What's new ?
See JEE Maven Http Extractor 4.1 - Release Notes for more information.
This extension provides the means to extract JAR based source code via http/https from a remote Maven repository as well from Maven repository on your file system (file://). This is similar in function to the Maven repository on your file system option that is provided "out of the box" in the CAST Delivery Manager Tool, along with an enhancement that combines the capabilities of the old Maven HTTP Extractor and of the legacy Maven Extractor on your file system.
In what situation should you install this extension?
This extension should be used when you want to extract JAR based source code that is stored in a remote Maven repository. For example, when your JEE application relies on JAR files and the initial extraction of this application in the CAST Delivery Manager Tool throws "missing library file" alerts, you can use this extension to extract the missing files from a remote Maven repository and resolve the alerts.
- The extension does not contain a source code "discoverer" (to determine the type of source code project) and therefore relies on other discoverers that are already installed in the CAST Delivery Manager Tool or via other extensions to do so.
- This extractor supports remote Maven repository as well as Maven repository on your file system. The URL format must use the http/https/file protocol.
- If you need to extract data from a https repository, please ensure that you are using the extension with AIP Core ≥ 8.3.10.
Supported Maven releases
CAST AIP release
|8.3.x where x ≥ 3|
Download and installation instructions
This extension is shipped and installed (in a from scratch installation scenario and in an upgrade scenario) by default with CAST AIP ≥ 8.3.3 therefore there is no need to perform a manual download and installation as described below.
- This extension contains a File extractor and you should take note of the specific instructions in the installation guide that explains how to package your source code with the CAST Delivery Manager Tool when you have an existing Version.
- The latest release status of this extension can be seen when downloading it from the CAST Extend server.
The following screen shots show the differences in the product when the extension is installed:
- A new sub-option will be added to the Automated extraction of required jar files option:
- The new sub-option is called Maven repository:
- The Package Configuration tab then offers the following interface to access your Maven repository:
|1||Enter the direct URL for your Maven repository using the http/https protocol|
Select the Proxy option, if Maven http repository requires a proxy pass, then configure:
Tick the Credentials option if the Maven repository requires authenticated access, then configure:
This option enables you to specify specific artifacts that you know need to be extracted in order to resolve a packaging alert. You can specify the artifact using:
Additional Maven Repository: This option enables configuring additional Maven repositories.
Each additional repository has individual configuration option for username and password.
These options should not be modified unless you are having issues such as missing JARs, missing classes, broken transactions etc. In the vast majority of situations, the default values for these options are sufficient.
These three options (available in ≥ 4.1.x) govern how the extractor behaves with regard to depth of artifacts extracted. The default settings are as shown below:
To allow the extractor extract as many artifacts as needed, you can use the following settings:
However, when using these unlimited options, the maximum extracted artifacts would be 999 * minimum remediated artifacts. This could lead to performance issues, therefore, changing these parameters should be done with caution (e.g., to insure stability of transaction call graphs).
Packaging and extraction messages
The following messages may appear during the packaging action:
|cast.dmt.engine.extractor.jee.maven.http.connectionFailed||ERROR||Connection failed for %URL%: %MESSAGE%||Check the connection URL.|
|cast.dmt.engine.extractor.jee.maven.http.authenticationFailed||ERROR||Authentication failed: %MESSAGE%||Check the credentials are correct.|
|cast.dmt.engine.extractor.jee.maven.http.artifactRetrievalFailed||ERROR||Technical error during the extraction of the artifact from %URL% failed: %MESSAGE%||Check the access to the repository.|
|cast.dmt.engine.extractor.jee.maven.http.artifactMetadataRetrievalFailed||ERROR||Technical error during the extraction of the maven-metadata.xml file from %URL% failed: %MESSAGE%||Without the data required to identify the versions for this artifact, we can't determine a best version. Please contact CAST Technical Support and report a bug.|
|cast.dmt.engine.extractor.jee.maven.http.versionMetadataRetrievalFailed||ERROR||Technical error during the extraction of the maven-metadata.xml file from %URL% failed: %MESSAGE%||Without the data required to identify the files for the SNAPSHOT, the artifact can't be extracted. Please contact CAST Technical Support and report a bug.|
|cast.dmt.engine.extractor.jee.maven.http.pomReadContentError||ERROR||Technical error while reading the pom file for the artifact [%GROUP_ID%][%ARTIFACT_ID%][%VERSION%]: %MESSAGE%||If the relocation is defined, the jar file will not be extracted. Please contact CAST Technical Support and report a bug.|
|cast.dmt.engine.extractor.jee.maven.http.artifactWithoutVersion||WARNING||No version has been provided for the artifact [%GROUP_ID%][%ARTIFACT_ID%].|
In the maven dependency, the version should be defined or inherited from the parent. Check the packaging of the source code.
|cast.dmt.engine.extractor.jee.maven.http.artifactWithVersionVariable||WARNING||Version has been provided with variable for the artifact [%GROUP_ID%][%ARTIFACT_ID%].||The variable should be defined or inherited from the parent. Check the packaging of the source code.|
|cast.dmt.engine.extractor.jee.maven.http.notSupportedArtifactWithRange||WARNING||The automated extraction of artifacts with range is not supported: artifact [%GROUP_ID%][%ARTIFACT_ID%][%VERSION%].||Please contact CAST Technical Support and report a feature request.|
|cast.dmt.engine.extractor.jee.maven.http.getArtifact||INFO||Start to retrieve the artifact [%GROUP_ID%][%ARTIFACT_ID%][%VERSION%] from the repository.||None.|
|cast.dmt.engine.extractor.jee.maven.http.notFoundArtifact||INFO||The artifact %GROUP_ID% %ARTIFACT_ID% has not been found in the repository.||Check the configuration details and update if necessary.|
|cast.dmt.engine.extractor.jee.maven.http.notFoundArtifactMetadata||INFO||The metadata for artifact %GROUP_ID% %ARTIFACT_ID% has not been found in the repository.||Check the configuration details and update if necessary.|
|cast.dmt.engine.extractor.jee.maven.combined.invalidURL||ERROR||cast.dmt.engine.extractor.jee.maven.combined.invalidURL => %URL%=%MESSAGE%||Check the repository url provided.|
supported protocols: file://, http://, https://
Parent POM files scanned
Parent POM files are scanned but a limit is added to the recursive extraction of the Maven dependent artifacts.
When packaging a J2EE Maven resource package, if a pom file has a parent, the parent file is scanned and we extract all JAR dependencies from first level.
Packaging Type <POM>
POM file with the packaging type as <POM> will not extract additional resources "JAR","War" and "Zip" files.
Extraction levels are limited to:
- Two for dependent artifacts
- No limit for parent artifacts
The total number of artifacts extracted using additional levels is limited to ten times the number of remediation artifacts (extracted at the base level), the first two additional levels are not started if this number is greater than three times the number of remediation artifacts.
Avoid using JEE Maven Http Extractor ≥ 2.0.3 and <=2.0.5, as JAR dependencies are extracted recursively without limit, this could have a big impact on performance.