Open in app

Sign in

Write

Sign in

BOM (Bill of Materials)with Maven and Spring

Abdalrhmanalkraien
CodeX
Published in
3 min readJul 7, 2023

Introduction:

As Java developers, we may maintain many applications using Maven for their dependency management. These applications need upgrades from time to time to be up to date and to add new features or security updates.

This easy task — updating dependencies’ versions — can easily turn out to become a nightmare because of conflicts between certain dependencies.

In this article, we will display how BOM will work, and how Maven will work with dependency.

Thanks for https://reflectoring.io/maven-bom/ to important information about maven

What are dependencies??

If we are writing code, and we need to write some logic about print String, we can write this logic by hand, or we can use a library to provide us with this feature, And actually, we will use a library to save time and effort.

The library here is the dependency.

Maven is a package manager to manage dependencies used in the application, and Maven will retrieve the dependency from the Maven repository if not exist in your local machine.

and Maven will retrieve the dependency by dependency version and name.

if a dependency has a new change the version will change also, so we need to update the version in our code, if the previous version has a security issue or something like that.

So the BOM concept appeared to solve this problem in our applications to easy to manage dependencies and versions of dependencies.

What is BOM and how it can solve updating dependencies??

The Bill Of Material is a special POM file that groups dependency versions that are known to be valid and tested to work together. This will reduce the developers’ pain of having to test the compatibility of different versions and reduce the chances to have version mismatches.

BOM elements:

  • a pom packaging type: <packaging>pom</packaging>.
  • a dependencyManagement the section that lists the dependencies of a project.

Inside the dependencyManagement we will set all of the dependencies needed and specific versions of the dependency because it is mandatory.

BOM example:

<project ...>
    <modelVersion>4.0.0</modelVersion>
    <groupId>reflectoring</groupId>
    <artifactId>reflectoring-bom</artifactId>
    <version>1.0</version>
    <packaging>pom</packaging>
    <name>Reflectoring Bill Of Material</name>
    <dependencyManagement>
        <dependencies>
            <dependency>
                <groupId>io.reflectoring</groupId>
                <artifactId>logging</artifactId>
                <version>2.1</version>
            </dependency>
            <dependency>
                <groupId>io.reflectoring</groupId>
                <artifactId>test</artifactId>
                <version>1.1</version>
            </dependency>
        </dependencies>
    </dependencyManagement>
</project>

we can use BOM files in two ways:

  • as a parent
  • as a dependency

BOM as a parent

<project ...>
    <modelVersion>4.0.0</modelVersion>
    <parent>
        <groupId>reflectoring</groupId>
        <artifactId>reflectoring-bom</artifactId>
        <version>1.0</version>
    </parent>
    
    <groupId>reflectoring</groupId>
    <artifactId>new-project</artifactId>
    <version>1.0.0-SNAPSHOT</version>
    <packaging>jar</packaging>
    <name>New Project</name>
    
    <dependency>
        <groupId>io.reflectoring</groupId>
        <artifactId>logging</artifactId>
    </dependency>
</project>

the above script uses BOM as a parent to manage dependency.

In this example, we note that the logging dependency in our project doesn’t need a version number. Maven will resolve it from the list of dependencies in the BOM file.

For a real-life example, Spring Boot projects created from the start.spring.io platform inherit from a parent POM spring-boot-starter-parent which inherits also from spring-boot-dependencies. This POM file has a dependencyManagement the section containing a list of dependencies required by Spring Boot projects. This file is a BOM file provided by the Spring Boot team to manage all the dependencies.

Adding a BOM as a Dependency

<project ...>
    <modelVersion>4.0.0</modelVersion>   
    <groupId>reflectoring</groupId>
    <artifactId>new-project</artifactId>
    <version>1.0.0-SNAPSHOT</version>
    <packaging>jar</packaging>
    <name>New Project</name>
    
    <dependency>
        <groupId>io.reflectoring</groupId>
        <artifactId>logging</artifactId>
    </dependency>
    
    <dependencyManagement>
     <dependencies>
            <dependency>
                <groupId>reflectoring</groupId>
                <artifactId>reflectoring-bom</artifactId>
                <version>1.0</version>
                <type>pom</type>
                <scope>import</scope>
            </dependency>
        </dependencies>
    </dependencyManagement>
</project>

Maven will behave exactly like the example with the parent BOM file in terms of dependency resolution. The only thing that differs is how the BOM file is imported.

Conclusion:

Understanding dependency management in Maven is crucial to avoid getting version conflicts and wasting time resolving them.

Using the BOM is a good way the ensure consistency between the dependencies versions and a safer way in multi-module project management.

References

Maven
Spring Boot
Spring

--

--

Abdalrhmanalkraien
CodeX

Written by Abdalrhmanalkraien

241 Followers
Writer for

I am a Java Developer and DevOps Engineer. I used the latest Technology for build completed development or Deployment

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams