Invoking unexpected methods, due to dependency conflicts on org.codehaus.jackson:jackson-core-asl:jar

[HelloCoCooo]

Hi, in openstack-java-sdk-3.2.5 (openstack-client-connectors\resteasy-connector module), there are mulptiple versions of org.codehaus.jackson:jackson-core-asl: jar. However, according to Maven's dependency management strategy, only org.codehaus.jackson:jackson-core-asl:jar:1.9.4 can be loaded, and org.codehaus.jackson:jackson-core-asl:jar:1.9.13 will be shadowed.

As shown in the following dependency tree, com.woorea:openstack-client:jar:3.2.5:compile expects to reference org.codehaus.jackson:jackson-core-asl:1.9.13. But due to dependency conflicts, Maven actually loads org.codehaus.jackson:jackson-core-asl:jar:1.9.4. As a result, com.woorea:openstack-client:jar:3.2.5:compile has to invoke the methods included in the unexpected version org.codehaus.jackson:jackson-core-asl:jar:1.9.4, which may cause inconsistent semantic behaviors.

For instance, method com.woorea.openstack.connector.RESTEasyConnector.createClientExecutor() actually references method org.codehaus.jackson.impl.Utf8StreamParser.validate(ClientResponse) in the unexpected version org.codehaus.jackson:jackson-core-asl:jar:1.9.4 via the following invocation path:

<com.woorea.openstack.connector.RESTEasyConnector: com.woorea.openstack.base.client.OpenStackResponse createClientExecutor()> C:\Users\Flipped\Desktop\project\resteasy-connector\.\target\classes
<org.codehaus.jackson.map.MappingIterator: boolean hasNext()> C:\Users\Flipped\.m2\repository\org\codehaus\jackson\jackson-mapper-asl\1.9.13\jackson-mapper-asl-1.9.13.jar
<org.codehaus.jackson.map.ClientRequest: boolean status()> C:\Users\Flipped\.m2\repository\org\codehaus\jackson\jackson-mapper-asl\1.9.13\jackson-jaxrs.1.9.4.jar
C:\Users\Flipped\.m2\repository\org\codehaus\jackson\jackson-core-asl\1.9.4\jackson-core-asl-1.9.4.jar
<org.codehaus.jackson.impl.Utf8StreamParser: void validate(ClientResponse<T>)>

By further analyzing, the expected callee org.codehaus.jackson.impl.Utf8StreamParser.validate(ClientResponse) in shadowed version org.codehaus.jackson:jackson-mapper-asl:jar:1.9.13, have different implementations from the actual callees with the same signatures (same method names, same paremeters) included in the unexpected (but actual loaded) version org.codehaus.jackson:jackson-core-asl:jar:1.9.4, which leads to different behaviors.

### Solution: Use the newer version org.codehaus.jackson:jackson-mapper-asl:jar:1.9.13 to keep the version consistency.

Dependency tree----

[INFO] --- maven-dependency-plugin:2.8:tree (default-cli) @ resteasy-connector --- [INFO] com.woorea:resteasy-connector:jar:3.2.5 [INFO] +- org.jboss.resteasy:resteasy-jaxrs:jar:2.3.2.Final:compile [INFO] | +- org.jboss.resteasy:jaxrs-api:jar:2.3.2.Final:compile [INFO] | +- org.scannotation:scannotation:jar:1.0.3:compile [INFO] | | - javassist:javassist:jar:3.12.1.GA:compile [INFO] | +- javax.annotation:jsr250-api:jar:1.0:compile [INFO] | +- javax.activation:activation:jar:1.1:compile [INFO] | +- (commons-httpclient:commons-httpclient:jar:3.1:compile - omitted for duplicate) [INFO] | +- org.apache.httpcomponents:httpclient:jar:4.1.2:compile [INFO] | | +- org.apache.httpcomponents:httpcore:jar:4.1.2:compile [INFO] | | +- (commons-logging:commons-logging:jar:1.1.1:compile - omitted for conflict with 1.0.4) [INFO] | | - (commons-codec:commons-codec:jar:1.4:compile - omitted for conflict with 1.2) [INFO] | - net.jcip:jcip-annotations:jar:1.0:compile [INFO] +- org.codehaus.jackson:jackson-jaxrs:jar:1.9.4:compile [INFO] | +- org.codehaus.jackson:jackson-core-asl:jar:1.9.4:compile [INFO] | - (org.codehaus.jackson:jackson-mapper-asl:jar:1.9.4:compile - omitted for conflict with 1.9.13) [INFO] +- commons-httpclient:commons-httpclient:jar:3.1:compile [INFO] | +- commons-logging:commons-logging:jar:1.0.4:compile [INFO] | - commons-codec:commons-codec:jar:1.2:compile [INFO] +- com.woorea:openstack-client:jar:3.2.5:compile [INFO] | - (org.codehaus.jackson:jackson-mapper-asl:jar:1.9.13:compile - omitted for conflict with 1.9.4) [INFO] - org.codehaus.jackson:jackson-mapper-asl:jar:1.9.13:compile [INFO] - (org.codehaus.jackson:jackson-core-asl:jar:1.9.13:compile - omitted for conflict with 1.9.4)

Thanks! Best regards, Coco

[HelloCoCooo]

Code snippet of org.codehaus.jackson.impl.Utf8StreamParser.validate(ClientResponse) in org.codehaus.jackson:jackson-core-asl:jar:1.9.4:

    public boolean validate(ClientResponse<T> response) {
        return true;
    }

Code snippet of org.codehaus.jackson.impl.Utf8StreamParser.validate(ClientResponse) in org.codehaus.jackson:jackson-core-asl:jar:1.9.13:

    public boolean validate(ClientResponse<T> response) {
        return response.getStatus();
    }

Method org.codehaus.jackson.impl.Utf8StreamParser.validate(ClientResponse) included in newer version org.codehaus.jackson:jackson-core-asl:jar:1.9.13 deals with more cases, which changes the control flows and data flows. So being forced to use older version org.codehaus.jackson:jackson-core-asl:jar:1.9.4 may lead to inconsisitent semantic behaviors.

Using the following test case to run on these two versions of methods separately starting from the entry method com.woorea.openstack.connector.RESTEasyConnector.createClientExecutor() in your project, then we can find the differences in their return values.

public void test01(){
             RESTEasyConnector rESTEasyConnector =  new RESTEasyConnector("/endpoints/");
             rESTEasyConnector.createClientExecutor();
}

Please check whether the changes of this variable value will affect your semantic behaviors.

    public ClientExecutor createClientExecutor() {
        if (request.status())   
            return ClientRequest.getDefaultExecutor();
        else    
            return null;
    }

[dominikholler]

May I pull a request to fix it? 8)

You are welcome to do so!

[HelloCoCooo]

@dominikholler Thanks for your quick reply.