Shading dependencies

[davidsubskribe]

Hi,

I want to request that docusign-esign-java be shaded using maven-shade-plugin.

Our company is currently adopting the DocuSign Java SDK and found that docusign-esign-java is not shaded. This is especially concerning, as docusign-esign-java is not a thin client and have many external dependencies. Particularly for us, docusign-esign-java is pulling in org.glassfish.jersey.media:jersey-media-json-jackson which conflicts with org.glassfish.jersey.media:jersey-media-jaxb (which is being pulled in by io.dropwizard). Please see here on why this would be an issue.

I would assume most (if not all) enterprise Java applications would utilize a Java framework, including Jersey. I would see this being an issue for many other companies that are trying to integrate DocuSign into their system.

I have already confirmed that shading docusign-esign-java resolves any conflicts.

Please let me know if I can provide any supplementary detail. Thank you for taking the time to read through this 🙂.

[jglassenberg]

Hi David,

Thanks for sharing this. I saw your post this weekend and am touching base with our engineers internally to evaluate this issue.

[rjdkolb]

This would be a fantastic feature.
We have a lot of dependancy clashes because of the docusign-esign-java client.

[davidsubskribe]

@rjdkolb @jglassenberg I ended up hosting my own shaded artifact on JFrog. Adding maven-shade-plugin to the pom.xml would shade the transitive dependencies.

<build>
    <plugins>
        <plugin>
            <groupId>org.apache.maven.plugins</groupId>
            <artifactId>maven-shade-plugin</artifactId>
            <version>3.3.0</version>
            <executions>
                <execution>
                    <phase>package</phase>
                    <goals>
                        <goal>shade</goal>
                    </goals>
                    <configuration>
                        <createSourcesJar>true</createSourcesJar>
                        <shadeSourcesContent>true</shadeSourcesContent>
                        <filters>
                            <filter>
                                <artifact>*:*</artifact>
                                <excludes>
                                    <exclude>INSTALL.html</exclude>
                                    <exclude>LICENSE</exclude>
                                    <exclude>README</exclude>
                                    <exclude>META-INF/*.SF</exclude>
                                    <exclude>META-INF/*.DSA</exclude>
                                    <exclude>META-INF/*.RSA</exclude>
                                    <exclude>META-INF/ASL2.0</exclude>
                                    <exclude>META-INF/DEPENDENCIES.txt</exclude>
                                    <exclude>META-INF/LICENSE.txt</exclude>
                                    <exclude>META-INF/NOTICE.txt</exclude>
                                    <exlude>overview.html</exlude>
                                </excludes>
                            </filter>
                        </filters>
                        <relocations>
                            <relocation>
                                <pattern>io.swagger</pattern>
                                <shadedPattern>com.docusign.shaded.io.swagger</shadedPattern>
                            </relocation>
                            <relocation>
                                <pattern>org.glassfish</pattern>
                                <shadedPattern>com.docusign.shaded.org.glassfish</shadedPattern>
                            </relocation>
                            <relocation>
                                <pattern>com.fasterxml</pattern>
                                <shadedPattern>com.docusign.shaded.com.fasterxml</shadedPattern>
                            </relocation>
                            <relocation>
                                <pattern>com.brsanthu</pattern>
                                <shadedPattern>com.docusign.shaded.com.brsanthu</shadedPattern>
                            </relocation>
                            <relocation>
                                <pattern>org.apache</pattern>
                                <shadedPattern>com.docusign.shaded.org.apache</shadedPattern>
                            </relocation>
                            <relocation>
                                <pattern>org.bouncycastle</pattern>
                                <shadedPattern>com.docusign.shaded.org.bouncycastle</shadedPattern>
                            </relocation>
                            <relocation>
                                <pattern>com.auth0</pattern>
                                <shadedPattern>com.docusign.shaded.com.auth0</shadedPattern>
                            </relocation>
                            <relocation>
                                <pattern>org.slf4j</pattern>
                                <shadedPattern>com.docusign.shaded.org.slf4j</shadedPattern>
                            </relocation>
                            <relocation>
                                <pattern>org.aopalliance</pattern>
                                <shadedPattern>com.docusign.shaded.org.aopalliance</shadedPattern>
                            </relocation>
                            <relocation>
                                <pattern>org.json</pattern>
                                <shadedPattern>com.docusign.shaded.org.json</shadedPattern>
                            </relocation>
                            <relocation>
                                <pattern>org.jvnet</pattern>
                                <shadedPattern>com.docusign.shaded.org.jvnet</shadedPattern>
                            </relocation>
                        </relocations>
                        <dependencyReducedPomLocation>target/reduced-pom.xml</dependencyReducedPomLocation>
                    </configuration>
                </execution>
            </executions>
        </plugin>
    </plugins>
</build>

[mmallis87]

The decision was to use uber jar. Here is how you can get 3.19.0 with Maven (similar syntax exits for Gradle and others):

<dependency>
  <groupId>com.docusign</groupId>
  <artifactId>docusign-esign-java</artifactId>
  <version>3.19.0</version>
  <classifier>shaded</classifier>
</dependency>

[davidsubskribe]

@mmallis87 I tried pulling 3.19.0 into our project as you suggested and my Maven build failed with the following error:

Security Invalid signature file digest for Manifest main attributes

I'm wondering if this error shows up for anyone else.

My suspicion is that manifest signature files under META-INF need to be excluded from shading, as can be found here.

[jacobbrokaw]

@davidsubskribe I also tried pulling in 3.19.0 as @mmallis87 suggested, but I received the same Maven build error. I am experimenting with excluding signature files as you mentioned.

Not sure if that's the best option to go with (according to an answer by MattW, but time will tell.

If anyone else finds an elegant solution for this, please do share it!