This week's book giveaways are in the Java EE and JavaScript forums.
We're giving away four copies each of The Java EE 7 Tutorial Volume 1 or Volume 2(winners choice) and jQuery UI in Action and have the authors on-line!
See this thread and this one for details.
The moose likes IDEs, Version Control and other tools and the fly likes Dependencies in Netbeans Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of The Java EE 7 Tutorial Volume 1 or Volume 2 this week in the Java EE forum
or jQuery UI in Action in the JavaScript forum!
JavaRanch » Java Forums » Engineering » IDEs, Version Control and other tools
Bookmark "Dependencies in Netbeans" Watch "Dependencies in Netbeans" New topic
Author

Dependencies in Netbeans

doug mccann
Greenhorn

Joined: Jun 25, 2008
Posts: 17
Here is something that I have never really understood how to handle. I have a library project that, say, used jdom. When it is packaged jdom is in the dist/lib directory and the jar is is dist. When I have an application that uses that library, it seems like I have to add jdom to that project. I am referencing the first project as a "project" in the IDE - this is a right click on the libraries node and then add project (it then says project jar files - maybe it does not pick up the "lib" folder?). Is there a way to package the library so that applications that require it do not have to add the libraries it uses?
Stephan van Hulst
Bartender

Joined: Sep 20, 2010
Posts: 3615
    
  14

That's probably a very bad idea. Let's use a practical example:

A while ago OpenSSL suffered from the Heartbleed bug. Suppose that you built a library that packaged a bad version of OpenSSL inside it. After OpenSSL got fixed, your clients would still need to wait for you to release a new version of your software that contained a good version of OpenSSL. You can imagine that this is NOT a good situation. Instead, they can just replace their own OpenSSL version with a good one, and everything will be okay.

A much better solution is to use a dependency manager. You declare what dependencies your library has, and when one of your clients in turn depends on your library, the manager will automatically let them depend on any dependencies your library has.

Take a look at Maven.
doug mccann
Greenhorn

Joined: Jun 25, 2008
Posts: 17
Stephan, your argument is valid. Does it imply (using your example) if I built the library, say Lib1, with OpenSSL and it was in the libraries for this project Lib1. Then a customer used that library in application X - we know they would add the library to application X as per the original post. When it hit the fan with OpenSSL would the customer only need to rebuild application X with the new SSL? Or does the library need to be rebuilt? I am not sure which library is actually used - the one I built the library with or the one in the top level application.

I have looked at Maven but so far I have avoided the learning curve. I may need to bite the bullet.

Thanks for your response.
Stephan van Hulst
Bartender

Joined: Sep 20, 2010
Posts: 3615
    
  14

Let's say you're using the bouncycastle jar: bcpkix-jdk15on-150.jar. Your lib1.jar has a dependency on this library. When your client builds an application using your library, they also need to put bcpkix-jdk15on-150.jar on the class path.

When some bug is found in bcpkix-jdk15on-150.jar, your client can just put another version on the class path instead. Your library should still run, without having to rebuild it. As a matter of fact, they don't even have to rebuild their application, they can just replace the jar and that's that.

Maven may be difficult at first, but it's awesome. It will take a lot of work out of your hands.
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
 
subject: Dependencies in Netbeans