Spring with Maven

align="center">
style="width: 130px; height: 100px;">
the fastest way to send transactional and triggered email [1] />Powered by InfluAds [2]

1. Overview

This article will discuss how to setup Spring with Maven and will go over specific usecases of using Spring dependencies. The latest Spring releases can be found on Maven Central [3].

2. Basic Maven Spring Dependencies

Spring was designed to be modular and flexible – the basic Spring container can be used in a variety of scenarios, without including any of the more advanced functionality that the framework has to offer. A very basic Maven setup will only have to use the spring-context dependency:

<properties>
    <org.springframework.version>3.2.2.RELEASE</org.springframework.version>
</properties>
<dependency>
    <groupId>org.springframework</groupId>
    <artifactId>spring-context</artifactId>
    <version>${org.springframework.version}</version>
    <scope>runtime</scope>
</dependency>

This dependency – spring-context – defines the actual Spring Injection Container and has a small number of dependencies: spring-core, spring-expression, spring-aop and spring-beans. These augment the container by enabling support for some of the core Spring technologies: the Core Spring utilities, the Spring Expression Language [4] (SpEL), the Aspect Oriented Programming [5] support and the JavaBeans mechanism [6].

Note the runtime scope is used when defining the spring-context dependency – this will make sure that there are no compile time dependencies on any Spring specific APIs. For more advanced usecases the runtime scope may be removed from some selected Spring dependencies, but for simpler projects, there is no need to compile against Spring to make full use of the framework.

Also note that, starting with Spring 3.2, the CGLIB dependnecy (now upgraded to CGLIB 3.0) has been repackaged (the all net.sf.cglib package is now org.springframework.cglib) and inlined directly within the spring-core JAR (see the JIRA [7] for additional details), so there is no need to define it explicitly.

3. Spring Persistence with Maven

The principal Spring persistence dependency is spring-orm:

<dependency>
    <groupId>org.springframework</groupId>
    <artifactId>spring-orm</artifactId>
    <version>${org.springframework.version}</version>
</dependency>

This brings in Hibernate and JPA support – such as HibernateTemplate and JpaTemplate – as well as the a few additional, persistence related dependencies: spring-jdbc and spring-tx. The JDBC Data Access library defines the Spring JDBC support [8] as well as the JdbcTemplate, and spring-tx represents the extremely flexible Transaction Management Abstraction [9] in Spring.

4. Spring Web with Maven />

To use the Spring Web and Servlet support, there are two dependencies that need to be included in the pom:

<dependency>
    <groupId>org.springframework</groupId>
    <artifactId>spring-web</artifactId>
    <version>${org.springframework.version}</version>
</dependency>
<dependency>
    <groupId>org.springframework</groupId>
    <artifactId>spring-webmvc</artifactId>
    <version>${org.springframework.version}</version>
</dependency>

The spring-web dependency contains common web specific utilities for both Servlet and Portlet environments, while spring-webmvc enables the MVC support for Servlet environments. Since spring-webmvc has spring-web as a dependency, explicitly defining spring-web is not required when using spring-webmvc.

5. Spring Security with Maven

5.1. spring-security-core

The Core Spring Security support - spring-security-core – contains authentication and access control functionality, and has support for standalone (non-web) applications, method level security and JDBC:

<properties>
    <org.springframework.security.version>3.1.3.RELEASE</org.springframework.security.version>
</properties>
<dependency>
    <groupId>org.springframework.security</groupId>
    <artifactId>spring-security-core</artifactId>
    <version>${org.springframework.security.version}</version>
</dependency>

Notice that we’re using the 3.1.3.RELEASE version of Spring Security – Spring and Spring Security are on different release schedules, so there isn’t a 1:1 match between the version numbers.

Also very important to understand is the fact that, unintuitively, Spring Security 3.1.x do not depend on Spring 3.1.x releases – this is because Spring Security 3.1.x was released before Spring 3.1. The plan is to align these dependencies more closely in future releases – see this JIRA [10] for more details – but for the time being, this has practical implications that we will look at next.

5.2. spring-security-web

To add Web support for Spring Security, the spring-security-web dependency is required:

<dependency>
    <groupId>org.springframework.security</groupId>
    <artifactId>spring-security-web</artifactId>
    <version>${org.springframework.security.version}</version>
</dependency>

This contains filters and related web security infrastructure enabling URL access control in a servlet environment.

This new dependency also exhibits a problem for the Maven dependency graph – as mentioned above, Spring Security may depend on 3.0.x Spring dependencies – which may lead to these older dependencies making their way on top the classpath instead of the newer 3.2.x Spring artifacts.

To understand why this is happening, we need to look at how Maven resolves conficts – in case of a version confict, Maven will pick the jar that is closest to the root of the tree. In our case, spring-jdbc is defined by both spring-orm (with the 3.2.2.RELEASE version) but also by spring-security-web (with the 3.0.7.RELEASE version) – so in both cases, spring-jdbc is defined at a depth of 1 from the root pom of our project. Because of that, it will actually matter in which order spring-orm and spring-security-web are defined in our own pom – the first one will take priority so we may end up with either version on our classpath.

To address this problem, we will have to explicitly define some of the Spring dependencies in our own pom and not rely on the implicit Maven dependency resolution mechanism – doing this will put that particular dependency at depth 0 from our pom (as it’s defined in the pom itslef) so it will take priority. All of the following fall into the same category and all need to be explicitly defined:

<dependency>
    <groupId>org.springframework</groupId>
    <artifactId>spring-jdbc</artifactId>
    <version>${spring.version}</version>
</dependency>
<dependency>
    <groupId>org.springframework</groupId>
    <artifactId>spring-beans</artifactId>
    <version>${spring.version}</version>
</dependency>
<dependency>
    <groupId>org.springframework</groupId>
    <artifactId>spring-aop</artifactId>
    <version>${spring.version}</version>
</dependency>
<dependency>
    <groupId>org.springframework</groupId>
    <artifactId>spring-tx</artifactId>
    <version>${spring.version}</version>
</dependency>
<dependency>
    <groupId>org.springframework</groupId>
    <artifactId>spring-expression</artifactId>
    <version>${spring.version}</version>
</dependency>
<dependency>
    <groupId>org.springframework</groupId>
    <artifactId>spring-web</artifactId>
    <version>${spring.version}</version>
</dependency>

 5.3. spring-security-config and others

To use the rich Spring Security XML namespace, the spring-security-config dependency will be required:

<dependency>
    <groupId>org.springframework.security</groupId>
    <artifactId>spring-security-config</artifactId>
    <version>${org.springframework.security.version}</version>
    <scope>runtime</scope>
</dependency>

No application code should compile against this dependency, so it should be scoped as runtime.

Finally, LDAP, ACL, CAS and OpenID support have their own dependencies in Spring Security: spring-security-ldap, spring-security-acl, spring-security-cas and spring-security-openid.

6. Spring Test

The Spring Test Framework can be included in the project via the following dependency:

<dependency>
    <groupId>org.springframework</groupId>
    <artifactId>spring-test</artifactId>
    <version>${spring.version}</version>
    <scope>test</scope>
</dependency>

As of Spring 3.2, the Spring MVC Test project, which started as a standalone project available on github [11], has been included into the core Test Framework; this means that Spring 3.2 applications should simply use the spring-test dependency.

For applications still using Spring 3.1 and below, the older standalone Maven dependency still exists and can be used [12] for almost identical results. The dependency is not on Maven Central however, so using it will require adding a custom repository to the pom of the project.

7. Using Milestones

The release version of Spring are hosted on Maven Central. However, if a project needs to use milestone versions, then a custom Spring repository needs to be added to the pom:

<repositories>
    <repository>
        <id>repository.springframework.maven.milestone</id>
        <name>Spring Framework Maven Milestone Repository</name>
        <url>http://maven.springframework.org/milestone</url>
    </repository>
</repositories>

One this repository has been defined, the project can define dependencies such as:

<dependency>
    <groupId>org.springframework</groupId>
    <artifactId>spring-core</artifactId>
    <version>3.2.0.RC2</version>
</dependency>

8. Using Snapshots

Similar to milestons, snapshots are hosted in a custom repository:

<repositories>
    <repository>
        <id>repository.springframework.maven.snapshot</id>
        <name>Spring Framework Maven Snapshot Repository</name>
        <url>http://maven.springframework.org/snapshot</url>
    </repository>
</repositories>

One the SNAPSHOT repository is enabled in the pom, the following dependencies can be referenced:

<dependency>
    <groupId>org.springframework</groupId>
    <artifactId>spring-core</artifactId>
    <version>3.3.0.BUILD-SNAPSHOT</version>
</dependency>

And even:

<dependency>
    <groupId>org.springframework</groupId>
    <artifactId>spring-core</artifactId>
    <version>4.0.0.BUILD-SNAPSHOT</version>
</dependency>

9. Conclusion

This article discusses the practical details of using Spring with Maven. The Maven dependencies presented here are of course some of the major ones, and there are several others that may be worth mentioning and have not yet made the cut. Nevertheless this should be a good starting point for using Spring in a project.