Managing Dependencies
When you are building applications you typically have a number of dependencies to manage and that number only increases over time, making dependency management difficult to say the least. Maven’s strategy for dealing with this problem is to combine the power of project inheritance with specific dependency management elements in the POM.
When you write applications which consist of multiple, individual projects, it is likely that some of those projects will share common dependencies. When this happens it is critical that the same version of a given dependency is used for all your projects, so that the final application works correctly.
You don’t want, for example, to end up with multiple versions of a dependency on the classpath when your application executes, as the results can be far from desirable. You want to make sure that all the versions, of all your dependencies, across all of your projects are in alignment so that your testing accurately reflects what you will deploy as your final result. In order to manage, or align, versions of dependencies across several projects, you use the dependency management section in the top-level POM of an application.
To illustrate how this mechanism works, let’s look at the dependency management section of the Proficio top-level POM:
<project>
[...]
<dependencyManagement>
<dependencies>
<dependency>
<groupId>com.exist.mvnbook.proficio</groupId>
<artifactId>proficio-model</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>com.exist.mvnbook.proficio</groupId>
<artifactId>proficio-api</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>com.exist.mvnbook.proficio</groupId>
<artifactId>proficio-store-memory</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>com.exist.mvnbook.proficio</groupId>
<artifactId>proficio-store-xstream</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>com.exist.mvnbook.proficio</groupId>
<artifactId>proficio-core</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>org.codehaus.plexus</groupId>
<artifactId>plexus-container-default</artifactId>
<version>1.0-alpha-9</version>
</dependency>
</dependencies>
</dependencyManagement>
[...]
</project>
Note that the ${project.version} specification is the version specified by the top-level POM’s version element, which is the application version.
As you can see within the dependency management section, we have several Proficio dependencies and a dependency for the Plexus IoC container. There is an important distinction to be made between the dependencies element contained within the dependencyManagement element and the top-level dependencies element in the POM.
The dependencies element contained within the dependencyManagement element is used only to state the preference for a version and by itself does not affect a project’s dependency graph, whereas the top-level dependencies element does affect the dependency graph. If you take a look at the POM for the proficio-api module, you will see a single dependency declaration and that it does not specify a version:
<project>
[...]
<dependencies>
<dependency>
<groupId>com.exist.mvnbook.proficio</groupId>
<artifactId>proficio-model</artifactId>
</dependency>
</dependencies>
</project>
The version for this dependency is derived from the dependencyManagement element which is inherited from the Proficio top-level POM. The dependencyManagement declares a stated preference for the 1.0-SNAPSHOT (stated as ${project.version}) for proficio-model so that version is injected into the dependency above, to make it complete. The dependencies stated in the dependencyManagement only come into play when a dependency is declared without a version.