
The following classes defined in the extension module are using incompatible jakarta migration dependencies:
	org.alfresco.utility.data.DataEmail
	org.alfresco.utility.data.DataEmail$1
Jakarta migration dependencies:
	jakarta.mail.Authenticator
	jakarta.mail.Flags
	jakarta.mail.Flags$Flag
	jakarta.mail.Folder
	jakarta.mail.Message
	jakarta.mail.MessagingException
	jakarta.mail.Session
	jakarta.mail.Store
	jakarta.mail.internet.MimeMessage
	jakarta.mail.search.AndTerm
	jakarta.mail.search.FlagTerm
	jakarta.mail.search.SearchTerm
Classes using non-jakarta migrated dependencies are incompatible with a jakarta migrated ACS version, and vice versa.
For a complete usage matrix, use the -verbose option of this tool.


REPORT SUMMARY
Across the provided target versions, the following number of conflicts have been found:
+--------------------------+-----+
|Type                      |Total|
+--------------------------+-----+
|BEAN_OVERWRITE            |1    |
+--------------------------+-----+
|BEAN_RESTRICTED_CLASS     |1    |
+--------------------------+-----+
|CLASSPATH_CONFLICT        |1    |
+--------------------------+-----+
|ALFRESCO_INTERNAL_USAGE   |2    |
+--------------------------+-----+
|WAR_LIBRARY_USAGE         |1    |
+--------------------------+-----+
|JAKARTA_MIGRATION_CONFLICT|2    |
+--------------------------+-----+

(use option --verbose for version details)

Implementation details

Alfresco extensions might hide conflicts of types BEAN_RESTRICTED_CLASS, WAR_LIBRARY_USAGE and ALFRESCO_INTERNAL_USAGE if they contain Alfresco specific libraries.

That's because the aforementioned types of conflicts exclude from processing all the classes in the extension's classpath.

Note:

Including in the processing a class present in both extension and war would partially solve the issue because:

  1. Two classes with the same canonical name could come from two different libraries, e.g. an extension specific library and an Alfresco one, or two different versions of the same Alfresco library. Thus checking the class name is not enough.
  2. Comparing their libraries would help only when the same library with the same version is used in both the extension and the war. In case of different versions of the same library, the class won't be recognized as Alfresco internal class.

Build and release process

For a complete walk-through check out the build-and-release-101.MD under the docs folder.

alfresco-extension-inspector's People

Contributors

aforascu avatar alfresco-build avatar ancutam avatar bogdanman avatar cezarleahu avatar cristianturlica avatar denisgabriela avatar dependabot[bot] avatar dsibilio avatar gionn avatar hylandaditya avatar kavitshah-gl avatar killerboot avatar omkaryadv177 avatar pzhyland avatar rgherghelas avatar saraaspery avatar skopf avatar suneet-gupta avatar tpage-alfresco avatar tzclucian avatar vrmoreira avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

patelpradip asksasasa83 abhinavmishra14 opensky-backstage

alfresco-extension-inspector's Issues

Extension inspector should not flag uses of classes required for use/implementation of @AlfrescoPublicApi

The interface org.alfresco.repo.forms.processor.Filter is part of the public API of Alfresco (marked as @AlfrescoPublicApi). This interface defines methods which include the classes org.alfresco.repo.forms.Form and org.alfresco.repo.forms.FormData. Both of these classes, as well as any of their sub-structures and/or related support classes, such as org.alfresco.repo.forms.FieldDefinition, org.alfresco.repo.forms.PropertyFieldDefinition or org.alfresco.repo.forms.processor.AbstractFilter are not marked as @AlfrescoPublicApi and subsequently flagged as a "conflict" by the inspector. Though this is obiously a gross oversight by the Repository Engineering team when classifying which classes are "supported" and which aren't, the flagging of such API as conflicts by the inspector makes it potentially impossible for any extension to use the public API Filter interface in any meaningful way without causing such conflicts.

Tested on my alfresco-utility project, specifically the core extension for Repository-tier, I currently get the following resutls:

--- snipped ---
Internal repository classes:
        org.alfresco.repo.action.constraint.BaseParameterConstraint
---snipped---
        org.alfresco.repo.forms.AssociationFieldDefinition
        org.alfresco.repo.forms.AssociationFieldDefinition$Direction
        org.alfresco.repo.forms.FieldDefinition
        org.alfresco.repo.forms.FormData$FieldData
        org.alfresco.repo.forms.PropertyFieldDefinition
        org.alfresco.repo.forms.processor.AbstractFilter
---snipped---
REPORT SUMMARY
Across the provided target versions, the following number of conflicts have been found:
+-----------------------+-----+
|Type                   |Total|
+-----------------------+-----+
|ALFRESCO_INTERNAL_USAGE|390  |
+-----------------------+-----+
|WAR_LIBRARY_USAGE      |555  |
+-----------------------+-----+

Though I will never be able to reduce those conflict numbers to 0 due to Alfresco's extemely narrow-minded view on what "public API" should be, at least the use / implementation of official "public API" should not add unduely to the count of conflicts. The forms-related conflicts above all stem from the implementation of the Filter interface in 3 classes:

  • de.acosix.alfresco.utility.repo.form.FixateDateOnlyTimezoneFilter (normalises d:date values to a midnight time component in a specific timezone)
  • de.acosix.alfresco.utility.repo.form.InvertedAssociationFieldFilter (generates transient field(s) for back-references / source associations)
  • de.acosix.alfresco.utility.repo.form.TreatEmptyStringsAsNullFilter (prevents empty strings from being set as values to prevent non-nulliness of HTML form text inputs from setting non-value values in the DB)

[WARNING] dependencyManagement, org.quartz-scheduler:quartz:jar, does not match a valid id pattern

Cant build the tool.
Tried as user alfresco & root.

  1. Centos7
    2 Apache Maven 3.0.5

got the following error.

@alfresco alfresco-extension-inspector]# mvn clean install -DskipTests [INFO] Scanning for projects... [WARNING] [WARNING] Some problems were encountered while building the effective model for org.alfresco.extension-inspector:alfresco-extension-inspector-inventory:jar:1.1.1-SNAPSHOT [WARNING] 'dependencyManagement.dependencies.dependency.exclusions.exclusion.artifactId' for org.quartz-scheduler:quartz:jar with value '*' does not match a valid id pattern. @ org.springframework.boot:spring-boot-dependencies:2.2.6.RELEASE, /root/.m2/repository/org/springframework/boot/spring-boot-dependencies/2.2.6.RELEASE/spring-boot-dependencies-2.2.6.RELEASE.pom, line 2759, column 25 [WARNING] [WARNING] Some problems were encountered while building the effective model for org.alfresco.extension-inspector:alfresco-extension-inspector-analyser:jar:1.1.1-SNAPSHOT [WARNING] 'dependencyManagement.dependencies.dependency.exclusions.exclusion.artifactId' for org.quartz-scheduler:quartz:jar with value '*' does not match a valid id pattern. @ org.springframework.boot:spring-boot-dependencies:2.2.6.RELEASE, /root/.m2/repository/org/springframework/boot/spring-boot-dependencies/2.2.6.RELEASE/spring-boot-dependencies-2.2.6.RELEASE.pom, line 2759, column 25 [WARNING] [WARNING] Some problems were encountered while building the effective model for org.alfresco.extension-inspector:alfresco-extension-inspector-commons:jar:1.1.1-SNAPSHOT [WARNING] 'dependencyManagement.dependencies.dependency.exclusions.exclusion.artifactId' for org.quartz-scheduler:quartz:jar with value '*' does not match a valid id pattern. @ org.springframework.boot:spring-boot-dependencies:2.2.6.RELEASE, /root/.m2/repository/org/springframework/boot/spring-boot-dependencies/2.2.6.RELEASE/spring-boot-dependencies-2.2.6.RELEASE.pom, line 2759, column 25 [WARNING] [WARNING] Some problems were encountered while building the effective model for org.alfresco.extension-inspector:alfresco-extension-inspector:jar:1.1.1-SNAPSHOT [WARNING] 'dependencyManagement.dependencies.dependency.exclusions.exclusion.artifactId' for org.quartz-scheduler:quartz:jar with value '*' does not match a valid id pattern. @ org.springframework.boot:spring-boot-dependencies:2.2.6.RELEASE, /root/.m2/repository/org/springframework/boot/spring-boot-dependencies/2.2.6.RELEASE/spring-boot-dependencies-2.2.6.RELEASE.pom, line 2759, column 25 [WARNING] [WARNING] Some problems were encountered while building the effective model for org.alfresco.extension-inspector:alfresco-extension-inspector-test:jar:1.1.1-SNAPSHOT [WARNING] 'dependencyManagement.dependencies.dependency.exclusions.exclusion.artifactId' for org.quartz-scheduler:quartz:jar with value '*' does not match a valid id pattern. @ org.springframework.boot:spring-boot-dependencies:2.2.6.RELEASE, /root/.m2/repository/org/springframework/boot/spring-boot-dependencies/2.2.6.RELEASE/spring-boot-dependencies-2.2.6.RELEASE.pom, line 2759, column 25 [WARNING] [WARNING] Some problems were encountered while building the effective model for org.alfresco.extension-inspector:alfresco-extension-inspector-parent:pom:1.1.1-SNAPSHOT [WARNING] 'dependencyManagement.dependencies.dependency.exclusions.exclusion.artifactId' for org.quartz-scheduler:quartz:jar with value '*' does not match a valid id pattern. @ org.springframework.boot:spring-boot-dependencies:2.2.6.RELEASE, /root/.m2/repository/org/springframework/boot/spring-boot-dependencies/2.2.6.RELEASE/spring-boot-dependencies-2.2.6.RELEASE.pom, line 2759, column 25 [WARNING] [WARNING] It is highly recommended to fix these problems because they threaten the stability of your build. [WARNING] [WARNING] For this reason, future Maven versions might no longer support building such malformed projects. [WARNING] [INFO] ------------------------------------------------------------------------ [INFO] Reactor Build Order: [INFO] [INFO] alfresco-extension-inspector-parent [INFO] alfresco-extension-inspector-commons [INFO] alfresco-extension-inspector-inventory [INFO] alfresco-extension-inspector-analyser [INFO] alfresco-extension-inspector-packaging [INFO] alfresco-extension-inspector-test [INFO] [INFO] ------------------------------------------------------------------------ [INFO] Building alfresco-extension-inspector-parent 1.1.1-SNAPSHOT [INFO] ------------------------------------------------------------------------ Downloading: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-install-plugin/2.5.2/maven-install-plugin-2.5.2.pom Downloaded: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-install-plugin/2.5.2/maven-install-plugin-2.5.2.pom (7 KB at 20.3 KB/sec) Downloading: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/25/maven-plugins-25.pom Downloaded: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/25/maven-plugins-25.pom (10 KB at 358.7 KB/sec) Downloading: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/24/maven-parent-24.pom Downloaded: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/24/maven-parent-24.pom (37 KB at 735.4 KB/sec) Downloading: https://repo.maven.apache.org/maven2/org/apache/apache/14/apache-14.pom Downloaded: https://repo.maven.apache.org/maven2/org/apache/apache/14/apache-14.pom (15 KB at 551.6 KB/sec) Downloading: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-install-plugin/2.5.2/maven-install-plugin-2.5.2.jar Downloaded: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-install-plugin/2.5.2/maven-install-plugin-2.5.2.jar (33 KB at 1155.0 KB/sec) [INFO] [INFO] --- maven-clean-plugin:3.1.0:clean (default-clean) @ alfresco-extension-inspector-parent --- [INFO] [INFO] --- maven-install-plugin:2.5.2:install (default-install) @ alfresco-extension-inspector-parent --- Downloading: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.0-alpha-9-stable-1/plexus-container-default-1.0-alpha-9-stable-1.pom Downloaded: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.0-alpha-9-stable-1/plexus-container-default-1.0-alpha-9-stable-1.pom (4 KB at 192.8 KB/sec) Downloading: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-containers/1.0.3/plexus-containers-1.0.3.pom Downloaded: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-containers/1.0.3/plexus-containers-1.0.3.pom (492 B at 24.0 KB/sec) Downloading: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/1.0.4/plexus-1.0.4.pom Downloaded: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/1.0.4/plexus-1.0.4.pom (6 KB at 254.7 KB/sec) Downloading: https://repo.maven.apache.org/maven2/junit/junit/3.8.1/junit-3.8.1.pom Downloaded: https://repo.maven.apache.org/maven2/junit/junit/3.8.1/junit-3.8.1.pom (998 B at 31.4 KB/sec) Downloading: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.0.4/plexus-utils-1.0.4.pom Downloaded: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.0.4/plexus-utils-1.0.4.pom (7 KB at 279.0 KB/sec) Downloading: https://repo.maven.apache.org/maven2/classworlds/classworlds/1.1-alpha-2/classworlds-1.1-alpha-2.pom Downloaded: https://repo.maven.apache.org/maven2/classworlds/classworlds/1.1-alpha-2/classworlds-1.1-alpha-2.pom (4 KB at 127.3 KB/sec) Downloading: https://repo.maven.apache.org/maven2/commons-codec/commons-codec/1.6/commons-codec-1.6.pom Downloaded: https://repo.maven.apache.org/maven2/commons-codec/commons-codec/1.6/commons-codec-1.6.pom (11 KB at 403.5 KB/sec) Downloading: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/22/commons-parent-22.pom Downloaded: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/22/commons-parent-22.pom (41 KB at 1320.5 KB/sec) Downloading: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/0.4/maven-shared-utils-0.4.pom Downloaded: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/0.4/maven-shared-utils-0.4.pom (4 KB at 146.4 KB/sec) Downloading: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0.15/plexus-utils-3.0.15.pom Downloaded: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0.15/plexus-utils-3.0.15.pom (4 KB at 118.2 KB/sec) Downloading: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.11/plexus-interpolation-1.11.jar Downloading: https://repo.maven.apache.org/maven2/junit/junit/3.8.1/junit-3.8.1.jar Downloading: https://repo.maven.apache.org/maven2/backport-util-concurrent/backport-util-concurrent/3.1/backport-util-concurrent-3.1.jar Downloading: https://repo.maven.apache.org/maven2/commons-codec/commons-codec/1.6/commons-codec-1.6.jar Downloading: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/0.4/maven-shared-utils-0.4.jar Downloaded: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.11/plexus-interpolation-1.11.jar (50 KB at 857.6 KB/sec) Downloading: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0.15/plexus-utils-3.0.15.jar Downloaded: https://repo.maven.apache.org/maven2/junit/junit/3.8.1/junit-3.8.1.jar (119 KB at 2038.5 KB/sec) Downloaded: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/0.4/maven-shared-utils-0.4.jar (152 KB at 2168.7 KB/sec) Downloaded: https://repo.maven.apache.org/maven2/commons-codec/commons-codec/1.6/commons-codec-1.6.jar (228 KB at 2643.2 KB/sec) Downloaded: https://repo.maven.apache.org/maven2/backport-util-concurrent/backport-util-concurrent/3.1/backport-util-concurrent-3.1.jar (324 KB at 3085.2 KB/sec) Downloaded: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0.15/plexus-utils-3.0.15.jar (234 KB at 3825.4 KB/sec) [INFO] Installing /root/alfresco-extension-inspector/pom.xml to /root/.m2/repository/org/alfresco/extension-inspector/alfresco-extension-inspector-parent/1.1.1-SNAPSHOT/alfresco-extension-inspector-parent-1.1.1-SNAPSHOT.pom [INFO] [INFO] ------------------------------------------------------------------------ [INFO] Building alfresco-extension-inspector-commons 1.1.1-SNAPSHOT [INFO] ------------------------------------------------------------------------ [INFO] [INFO] --- maven-clean-plugin:3.1.0:clean (default-clean) @ alfresco-extension-inspector-commons --- [INFO] Deleting /root/alfresco-extension-inspector/extension-inspector-commons/target [INFO] [INFO] --- maven-resources-plugin:3.1.0:resources (default-resources) @ alfresco-extension-inspector-commons --- [INFO] Using 'UTF-8' encoding to copy filtered resources. [INFO] skip non existing resourceDirectory /root/alfresco-extension-inspector/extension-inspector-commons/src/main/resources [INFO] skip non existing resourceDirectory /root/alfresco-extension-inspector/extension-inspector-commons/src/main/resources [INFO] [INFO] --- maven-compiler-plugin:3.8.1:compile (default-compile) @ alfresco-extension-inspector-commons --- [INFO] Changes detected - recompiling the module! [INFO] Compiling 9 source files to /root/alfresco-extension-inspector/extension-inspector-commons/target/classes [INFO] ------------------------------------------------------------------------ [INFO] Reactor Summary: [INFO] [INFO] alfresco-extension-inspector-parent ............... SUCCESS [1.380s] [INFO] alfresco-extension-inspector-commons .............. FAILURE [0.318s] [INFO] alfresco-extension-inspector-inventory ............ SKIPPED [INFO] alfresco-extension-inspector-analyser ............. SKIPPED [INFO] alfresco-extension-inspector-packaging ............ SKIPPED [INFO] alfresco-extension-inspector-test ................. SKIPPED [INFO] ------------------------------------------------------------------------ [INFO] BUILD FAILURE [INFO] ------------------------------------------------------------------------ [INFO] Total time: 2.006s [INFO] Finished at: Wed Jun 09 13:28:11 PDT 2021 [INFO] Final Memory: 17M/192M [INFO] ------------------------------------------------------------------------ [ERROR] Failed to execute goal org.apache.maven.plugins:maven-compiler-plugin:3.8.1:compile (default-compile) on project alfresco-extension-inspector-commons: Fatal error compiling: invalid target release: 11 -> [Help 1] [ERROR] [ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch. [ERROR] Re-run Maven using the -X switch to enable full debug logging. [ERROR] [ERROR] For more information about the errors and possible solutions, please read the following articles: [ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoExecutionException [ERROR] [ERROR] After correcting the problems, you can resume the build with the command [ERROR] mvn <goals> -rf :alfresco-extension-inspector-commons

Extension inspector should not flag SLF4J API as conflict

Any quality Alfresco extension should include logging for proper inspection / support by administrators. One of the established standard libraries for this is SLF4J, which also aims to decouple any code from the specific logging library actually responsible for writing log files. Alfresco includes SLF4J, Log4J, Apache Commons Logging, and even some Java Logging via SLF4J/Log4J bridge. While it is acceptable, that no extension should rely on the specific logging library (e.g. Log4J, Commons Logging), they essentially must use SLF4J if they want to log without writing a completely custom log mechanism from scratch. But the SLF4J API JAR is currently flagged as a conflit when scanning extentions.

Tested on my alfresco-utility project, specifically the core extension for Repository-tier, I currently get the following resutls:

---snipped---
Custom code using 3rd party libraries managed by the ACS repository
-------------------------------------------------------------------
The code provided by the extension module is using these 3rd party libraries brought by the ACS repository:
        /WEB-INF/lib/acegi-security-0.8.2_patched.jar
        /WEB-INF/lib/commons-io-2.4.jar
        /WEB-INF/lib/commons-io-2.6.jar
        /WEB-INF/lib/commons-logging-1.2.jar
        /WEB-INF/lib/jcl-over-slf4j-1.7.24.jar
        /WEB-INF/lib/jcl-over-slf4j-1.7.25.jar
        /WEB-INF/lib/json-simple-1.1.1.jar
        /WEB-INF/lib/quartz-1.8.3-alfresco-patched.jar
        /WEB-INF/lib/quartz-2.3.0.jar
        /WEB-INF/lib/quartz-2.3.1.jar
        /WEB-INF/lib/quartz-2.3.2.jar
        /WEB-INF/lib/slf4j-api-1.7.21.jar
        /WEB-INF/lib/slf4j-api-1.7.24.jar
        /WEB-INF/lib/slf4j-api-1.7.25.jar
        /WEB-INF/lib/slf4j-api-1.7.26.jar
        /WEB-INF/lib/slf4j-api-1.7.30.jar
        /WEB-INF/lib/spring-jcl-5.0.4.RELEASE.jar
        /WEB-INF/lib/spring-jcl-5.1.0.RELEASE.jar
        /WEB-INF/lib/spring-jcl-5.1.1.RELEASE.jar
        /WEB-INF/lib/spring-jcl-5.1.8.RELEASE.jar
These 3rd party libraries are managed by the ACS repository and are subject to constant change, even in service packs and hotfixes.
Each of these libraries has its own backward compatibility strategy, which will make it really hard for this extension to keep up with these changes.

REPORT SUMMARY
Across the provided target versions, the following number of conflicts have been found:
+-----------------------+-----+
|Type                   |Total|
+-----------------------+-----+
|ALFRESCO_INTERNAL_USAGE|390  |
+-----------------------+-----+
|WAR_LIBRARY_USAGE      |555  |
+-----------------------+-----+

All the SLF4J API uses should IMHO not be flagged at all, as these represent the best possible way to log while keeping logging compatible over (m)any Alfresco versions. Looking at the verbose output, these account for potentially ~70% of my 555 WAR_LIBRARY_USAGE conflict count, as for most custom classes, those API JARs are the only ones listed.

TL;DR: A logging API designed to abstract and avoid incompatible dependencies should not be flagged as an incompatible dependency. If that remains, it will only encourage extension developers to skip logging altogether or write custom utilities using custom file handling.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.