Which dependencies can I remove if I am not using embedded Tomcat?
279 views
Skip to first unread message
Ganesh Prasad
Oct 17, 2018, 1:03:08 AM10/17/18
to CAS Community
Hi all,
Looking through my pom.xml, I can see many dependencies that may not be relevant to my build, since I run the war file in a standalone Tomcat instance and do not use the embedded Tomcat facility. Which of these can I safely remove? I think that will also reduce the size of my war file (it's currently over 100 MB).
<dependencies>
<dependency>
<groupId>org.apache.tomcat.embed</groupId>
<artifactId>tomcat-embed-core</artifactId>
<version>${tomcat.version}</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.apache.tomcat.embed</groupId>
<artifactId>tomcat-embed-el</artifactId>
<version>${tomcat.version}</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.apache.tomcat</groupId>
<artifactId>tomcat-catalina</artifactId>
<version>${tomcat.version}</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>javax.inject</groupId>
<artifactId>javax.inject</artifactId>
<version>1</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>servlet-api</artifactId>
<version>2.5</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>jstl</groupId>
<artifactId>jstl</artifactId>
<version>1.2</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.apereo.cas</groupId>
<artifactId>cas-server-webapp${app.server}</artifactId>
<version>${cas.version}</version>
<type>war</type>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.apereo.cas</groupId>
<artifactId>cas-server-support-ldap</artifactId>
<version>${cas.version}</version>
</dependency>
<dependency>
<groupId>org.apereo.cas</groupId>
<artifactId>cas-server-support-jdbc</artifactId>
<version>${cas.version}</version>
</dependency>
<dependency>
<groupId>org.apereo.cas</groupId>
<artifactId>cas-server-support-pac4j-webflow</artifactId>
<version>${cas.version}</version>
</dependency>
<dependency>
<groupId>org.apereo.cas</groupId>
<artifactId>cas-server-support-saml</artifactId>
<version>${cas.version}</version>
</dependency>
<dependency>
<groupId>org.apereo.cas</groupId>
<artifactId>cas-server-support-pm</artifactId>
<version>${cas.version}</version>
</dependency>
<dependency>
<groupId>org.apereo.cas</groupId>
<artifactId>cas-server-support-pm-ldap</artifactId>
<version>${cas.version}</version>
</dependency>
<dependency>
<groupId>org.apereo.cas</groupId>
<artifactId>cas-server-support-cookie</artifactId>
<version>${cas.version}</version>
</dependency>
<!-- Authentication throttling -->
<dependency>
<groupId>org.apereo.cas</groupId>
<artifactId>cas-server-support-throttle</artifactId>
<version>${cas.version}</version>
</dependency>
</dependencies>
Andy Ng
Oct 18, 2018, 2:21:48 AM10/18/18
to CAS Community
Hi Ganesh,
CAS war file will run fine by just the default cas overlay pom.xml (https://github.com/apereo/cas-overlay-template/blob/5.3/pom.xml)
So what to keep really depends on what you need to add beyond the barebone CAS configuration.
I think for all of the one starting with "cas-server", like:
- cas-server-webapp${app.server},
- cas-server-support-ldap,
- cas-server-support-jdbc,
- cas-server-support-pac4j-webflow,
- cas-server-support-saml,
- cas-server-support-pm,
- cas-server-support-pm-ldap,
- cas-server-support-cookie,
- cas-server-support-throttle
You are intentionally adding them to enable some features, so those definitely cannot be removed (unless you did not need them anymore)
For the other, you can test whether or not you need the dependency by simply removing them and see what happens.
If there is any build error or missing features, just add them back in. Repeat that for all your dependencies and you should be good to go.
I don't think there will be many high risk with the above "try and error" method as long as your CAS still functional, however of course remove them at your own risk.
Cheers!
- Andy
Ganesh and Sashi Prasad
Oct 18, 2018, 3:44:18 AM10/18/18
to cas-...@apereo.org
Thanks, Andy, I will try this.
Yes, the cas-server-* ones are there because I need those features.
Regards,
Ganesh
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/5c437751-39ee-4248-94af-38044c7ac439%40apereo.org.
Andy Ng
Oct 18, 2018, 3:56:03 AM10/18/18
to CAS Community
Hi Ganesh,
I forget to clarify, our CAS server is also using Tomcat war deployment (CAS 5.x, been running for at least 5 months now), and I don't have the following in my pom.xml
- tomcat-embed-core
- tomcat-embed-el
- tomcat-catalina
- jstl
So I think it is safe to assume those are not needed.
As for:
As for:
- javax.inject
- servlet-api
Those are used by us to enable some custom features. If I remove those customization, those 2 are not needed as well.
Hope these info give you more peace in mind when cleaning up your pom.xml :)
Cheers!
- Andy
Ganesh Prasad
Oct 18, 2018, 12:48:13 PM10/18/18
to CAS Community
Thanks for your help, Andy, and sorry for troubling you again.
I could remove all the other libraries below:
tomcat-embed-core
tomcat-embed-el
jstl
javax.inject
servlet-api
But when I removed tomcat-catalina, I got an error when Maven was about to build the war file:
Failed to execute goal org.apache.maven.plugins:maven-war-plugin:3.2.1:war (default-war) on project iam: Error assembling WAR: webxml attribute is required (or pre-existing WEB-INF/web.xml if executing in update mode)
What could be going wrong?
Also, since you deploy the war file to a standalone Tomcat server, how large is your war file? Mine is 102 MB. Is this reasonable?
Regards,
Ganesh
David Curry
Oct 18, 2018, 1:02:06 PM10/18/18
to cas-...@apereo.org
Ganesh,
Our CAS 5.2.7 WAR file is 121MB with the following dependencies:
cas-server-support-mongo-service-registrycas-server-support-ldapcas-server-support-samlcas-server-support-saml-idpcas-server-support-saml-googleappscas-server-support-duocas-server-support-mongo-ticket-registry
We deploy it to a standalone Tomcat, but we deploy as an exploded WAR file (directory).
--Dave
--
DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY
71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david...@newschool.edu
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/86b2862a-dc53-4d78-94a6-352a49e40258%40apereo.org.
Ganesh Prasad
Oct 18, 2018, 8:46:36 PM10/18/18
to CAS Community
Thanks, David. That's reassuring.
I have another question. If I need to force the Maven build to use a later version of a library, how do I do it, given that I don't have control over the transitive dependencies of the build?
For example, if I build CAS 5.3.4, the war file has 'spring-webmvc-pac4j-3.0.0.jar', but I would like it to bundle 'spring-webmvc-pac4j-3.0.6.jar' instead. For security or other reasons, the later version of the library may be recommended, but it doesn't automatically get bundled as part of the default build, even the very latest one.
Regards,
Ganesh
Jozef Kotlar - EEA.sk
Oct 19, 2018, 8:37:18 AM10/19/18
to CAS Community
Just to clear up - dependencies marked as provided should not be bundled to WAR, this classification specifies, that library will exist in target environment.
Reply all
Reply to author
Forward
0 new messages