Dealing with "Xerces hell" in Java/Maven?

java

maven

dependency-management

pom

byAnton Shumikhin·Jan 7, 2025

To pacify "Xerces hell", unite the versions of Xerces by leveraging Maven's <dependencyManagement>. Insert this XML chunk into your pom.xml to standardize Xerces and sidestep conflicts:

<dependencyManagement>
    <dependencies>
        <dependency>
            <groupId>xerces</groupId>
            <artifactId>xercesImpl</artifactId>
            <version>2.12.0</version> <!-- One ring to rule them all. The Xerces version to rule them all -->
        </dependency>
    </dependencies>
</dependencyManagement>

The secret to harmony is locking down the Xerces version. This niftily sidesteps clashing XML parsers and exits "Xerces hell" pronto.

Safeguarding against Xerces conflicts

Handling multiple Xerces versions is like herding cats. Here's a comprehensive strategy to herd them into order:

Central management of dependencies

Curate a corporate parent pom:

<dependencyManagement>
    <dependencies>
        // Define consistent Xerces - the cat herder
    </dependencies>
</dependencyManagement>

This becomes the lighthouse of Xerces versions across all your projects.

Use Maven enforcer plugin

Instate the bannedDependencies rule to maintain the desired Xerces version:

<plugin>
    <groupId>org.apache.maven.plugins</groupId>
    <artifactId>maven-enforcer-plugin</artifactId>
    <executions>
        <execution>
            // Boot undesired dependencies - the bouncer on duty
        </execution>
    </executions>
</plugin>

If undesirable dependencies gatecrash, the bouncer (Maven) fails the build.

Exile obstructive libraries

Globally exclude hazardous dependencies that block JAXP compatibility:

<exclusions>
    <exclusion>
        <groupId>xerces</groupId>
        <artifactId>xercesImpl</artifactId>
    </exclusion>
    // Show more undesirables the door
</exclusions>

This ensures JAXP-compliant code doesn’t get ensnared with legacy Xerces JARs - keeps the town clean.

Update and endorse JAXP

Ensure that frameworks/libraries use JAXP-friendly versions of Xerces:

<properties>
    <xerces.version>2.12.0</xerces.version> <!-- Endorse this version or face the bouncer! -->
</properties>

Service updates are smoother and JAXP compatibility is fortified - double win!

Employ OSGI for version management

Embrace OSGI to manage concurrent Xerces versions and sidestep conflicts:

Bundle Xerces-1 | Bundle Xerces-2 | Bundle YourApp
---------|---------|---------
Version 1.0 | Version 2.12 | Uses only 2.12 - Goldilocks principle!

Each OSGI bundle specifies its dependency. Hello, Harmony!

Proactive measures

Review resolved dependencies

Regularly audit all Maven dependencies to avoid uninvited guests hiding in the build:

mvn dependency:tree // Fence checking - keeping out the squirrels

Employ Gradle's exclusion tactics

Create a secured wall in Gradle to keep out Xerces version conflicts:

configurations {
    all*.exclude group: 'xerces', module: 'xercesImpl'
} // Build a wall and XercesImpl pays for it!

Prioritize classloader hierarchy

Instruct classloaders to prioritize application jars over meddling server libs:

-javaagent:your_path_to/spring-instrument-{version}.jar // Who drives? You drive!

Stay informed of Xerces updates

Remain abreast of Xerces JIRA and GitHub issues for bugs and resolutions:

- Lookout Points: [Xerces JIRA](https://issues.apache.org/jira/projects/XERCESJ/issues/), [GitHub Issues](https://github.com/apache/xerces2-j/issues)

explain-codes / Java / Dealing with "Xerces hell" in Java/Maven?

Linked

What causes java.lang.IncompatibleClassChangeError?



Java version automatically changes to Java 1.5 after Maven update



Cannot import XSSF in Apache POI



Maven Modules + Building a Single Specific Module



Controlling Maven final name of jar artifact



How do you specify the Java compiler version in a pom.xml file?



How do I tell Maven to use the latest version of a dependency?



Safeguarding against Xerces conflicts Proactive measures