个人中心
gpt4 book ai didi

java - JJWT 依赖混淆

转载 作者:行者123 更新时间:2023-12-03 21:11:44 24 4
gpt4 key购买 nike

我继承了一个在 POM.xml 中有这个的 java 项目:

<properties>
    <jjwt.version>0.11.1</jjwt.version>
</properties>

// from https://github.com/jwtk/jjwt#maven
<dependency>
    <groupId>io.jsonwebtoken</groupId>
    <artifactId>jjwt-api</artifactId>
    <version>${jjwt.version}</version>
</dependency>
<dependency>
    <groupId>io.jsonwebtoken</groupId>
    <artifactId>jjwt-impl</artifactId>
    <version>${jjwt.version}</version>
    <scope>runtime</scope>
</dependency>
<dependency>
    <groupId>io.jsonwebtoken</groupId>
    <artifactId>jjwt-jackson</artifactId> <!-- or jjwt-gson if Gson is preferred -->
    <version>${jjwt.version}</version>
    <scope>runtime</scope>
</dependency>

// what is this "jjwt" dep, and why might it be using a different version?
<dependency>
    <groupId>io.jsonwebtoken</groupId>
    <artifactId>jjwt</artifactId>
    <version>0.9.1</version> 
</dependency>
这个“jjwt”dep 是什么,为什么它可能使用不同的版本?
我在 https://github.com/jwtk/jjwt 没有看到任何提及它
但它在这里: https://mvnrepository.com/artifact/io.jsonwebtoken

最佳答案

在 JJWT 0.10.0 版本之前,API 和实现都打包为一个工件,io.jsonwebtoken:jjwt .
从 0.10.0 版本开始,API 和实现分为两个不同的工件。
摘自 JJWT Release Notes, version 0.10.0 :

JJWT's new modular design utilizes distinctions between compile and runtime dependencies to ensure you only depend on the public APIs that are safe to use in your application. All internal/private implementation classes have been moved to a new jjwt-impl runtime dependency.

If you depended on any internal implementation classes in the past, you have two choices:

  • Refactor your code to use the public-only API classes and interfaces in the jjwt-api .jar. Any functionality you might have used in the internal implementation should be available via newer cleaner interfaces and helper classes in that .jar.

  • Specify the new jjwt-impl .jar not as a runtime dependency but as a compile dependency. This would make your upgrade to JJWT 0.10.0 fully backwards compatible, but you do so at your own risk. JJWT will make NO semantic version compatibility guarantees in the jjwt-impl .jar moving forward. Semantic versioning will be very carefully adhered to in all other JJWT dependencies however.



我的猜测是您的项目团队没有完成从 JJWT <= 0.9 到 JJWT >= 0.10 的升级。

关于java - JJWT 依赖混淆,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/63346655/

24 4 0
文章推荐: iPhone OpenGL 和 NSTimer 问题
文章推荐: javascript - 为什么 typeof 不是方法?
文章推荐: haskell - 单子(monad)和 ZipList 以外的应用仿函数?
文章推荐: iPhone开发: Best method to allow user to chose search scope
行者123
个人简介

我是一名优秀的程序员,十分优秀!

滴滴打车优惠券免费领取
滴滴打车优惠券
全站热门文章
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com