在pom.xml文件中放置依赖项的正确位置是什么？

Question

这是我的pom.xml的样子

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>
    <parent>
        <groupId>stark</groupId>
        <artifactId>stark-parent</artifactId>
        <version>1.5.0</version>
    </parent>
    <groupId>api</groupId>
    <artifactId>adapter-mvp</artifactId>
    <version>0.0.1-SNAPSHOT</version>
    <name>adapter-mvp</name>
    <description>adapter-mvp grpc service</description>
    <properties>
        <business-domains-model.version>0.0.9-847a022</business-domains-model.version>
        <!-- Test dependencies versions-->
        <blockhound.version>1.0.4.RELEASE</blockhound.version>
        <jacoco.coverage.line>0.1</jacoco.coverage.line>
        <jacoco.coverage.branch>0.16
        </jacoco.coverage.branch> 
        <detekt.config>detekt.yml</detekt.config>
    </properties>
    <dependencyManagement>      ---------------line 24
        <dependencies>
            <dependency>
                <groupId>io.projectreactor.tools</groupId>
                <artifactId>blockhound</artifactId>
                <version>${blockhound.version}</version>
                <scope>test</scope>
            </dependency>
        </dependencies>
    </dependencyManagement>
    <dependencies>

        <!-- Test dependencies --> -----------------line 35
       
        <dependency>
            <groupId>jakarta.xml.bind</groupId>
            <artifactId>jakarta.xml.bind-api</artifactId>
        </dependency>

        <dependency>
            <groupId>org.glassfish.jaxb</groupId>
            <artifactId>jaxb-runtime</artifactId>
            <version>2.3.2</version>
        </dependency>

        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web-services</artifactId>
            <exclusions>
                <exclusion>
                    <groupId>org.springframework.boot</groupId>
                    <artifactId>spring-boot-starter-tomcat</artifactId>
                </exclusion>

                <exclusion>
                    <groupId>org.jvnet.staxex</groupId>
                    <artifactId>stax-ex</artifactId>
                </exclusion>
            </exclusions>
        </dependency>

        <dependency>
            <groupId>io.projectreactor.tools</groupId>
            <artifactId>blockhound</artifactId>
            <scope>test</scope>
        </dependency>
    </dependencies>
    <build>
        <finalName>eg-gtp-tax-engine-adapter-mvp</finalName>
        <sourceDirectory>${project.basedir}/src/main/kotlin</sourceDirectory>
        <testSourceDirectory>${project.basedir}/src/test/kotlin</testSourceDirectory>
        <pluginManagement>
            <plugins>
            </plugins>
        </pluginManagement>
    </build>
</project>

我想要将这三个依赖项添加到pom文件中，当我将它们放在第35行时，我得到了错误"Cannot resolve com.amazonaws:aws-java-sdk-bom:1.11.974“

当我将它们放在第24行时，我的代码中出现了错误，似乎我没有在pom中添加secretsmanager依赖项，有人能帮我解决这个问题吗？放置这些依赖项的正确位置是什么？

<dependency>
            <groupId>com.amazonaws</groupId>
            <artifactId>aws-java-sdk-bom</artifactId>
            <version>1.11.974</version>
        </dependency>
        <dependency>
            <groupId>com.amazonaws</groupId>
            <artifactId>aws-java-sdk-core</artifactId>
            <version>1.11.974</version>
        </dependency>
        <dependency>
            <groupId>com.amazonaws</groupId>
            <artifactId>aws-java-sdk-secretsmanager</artifactId>
            <version>1.11.974</version>
        </dependency>

错误

[WARNING] Rule 0: org.apache.maven.plugins.enforcer.BannedDependencies failed with message:
| =====================================================================================
| You have included a banned library, and you need to remove the dependency.
| It is likely a transitive dependency of another library you have added to this POM,
| the easiest way for you to determine how the dependency was added is to run:
|
| %> mvn dependency:tree -Dverbose=true
|
| and scan that output for references to the offending dependency (listed after this
| message) - you will either need to refactor that dependency to not use the
| offending library (if you control the source) or to add an exclusion for that
| library here in this pom (there are numerous examples).
| ======================================================================================
Found Banned Dependency: commons-logging:commons-logging:jar:1.1.3
Use 'mvn dependency:tree' to locate the source of the banned dependencies.
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time:  3.665 s
[INFO] Finished at: 2021-03-14T22:36:27-07:00
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.apache.maven.plugins:maven-enforcer-plugin:3.0.0-M1:enforce (enforce-banned-logging-libraries) on project eg-gtp-tax-engine-adapter-mvp: Some Enforcer rules have failed. Look above for specific messages explaining why the rule failed. -> [Help 1]


dependency tree

[INFO] +- com.amazonaws:aws-java-sdk-secretsmanager:jar:1.11.974:compile
[INFO] |  +- com.amazonaws:aws-java-sdk-core:jar:1.11.974:compile
[INFO] |  |  +- commons-logging:commons-logging:jar:1.1.3:compile
[INFO] |  |  +- org.apache.httpcomponents:httpclient:jar:4.5.13:compile
[INFO] |  |  |  +- org.apache.httpcomponents:httpcore:jar:4.4.14:compile
[INFO] |  |  |  \- commons-codec:commons-codec:jar:1.15:compile
[INFO] |  |  +- software.amazon.ion:ion-java:jar:1.0.2:compile
[INFO] |  |  +- com.fasterxml.jackson.dataformat:jackson-dataformat-cbor:jar:2.11.3:compile
[INFO] |  |  \- joda-time:joda-time:jar:2.8.1:compile
[INFO] |  \- com.amazonaws:jmespath-java:jar:1.11.974:compile

Answer 1

物料清单依赖项应放在<dependencyManagement>部分中

<dependencyManagement>
    <dependency>
        <groupId>com.amazonaws</groupId>
        <artifactId>aws-java-sdk-bom</artifactId>
        <version>1.11.974</version>
        <type>pom</type>
        <scope>import</scope>
    </dependency>
    ....
    ....
</dependencyManagement>

BOM依赖关系将管理其他aws模块依赖关系的版本。因此，其余的依赖项可以放在没有版本参数的部分中。

<dependencies>
    <dependency>
        <groupId>com.amazonaws</groupId>
        <artifactId>aws-java-sdk-bom</artifactId>
    </dependency>
    <dependency>
        <groupId>com.amazonaws</groupId>
        <artifactId>aws-java-sdk-core</artifactId>
    </dependency>
    <dependency>
        <groupId>com.amazonaws</groupId>
        <artifactId>aws-java-sdk-secretsmanager</artifactId>
    </dependency>
    ...
    ...
</dependencies>