Page tree
Skip to end of metadata
Go to start of metadata

Summary: Information and Release Notes about the JEE Maven Http Extractor for the CAST Delivery Manager Tool. This extension is an automated library extractor.

Extension ID

com.castsoftware.JEE-MavenHttp

What's new ?

See JEE Maven Http Extractor 4.1 - Release Notes for more information.

Extension description

This extension provides the means to extract JAR based source code via http/https from a remote Maven repository as well from Maven repository on your file system (file://). This is similar in function to the Maven repository on your file system option that is provided "out of the box" in the CAST Delivery Manager Tool, along with an enhancement that combines the capabilities of the old Maven HTTP Extractor and of the legacy Maven Extractor on your file system.

In what situation should you install this extension?

This extension should be used when you want to extract JAR based source code that is stored in a remote Maven repository. For example, when your JEE application relies on JAR files and the initial extraction of this application in the CAST Delivery Manager Tool throws "missing library file" alerts, you can use this extension to extract the missing files from a remote Maven repository and resolve the alerts.

Technical information

  • The extension does not contain a source code "discoverer" (to determine the type of source code project) and therefore relies on other discoverers that are already installed in the CAST Delivery Manager Tool or via other extensions to do so.
  • This extractor supports remote Maven repository as well as Maven repository on your file system. The URL format must use the http/https/file protocol.
  • If you need to extract data from a https repository, please ensure that you are using the extension with AIP Core ≥ 8.3.10.

Supported Maven releases

Maven release
 Supported
3.x.x(tick)
2.x.x(tick)
1.x.x(tick)

CAST AIP compatibility

This extension is compatible with:

CAST AIP release
Supported
8.3.x where x 3(tick)
8.2.x(error)
8.1.x(error)
8.0.x(error)
7.3.x(error)

Download and installation instructions

This extension is shipped and installed (in a from scratch installation scenario and in an upgrade scenario) by default with CAST AIP ≥ 8.3.3 therefore there is no need to perform a manual download and installation as described below.

Please see: 

  • This extension contains a File extractor and you should take note of the specific instructions in the installation guide that explains how to package your source code with the CAST Delivery Manager Tool when you have an existing Version.
  • The latest release status of this extension can be seen when downloading it from the CAST Extend server.

Extension interface

The following screen shots show the differences in the product when the extension is installed:

  • A new sub-option will be added to the Automated extraction of required jar files option:

  • The new sub-option is called Maven repository:

  • The Package Configuration tab then offers the following interface to access your Maven repository:

Option
Explanation
1Enter the direct URL for your Maven repository using the http/https protocol
 2

Select the Proxy option, if Maven http repository requires a proxy pass, then configure:

  • Host: Used to configure the proxy hostname requires to access the Maven http repository
  • Port: Used to configure the proxy port requires to access the Maven http repository.
3

Tick the Credentials option if the Maven repository requires authenticated access, then configure:

  • User name: Used to configure the user name that has sufficient privileges to access the Maven repository for packaging purposes.
  • Password: Used to configure the password that corresponds to your User name configured above.
  • Remember password: This option enables you to force the CAST Delivery Manager Tool to save the database access credentials you have entered above. Choosing an option has no impact on the extraction (i.e. the CAST Delivery Manager Tool can still access the required resources). However, if you are creating subsequent versions of the same schemas on the same server, you can choose to store the password (by storing you will not need to re-enter it). There are two save options:
    • Local > The credentials are saved in the user's local workspace on the current machine. Choose this option if you do not want the password to be available to other Delivery Managers.
    • Server > The credentials are saved locally (as above) and are also synchronized back to the CAST AIC Portal (i.e. the Source Code Delivery Folder). Choose this option if you want the password to be available to other Delivery Managers.
4

This option enables you to specify specific artifacts that you know need to be extracted in order to resolve a packaging alert. You can specify the artifact using:

  • Group ID (usually a reverse domain name like com.example.foo) - this option is mandatory
  • Artifact ID (usually the name) - this option is mandatory
  • Version (the artifact's version string) - this option is mandatory
  • Classifier (an arbitrary string that distinguishes artifacts that were built from the same POM but differ in their content) - this option is mandatory.
  • If you do not specify an element, the CAST Delivery Manager Tool will automatically populate the list of elements when you run the Package action based on what it finds in the repository URL you have entered.
  • <groupID> or <artifactID> configured in <relocation> tags are supported.
  • maven-metadata.xml will be used to determine a best version for the <versionID> if no pom.xml can be found.
5

Additional Maven Repository: This option enables configuring additional Maven repositories.

  • Repository URL: Enter the direct URL for your additional Maven repository using the http/https/file protocol
  • User name: Used to configure the user name that has sufficient privileges to access the Maven repository for packaging purposes
  • Password: Used to configure the password that corresponds to your User name configured above.

Each additional repository has individual configuration option for username and password.

6
These options should not be modified unless you are having issues such as missing JARs, missing classes, broken transactions etc. In the vast majority of situations, the default values for these options are sufficient.

These three options (available in ≥ 4.1.xgovern how the extractor behaves with regard to depth of artifacts extracted. The default settings are as shown below:

To allow the extractor extract as many artifacts as needed, you can use the following settings:

  • Extract Dependencies Depth: 99
  • Maximum Extracted Artifacts Factor: 999
  • Maximum Extracted Artifacts before Loops Factor: 999

However, when using these unlimited options, the maximum extracted artifacts would be 999 * minimum remediated artifacts. This could lead to performance issues, therefore, changing these parameters should be done with caution (e.g., to insure stability of transaction call graphs).

Packaging and extraction messages

The following messages may appear during the packaging action:

Message IDFormatMessageAction
cast.dmt.engine.extractor.jee.maven.http.connectionFailedERRORConnection failed for %URL%: %MESSAGE%Check the connection URL.
cast.dmt.engine.extractor.jee.maven.http.authenticationFailedERRORAuthentication failed: %MESSAGE%Check the credentials are correct.
cast.dmt.engine.extractor.jee.maven.http.artifactRetrievalFailedERRORTechnical error during the extraction of the artifact from %URL% failed: %MESSAGE%Check the access to the repository.
cast.dmt.engine.extractor.jee.maven.http.artifactMetadataRetrievalFailedERRORTechnical error during the extraction of the maven-metadata.xml file from %URL% failed: %MESSAGE%Without the data required to identify the versions for this artifact, we can't determine a best version. Please contact CAST Technical Support and report a bug.
cast.dmt.engine.extractor.jee.maven.http.versionMetadataRetrievalFailedERRORTechnical error during the extraction of the maven-metadata.xml file from %URL% failed: %MESSAGE%Without the data required to identify the files for the SNAPSHOT, the artifact can't be extracted. Please contact CAST Technical Support and report a bug.
cast.dmt.engine.extractor.jee.maven.http.pomReadContentErrorERRORTechnical error while reading the pom file for the artifact [%GROUP_ID%][%ARTIFACT_ID%][%VERSION%]: %MESSAGE%If the relocation is defined, the jar file will not be extracted. Please contact CAST Technical Support and report a bug.
cast.dmt.engine.extractor.jee.maven.http.artifactWithoutVersionWARNINGNo version has been provided for the artifact [%GROUP_ID%][%ARTIFACT_ID%].

In the maven dependency, the version should be defined or inherited from the parent. Check the packaging of the source code.

cast.dmt.engine.extractor.jee.maven.http.artifactWithVersionVariableWARNINGVersion has been provided with variable for the artifact [%GROUP_ID%][%ARTIFACT_ID%].The variable should be defined or inherited from the parent. Check the packaging of the source code.
cast.dmt.engine.extractor.jee.maven.http.notSupportedArtifactWithRangeWARNINGThe automated extraction of artifacts with range is not supported: artifact [%GROUP_ID%][%ARTIFACT_ID%][%VERSION%].Please contact CAST Technical Support and report a feature request.
cast.dmt.engine.extractor.jee.maven.http.getArtifactINFOStart to retrieve the artifact [%GROUP_ID%][%ARTIFACT_ID%][%VERSION%] from the repository.None.
cast.dmt.engine.extractor.jee.maven.http.notFoundArtifactINFOThe artifact %GROUP_ID% %ARTIFACT_ID% has not been found in the repository.Check the configuration details and update if necessary.
cast.dmt.engine.extractor.jee.maven.http.notFoundArtifactMetadataINFOThe metadata for artifact %GROUP_ID% %ARTIFACT_ID% has not been found in the repository.Check the configuration details and update if necessary.
 cast.dmt.engine.extractor.jee.maven.combined.invalidURL ERRORcast.dmt.engine.extractor.jee.maven.combined.invalidURL => %URL%=%MESSAGE%Check the repository url provided.
supported protocols: file://, http://, https://

Limitations

Parent POM files scanned

Parent POM files are scanned but a limit is added to the recursive extraction of the Maven dependent artifacts.

When packaging a J2EE Maven resource package, if a pom file has a parent, the parent file is scanned and we extract all JAR dependencies from first level.

Packaging Type <POM>

POM file with the packaging type as <POM> will not extract additional resources "JAR","War" and "Zip" files. 

Extraction Limitations

Extraction levels are limited to:

  • Two for dependent artifacts
  • No limit for parent artifacts

The total number of artifacts extracted using additional levels is limited to ten times the number of remediation artifacts (extracted at the base level), the first two additional levels are not started if this number is greater than three times the number of remediation artifacts.

Avoid using JEE Maven Http Extractor ≥ 2.0.3 and <=2.0.5, as JAR dependencies are extracted recursively without limit, this could have a big impact on performance.


  • No labels