Loader constraint violation

Started migration of the plugin to Jira 8.5 and new AMPS pointed to the banned dependencies

Rule 0: org.apache.maven.plugins.enforcer.BannedDependencies failed with message:
make sure platform artifacts are not bundled into plugin
...
        Use 'mvn dependency:tree' to locate the source of the banned dependencies.

As it was suggested here More Info on AMPS Banned Plugin Dependency - #2 by aswan and here Maven bans dependencies with no configuration added dependencies as “provided”.

<!-- required by com.konghq:unirest-java -->
        <dependency>
            <groupId>org.apache.httpcomponents</groupId>
            <artifactId>httpclient</artifactId>
            <version>4.5.5</version>
            <scope>provided</scope>
        </dependency>
        <!-- required by com.konghq:unirest-java -->
        <dependency>
            <groupId>org.apache.httpcomponents</groupId>
            <artifactId>httpmime</artifactId>
            <version>4.5.5</version>
            <scope>provided</scope>
        </dependency>
        <!-- required by com.konghq:unirest-java -->
        <dependency>
            <groupId>org.apache.httpcomponents</groupId>
            <artifactId>httpcore</artifactId>
            <version>4.4.9</version>
            <scope>provided</scope>
        </dependency>
        <dependency>
            <groupId>com.konghq</groupId>
            <artifactId>unirest-java</artifactId>
            <version>3.11.09</version>
            <scope>compile</scope>
        </dependency>

The problem is that in runtime class loader got confused and crashes with this error:

loader constraint violation: when resolving method "org.apache.http.impl.auth.HttpAuthenticator.<init>(Lorg/apache/commons/logging/Log;)V" the class loader (instance of org/apache/felix/framework/BundleWiringImpl$BundleClassLoader) of the current class, org/apache/http/impl/nio/client/MainClientExec, and the class loader (instance of org/apache/catalina/loader/ParallelWebappClassLoader) for the method's defining class, org/apache/http/impl/auth/HttpAuthenticator, have different Class objects for the type org/apache/commons/logging/Log used in the signature
java.lang.LinkageError: loader constraint violation: when resolving method "org.apache.http.impl.auth.HttpAuthenticator.<init>(Lorg/apache/commons/logging/Log;)V" the class loader (instance of org/apache/felix/framework/BundleWiringImpl$BundleClassLoader) of the current class, org/apache/http/impl/nio/client/MainClientExec, and the class loader (instance of org/apache/catalina/loader/ParallelWebappClassLoader) for the method's defining class, org/apache/http/impl/auth/HttpAuthenticator, have different Class objects for the type org/apache/commons/logging/Log used in the signature
	at org.apache.http.impl.nio.client.MainClientExec.<init>(MainClientExec.java:111)
	at org.apache.http.impl.nio.client.HttpAsyncClientBuilder.build(HttpAsyncClientBuilder.java:851)
	at kong.unirest.apache.ApacheAsyncConfig.<init>(ApacheAsyncConfig.java:72)
	at kong.unirest.apache.ApacheAsyncClient.<init>(ApacheAsyncClient.java:47)
	at kong.unirest.Config.buildAsyncClient(Config.java:787)
	at kong.unirest.Config.getAsyncClient(Config.java:767)
	at kong.unirest.BaseRequest.asJsonAsync(BaseRequest.java:252)

Have tried different versions of com.konghq:unirest-java, tried to exclude those packages Found Banned Dependency: com.atlassian.browsers:atlassian-browsers-windows:jar:2.7.0-m1 - #3 by barbosa.s.alexandre (could not make it work).

    <properties>
        <jira.version>8.5.13</jira.version>
        <jira.servicedesk>4.13.5</jira.servicedesk>
        <amps.version>8.2.1</amps.version>
        <plugin.testrunner.version>2.0.2</plugin.testrunner.version>
        <atlassian.spring.scanner.version>2.1.15</atlassian.spring.scanner.version>
        <testkit.version>8.0.2</testkit.version>
        <maven.compiler.source>1.8</maven.compiler.source>
        <maven.compiler.target>1.8</maven.compiler.target>
        <com.atlassian.upm.licensing-api.version>2.21.4</com.atlassian.upm.licensing-api.version>
        <com.atlassian.upm.upm-api.version>2.21</com.atlassian.upm.upm-api.version>
        <javax.servlet.javax.servlet-api.version>2.3</javax.servlet.javax.servlet-api.version>
        <ao.version>3.0.1</ao.version>
        <google-collections.version>1.0</google-collections.version>
        <assertj.core>3.15.0</assertj.core>
    </properties>

PLEASE HELP

It looks like Apache Httpcomponents uses commons-logging. However, Atlassian products use SLF4J for logging. The usual way to resolve this mismatch is for your project to use jcl-over-slf4j, which uses SLF4J under the covers but “looks like” commons-logging to any code (like Apache Httpcomponents) that requires commons-logging. This technique is described here. Sorry if you already knew all of that.

So my advice would be to try jcl-over-slf4j, I’m not sure whether provided or compile scope is correct, try provided first. And don’t forget to exclude the real commons-logging artifact from wherever it appears in your Maven dependency tree.

Oh, and you left out the most important part of the “banned dependencies” message; the list of platform artifacts that you bundled.

Thank you for your comment! Adding jcl-over-slf4j to the top does not help.

        <dependency>
            <groupId>org.slf4j</groupId>
            <artifactId>jcl-over-slf4j</artifactId>
            <version>1.7.25</version>
            <scope>provided</scope>
        </dependency>

        <dependency>
            <groupId>org.slf4j</groupId>
            <artifactId>slf4j-api</artifactId>
            <version>1.7.25</version>
            <scope>provided</scope>
        </dependency>

I’ve noticed few warning in the [INFO] --- jira-maven-plugin:8.2.1:copy-bundled-dependencies task

[WARNING] Extracting your plugin's dependencies caused the following file(s) to overwrite each other:
[WARNING] -- META-INF/DEPENDENCIES from [httpasyncclient-4.1.4-jar, httpcore-nio-4.4.13-jar]
[WARNING] -- META-INF/LICENSE from [httpasyncclient-4.1.4-jar, httpcore-nio-4.4.13-jar]
[WARNING] -- META-INF/LICENSE.txt from [atlassian-secure-random-3.2.11-jar, atlassian-secure-utils-3.2.11-jar, commons-codec-1.10-jar, commons-logging-1.2-jar]
[WARNING] -- META-INF/NOTICE from [httpasyncclient-4.1.4-jar, httpcore-nio-4.4.13-jar]
[WARNING] -- META-INF/NOTICE.txt from [commons-codec-1.10-jar, commons-logging-1.2-jar]
[WARNING] To prevent this, set <extractDependencies> to false in your AMPS configuration

(extractDependencies=false doesn’t help)

From the tree I can see commons-logging is added as a compile dependency.

[INFO] +- org.apache.httpcomponents:httpclient:jar:4.5.5:provided
[INFO] |  +- commons-logging:commons-logging:jar:1.2:compile
[INFO] |  \- commons-codec:commons-codec:jar:1.10:compile

The org.apache.httpcomponents is a dependency of com.konghq:unirest-java

[INFO] +- com.konghq:unirest-java:jar:3.11.09:compile
[INFO] |  +- org.apache.httpcomponents:httpclient:jar:4.5.13:compile
[INFO] |  +- org.apache.httpcomponents:httpmime:jar:4.5.13:compile
[INFO] |  +- org.apache.httpcomponents:httpcore-nio:jar:4.4.13:compile
[INFO] |  \- org.apache.httpcomponents:httpasyncclient:jar:4.1.4:compile

and this is where I started with BannedDependencies in the first place

[INFO] validate banned dependencies
[WARNING] Rule 0: org.apache.maven.plugins.enforcer.BannedDependencies failed with message:
make sure platform artifacts are not bundled into plugin
Found Banned Dependency: org.apache.httpcomponents:httpclient:jar:4.5.13
Found Banned Dependency: org.apache.httpcomponents:httpcore:jar:4.4.9
Found Banned Dependency: org.apache.httpcomponents:httpmime:jar:4.5.13
Use 'mvn dependency:tree' to locate the source of the banned dependencies.

I think something is going on with the async httpclient dependency because when I add it

        <dependency>
            <groupId>org.apache.httpcomponents</groupId>
            <artifactId>httpasyncclient</artifactId>
            <version>4.1.4</version>
            <scope>provided</scope>
        </dependency>

the error changes to this

java.lang.NoClassDefFoundError: org/apache/http/nio/conn/NHttpClientConnectionManager
	at kong.unirest.apache.ApacheAsyncClient.<init>(ApacheAsyncClient.java:47)
	at kong.unirest.Config.buildAsyncClient(Config.java:787)
	at kong.unirest.Config.getAsyncClient(Config.java:767)
	at kong.unirest.BaseRequest.asJsonAsync(BaseRequest.java:252)

I don’t think the platform provides httpasyncclient. Try marking that one as compile scope (or omit the scope, because compile is the default). Just make sure that you use a version of httpasyncclient that works with the platform versions of httpclient and httpcore.

Here is what I ended up with, the unirest-java package provides a version with “shaded dependencies” so I don’t need to deal with httpasyncclient but at the same time satisfy BannedDependencies. No need to have the jcl-over-slf4j package either.

        <dependency>
            <groupId>org.apache.httpcomponents</groupId>
            <artifactId>httpclient</artifactId>
            <version>4.5.13</version>
            <scope>provided</scope>
        </dependency>
        <dependency>
            <groupId>org.apache.httpcomponents</groupId>
            <artifactId>httpcore</artifactId>
            <version>4.4.9</version>
            <scope>provided</scope>
        </dependency>
        <dependency>
            <groupId>org.apache.httpcomponents</groupId>
            <artifactId>httpmime</artifactId>
            <version>4.5.13</version>
            <scope>provided</scope>
        </dependency>
        <dependency>
            <groupId>com.konghq</groupId>
            <artifactId>unirest-java</artifactId>
            <version>3.11.09</version>
            <scope>compile</scope>
            <!-- standalone jar with shaded dependencies -->
            <classifier>standalone</classifier>
        </dependency>

Dependencies that are not provided by the platform are compiled.

[INFO] +- com.konghq:unirest-java:jar:standalone:3.11.09:compile
[INFO] |  +- org.apache.httpcomponents:httpcore-nio:jar:4.4.13:compile
[INFO] |  \- org.apache.httpcomponents:httpasyncclient:jar:4.1.4:compile

@aswan thank you for your help!

No worries, glad you got it all working.

For anyone facing the issue which don’t have the option of shaded jar. My recommendation is to move to a different library as external httpasync doesn’t like working with httpcore provided by atlassian.