docusign-esign-java-client icon indicating copy to clipboard operation
docusign-esign-java-client copied to clipboard

Published 20 hours ago verified publisher icon docusign

Shading dependencies

Open davidsubskribe opened this issue 3 years ago • 6 comments

Hi,

I want to request that docusign-esign-java be shaded using maven-shade-plugin.

Our company is currently adopting the DocuSign Java SDK and found that docusign-esign-java is not shaded. This is especially concerning, as docusign-esign-java is not a thin client and have many external dependencies. Particularly for us, docusign-esign-java is pulling in org.glassfish.jersey.media:jersey-media-json-jackson which conflicts with org.glassfish.jersey.media:jersey-media-jaxb (which is being pulled in by io.dropwizard). Please see here on why this would be an issue.

I would assume most (if not all) enterprise Java applications would utilize a Java framework, including Jersey. I would see this being an issue for many other companies that are trying to integrate DocuSign into their system.

I have already confirmed that shading docusign-esign-java resolves any conflicts.

Please let me know if I can provide any supplementary detail. Thank you for taking the time to read through this 🙂.

davidsubskribe avatar Oct 21 '21 17:10 davidsubskribe

Hi David,

Thanks for sharing this. I saw your post this weekend and am touching base with our engineers internally to evaluate this issue.

jglassenberg avatar Oct 25 '21 07:10 jglassenberg

This would be a fantastic feature. We have a lot of dependancy clashes because of the docusign-esign-java client.

rjdkolb avatar May 24 '22 12:05 rjdkolb

@rjdkolb @jglassenberg I ended up hosting my own shaded artifact on JFrog. Adding maven-shade-plugin to the pom.xml would shade the transitive dependencies.

<build>
    <plugins>
        <plugin>
            <groupId>org.apache.maven.plugins</groupId>
            <artifactId>maven-shade-plugin</artifactId>
            <version>3.3.0</version>
            <executions>
                <execution>
                    <phase>package</phase>
                    <goals>
                        <goal>shade</goal>
                    </goals>
                    <configuration>
                        <createSourcesJar>true</createSourcesJar>
                        <shadeSourcesContent>true</shadeSourcesContent>
                        <filters>
                            <filter>
                                <artifact>*:*</artifact>
                                <excludes>
                                    <exclude>INSTALL.html</exclude>
                                    <exclude>LICENSE</exclude>
                                    <exclude>README</exclude>
                                    <exclude>META-INF/*.SF</exclude>
                                    <exclude>META-INF/*.DSA</exclude>
                                    <exclude>META-INF/*.RSA</exclude>
                                    <exclude>META-INF/ASL2.0</exclude>
                                    <exclude>META-INF/DEPENDENCIES.txt</exclude>
                                    <exclude>META-INF/LICENSE.txt</exclude>
                                    <exclude>META-INF/NOTICE.txt</exclude>
                                    <exlude>overview.html</exlude>
                                </excludes>
                            </filter>
                        </filters>
                        <relocations>
                            <relocation>
                                <pattern>io.swagger</pattern>
                                <shadedPattern>com.docusign.shaded.io.swagger</shadedPattern>
                            </relocation>
                            <relocation>
                                <pattern>org.glassfish</pattern>
                                <shadedPattern>com.docusign.shaded.org.glassfish</shadedPattern>
                            </relocation>
                            <relocation>
                                <pattern>com.fasterxml</pattern>
                                <shadedPattern>com.docusign.shaded.com.fasterxml</shadedPattern>
                            </relocation>
                            <relocation>
                                <pattern>com.brsanthu</pattern>
                                <shadedPattern>com.docusign.shaded.com.brsanthu</shadedPattern>
                            </relocation>
                            <relocation>
                                <pattern>org.apache</pattern>
                                <shadedPattern>com.docusign.shaded.org.apache</shadedPattern>
                            </relocation>
                            <relocation>
                                <pattern>org.bouncycastle</pattern>
                                <shadedPattern>com.docusign.shaded.org.bouncycastle</shadedPattern>
                            </relocation>
                            <relocation>
                                <pattern>com.auth0</pattern>
                                <shadedPattern>com.docusign.shaded.com.auth0</shadedPattern>
                            </relocation>
                            <relocation>
                                <pattern>org.slf4j</pattern>
                                <shadedPattern>com.docusign.shaded.org.slf4j</shadedPattern>
                            </relocation>
                            <relocation>
                                <pattern>org.aopalliance</pattern>
                                <shadedPattern>com.docusign.shaded.org.aopalliance</shadedPattern>
                            </relocation>
                            <relocation>
                                <pattern>org.json</pattern>
                                <shadedPattern>com.docusign.shaded.org.json</shadedPattern>
                            </relocation>
                            <relocation>
                                <pattern>org.jvnet</pattern>
                                <shadedPattern>com.docusign.shaded.org.jvnet</shadedPattern>
                            </relocation>
                        </relocations>
                        <dependencyReducedPomLocation>target/reduced-pom.xml</dependencyReducedPomLocation>
                    </configuration>
                </execution>
            </executions>
        </plugin>
    </plugins>
</build>

davidsubskribe avatar May 26 '22 18:05 davidsubskribe

The decision was to use uber jar. Here is how you can get 3.19.0 with Maven (similar syntax exits for Gradle and others):

<dependency>
  <groupId>com.docusign</groupId>
  <artifactId>docusign-esign-java</artifactId>
  <version>3.19.0</version>
  <classifier>shaded</classifier>
</dependency>

mmallis87 avatar May 27 '22 17:05 mmallis87

@mmallis87 I tried pulling 3.19.0 into our project as you suggested and my Maven build failed with the following error:

Security Invalid signature file digest for Manifest main attributes

I'm wondering if this error shows up for anyone else.

My suspicion is that manifest signature files under META-INF need to be excluded from shading, as can be found here.

davidsubskribe avatar May 27 '22 22:05 davidsubskribe

@davidsubskribe I also tried pulling in 3.19.0 as @mmallis87 suggested, but I received the same Maven build error. I am experimenting with excluding signature files as you mentioned.

Not sure if that's the best option to go with (according to an answer by MattW, but time will tell.

If anyone else finds an elegant solution for this, please do share it!

jacobbrokaw avatar Jun 28 '22 17:06 jacobbrokaw