Fork me on GitHub

license:aggregate-download-licenses

Full name:

org.codehaus.mojo:license-maven-plugin:2.0.0:aggregate-download-licenses

Description:

Download the license files of all aggregated dependencies of the current project, and generate a summary file containing a list of all dependencies and their licenses.

The license files will be downloaded to AbstractDownloadLicensesMojo.licensesOutputDirectory to be included in the final packaging of the project if desired. The licenses are downloaded from the url field of the dependency POM.

If the license information (license name and license URL) is missing or otherwise broken in a dependency POM, this mojo offers several fallback options:

  • AbstractDownloadLicensesMojo.licensesConfigFile
  • AbstractDownloadLicensesMojo.errorRemedy
  • AbstractDownloadLicensesMojo.licenseUrlReplacements
  • AbstractDownloadLicensesMojo.licenseUrlFileNames
Created on 23/05/16.

Attributes:

  • Requires a Maven project to be executed.
  • Executes as an aggregator plugin.
  • Requires dependency resolution of artifacts in scope: test.
  • Since version: 1.10.
  • Binds by default to the lifecycle phase: package.

Optional Parameters

Name Type Since Description
<artifactFiltersUrl> String 1.18 A URL returning a plain text file that contains include/exclude artifact filters in the following format:

# this is a comment
include gaPattern org\.my-org:my-artifact
include gaPattern org\.other-org:other-artifact
exclude gaPattern org\.yet-anther-org:.*
include scope compile
include scope test
exclude scope system
include type jar
exclude type war


User property is: license.artifactFiltersUrl.
<cleanLicensesOutputDirectory> boolean 1.18 If true, the mojo will delete all files from licensesOutputDirectory and then download them all anew; otherwise the deletion before the download does not happen.

This may be useful if you have removed some dependencies and you want the stale license files to go away. cleanLicensesOutputDirectory = true is not implied by forceDownload because users may have other files there in licensesOutputDirectory that were not downloaded by the plugin.


Default value is: false.
User property is: license.cleanLicensesOutputDirectory.
<connectTimeout> int 1.18 Connect timeout in milliseconds passed to the HTTP client when downloading licenses from remote URLs.
Default value is: 5000.
User property is: license.connectTimeout.
<connectionRequestTimeout> int 1.18 Connect request timeout in milliseconds passed to the HTTP client when downloading licenses from remote URLs.
Default value is: 5000.
User property is: license.connectionRequestTimeout.
<errorRemedy> AbstractDownloadLicensesMojo$ErrorRemedy 1.18 What to do on any license download related error. The possible values are:
ErrorRemedy.ignore: all errors are ignored
ErrorRemedy.warn: all errors are output to the log as warnings
ErrorRemedy.failFast: a MojoFailureException is thrown on the first download related error
ErrorRemedy.xmlOutput: error messages are added as <downloaderMessages> to AbstractDownloadLicensesMojo.licensesErrorsFile; in case there are error messages, the build will fail after processing all dependencies

Default value is: warn.
User property is: license.errorRemedy.
<excludeTransitiveDependencies> boolean 1.13 Exclude transitive dependencies from excluded artifacts.
Default value is: false.
User property is: license.excludeTransitiveDependencies.
<excludedArtifacts> String 1.11 A filter to exclude some ArtifactsIds This is a regular expression applied to artifactIds.
User property is: license.excludedArtifacts.
<excludedGroups> String 1.11 A filter to exclude some GroupIds This is a regular expression that is applied to groupIds (not an ant pattern).
User property is: license.excludedGroups.
<excludedScopes> String 1.0 A filter to exclude some scopes.
Default value is: system.
User property is: license.excludedScopes.
<excludedTypes> String 1.15 A filter to exclude some types.
User property is: license.excludedTypes.
<executeOnlyOnRootModule> boolean 1.10 To generate report only on root module. Default value is true, since aggregate mojo should only be executed on root module.
Default value is: true.
User property is: license.executeOnlyOnRootModule.
Alias is: aggregateDownloadLicenses.executeOnlyOnRootModule.
<forceDownload> boolean 1.18 If true, all encountered dependency license URLs are downloaded, no matter what is there in licensesConfigFile and licensesOutputFile; otherwise licensesConfigFile, licensesOutputFile (eventually persisted from a previous build) and the content of licensesOutputDirectory are considered sources of valid information - i.e. only URLs that do not appear to have been downloaded in the past will be downloaded. If your licensesOutputDirectory contains only license files downloaded by this plugin, you may consider combining forceDownload with setting cleanLicensesOutputDirectory true
Default value is: false.
User property is: license.forceDownload.
<includeOptional> boolean 1.19 If true both optional and non-optional dependencies will be included in the list of artifacts for creating the license report; otherwise only non-optional dependencies will be considered.
Default value is: true.
User property is: license.includeOptional.
<includeTransitiveDependencies> boolean 1.0 Include transitive dependencies when downloading license files.
Default value is: true.
<includedArtifacts> String 1.11 A filter to include only some ArtifactsIds This is a regular expression applied to artifactIds.
User property is: license.includedArtifacts.
<includedGroups> String 1.11 A filter to include only some GroupIds This is a regular expression applied to artifactIds.
User property is: license.includedGroups.
<includedScopes> String 1.0 A filter to include only some scopes, if let empty then all scopes will be used (no filter).
User property is: license.includedScopes.
<includedTypes> String 1.15 A filter to include only some types, if let empty then all types will be used (no filter).
User property is: license.includedTypes.
<licenseContentSanitizers> List 1.20 A list of sanitizers to process the content of license files before storing them locally and before computing their sha1 sums. Useful for removing parts of the content that change over time.

The content sanitizers are applied in alphabetical order by id.

Set useDefaultContentSanitizers to true to apply the built-in content sanitizers.

An example:


<licenseContentSanitizers>
  <licenseContentSanitizer>
    <id>fedoraproject.org-0</id>
    <urlRegexp>.*fedoraproject\\.org.*</urlRegexp><!-- Apply this sanitizer to URLs that contain fedora.org -->
    <contentRegexp>\"wgRequestId\":\"[^\"]*\"</contentRegexp><!-- wgRequestId value changes with every -->
                                                             <!-- request so we just remove it -->
    <contentReplacement>\"wgRequestId\":\"\"</contentReplacement>
  </licenseContentSanitizer>
  <licenseContentSanitizer>
    <id>opensource.org-0</id>
    <urlRegexp>.*opensource\\.org.*</urlRegexp><!-- Apply this sanitizer to URLs that contain opensource.org -->
    <contentRegexp>jQuery\\.extend\\(Drupal\\.settings[^\\n]+</contentRegexp><!-- Drupal\\.settings contain -->
                                                                             <!-- some clutter that changes -->
                                                                             <!-- often so we just remove it -->
    <contentReplacement></contentReplacement>
  </licenseContentSanitizer>
</licenseContentSanitizers>


User property is: license.licenseContentSanitizers.
<licenseUrlFileNameSanitizers> List 1.18 A list of regexp:replacement pairs that should be applied to file names for storing licenses.

Note that these patterns are not applied to file names defined in licenseUrlFileNames.


<licenseUrlFileNames> Map 1.18 A map that helps to select local files names for the content downloaded from license URLs.

Keys in the map are the local file names. These files will be created under licensesOutputDirectory.

Values are white space (" \t\n\r") separated lists of regular expressions that will be used to match license URLs. The regular expressions are compiled using Pattern.CASE_INSENSITIVE. Note that various characters that commonly occur in URLs have special meanings in regular extensions. Therefore, consider using regex quoting as described in Pattern - e.g. http://example\.com or \Qhttp://example.com\E

In addition to URL patterns, the list can optionally contain a sha1 checksum of the expected content. This is to ensure that the content delivered by a URL does not change without notice. Note that strict checking of the checksum happens only when forceDownload is true. Otherwise the mojo assumes that the URL -> local name mapping is correct and downloads from the URL only if the local file does not exist.

A special value-less entry <spdx/> can be used to activate built-in license names that are based on license IDs from https://spdx.org/licenses. The built-in SPDX mappings can be overridden by the subsequent entries. To see which SPDX mappings are built-in, add the <spdx/> entry and run the mojo with debug log level, e.g. using -X or {-Dorg.slf4j.simpleLogger.log.org.codehaus.mojo.license=debug} on the command line.

An example:


<licenseUrlFileNames>
  <spdx/><!-- A special element to activate built-in file name entries based on spdx.org license IDs -->
  <bsd-antlr.html>
      sha1:81ffbd1712afe8cdf138b570c0fc9934742c33c1
      https?://(www\.)?antlr\.org/license\.html
  </bsd-antlr.html>
  <cddl-gplv2-ce.txt>
      sha1:534a3fc9ae1076409bb00d01127dbba1e2620e92
      \Qhttps://raw.githubusercontent.com/javaee/activation/master/LICENSE.txt\E
  </cddl-gplv2-ce.txt>
</licenseUrlFileNames>

Relationship to other parameters:

  • License names and license URLs licensesConfigFile is applied before licenseUrlReplacements
  • licenseUrlReplacements are applied before licenseUrlFileNames
  • licenseUrlFileNames have higher precedence than <file> elements in licensesConfigFile
  • licenseUrlFileNames are ignored when organizeLicensesByDependencies is true

<licenseUrlReplacements> List 1.17 List of regexps/replacements applied to the license urls prior to download.

License urls that match a regular expression will be replaced by the corresponding replacement. Replacement is performed with java.util.regex.Matcher#replaceAll(String) so you can take advantage of capturing groups to facilitate flexible transformations.

If the replacement element is omitted, this is equivalent to an empty replacement string.

The replacements are applied in the same order as they are present in the configuration. The default replacements (that can be activated via useDefaultUrlReplacements) are appended to licenseUrlReplacements

The id field of LicenseUrlReplacement is optional and is useful only if you want to override some of the default replacements.


<licenseUrlReplacements>
  <licenseUrlReplacement>
    <regexp>\Qhttps://glassfish.java.net/public/CDDL+GPL_1_1.html\E</regexp>
    <replacement>https://oss.oracle.com/licenses/CDDL+GPL-1.1</replacement>
  </licenseUrlReplacement>
  <licenseUrlReplacement>
    <regexp>https://(.*)</regexp><!-- replace https with http -->
    <replacement>http://$1</replacement>
  </licenseUrlReplacement>
  <licenseUrlReplacement>
    <id>github.com-0</id><!-- An optional id to override the default replacement with the same id -->
    <regexp>^https?://github\.com/([^/]+)/([^/]+)/blob/(.*)$</regexp><!-- replace GitHub web UI with raw -->
    <replacement>https://raw.githubusercontent.com/$1/$2/$3</replacement>
  </licenseUrlReplacement>
</licenseUrlReplacements>

Relationship to other parameters:

  • Default URL replacements can be unlocked by setting useDefaultUrlReplacements to true.
  • License names and license URLs licensesConfigFile is applied before licenseUrlReplacements
  • licenseUrlReplacements are applied before licenseUrlFileNames
  • licenseUrlFileNames have higher precedence than <file> elements in licensesConfigFile
  • licenseUrlFileNames are ignored when organizeLicensesByDependencies is true

<licensesConfigFile> File 1.0 A file containing the license data (most notably license names and license URLs) missing in pom.xml files of the dependencies.

Note that since 1.18, if you set errorRemedy to xmlOutput the format of licensesErrorsFile is the same as the one of licensesConfigFile. So you can use licensesErrorsFile as a base for licensesConfigFile.

Since 1.18, the format of the file is as follows:


<licenseSummary>
  <dependencies>
    <dependency>
      <groupId>\Qaopalliance\E</groupId><!-- A regular expression -->
      <artifactId>\Qaopalliance\E</artifactId><!-- A regular expression -->
      <!-- <version>.*</version> A version pattern is optional, .* being the default.
      <matchLicenses>
        <!-- Match a list of licenses with a single entry having name "Public Domain" -->
        <license>
          <name>\QPublic Domain\E</name><!-- A regular expression -->
        </license>
      </matchLicenses>
      <licenses approved="true" /><!-- Leave the matched dependency as is. -->
                                  <!-- In this particular case we approve that code in the Public -->
                                  <!-- Domain does not need any license URL. -->
    </dependency>
    <dependency>
        <groupId>\Qasm\E</groupId>
      <artifactId>\Qasm\E</artifactId>
      <matchLicenses>
        <!-- Match an empty list of licenses -->
      </matchLicenses>
      <!-- Replace the list of licenses in all matching dependencies with the following licenses -->
      <licenses>
        <license>
          <name>BSD 3-Clause ASM</name>
          <url>https://gitlab.ow2.org/asm/asm/raw/ASM_3_1_MVN/LICENSE.txt</url>
        </license>
      </licenses>
    </dependency>
    <dependency>
      <groupId>\Qca.uhn.hapi\E</groupId>
      <artifactId>.*</artifactId>
      <matchLicenses>
        <!-- Match a list of licenses with the following three entries in order: -->
        <license>
          <name>\QHAPI is dual licensed (MPL, GPL)\E</name>
          <comments>\QHAPI is dual licensed under both the Mozilla Public License and the GNU General Public License.\E\s+\QWhat this means is that you may choose to use HAPI under the terms of either license.\E\s+\QYou are both permitted and encouraged to use HAPI, royalty-free, within your applications,\E\s+\Qwhether they are free/open-source or commercial/closed-source, provided you abide by the\E\s+\Qterms of one of the licenses below.\E\s+\QYou are under no obligations to inform the HAPI project about what you are doing with\E\s+\QHAPI, but we would love to hear about it anyway!\E</comments>
        </license>
        <license>
          <name>\QMozilla Public License 1.1\E</name>
          <url>\Qhttp://www.mozilla.org/MPL/MPL-1.1.txt\E</url>
          <file>\Qmozilla public license 1.1 - index.0c5913925d40.txt\E</file>
        </license>
        <license>
          <name>\QGNU General Public License\E</name>
          <url>\Qhttp://www.gnu.org/licenses/gpl.txt\E</url>
          <file>\Qgnu general public license - gpl.txt\E</file>
        </license>
      </matchLicenses>
      <licenses approved="true" /><!-- It is OK that the first entry has no URL -->
    </dependency>
  </dependencies>
</licenseSummary>

Before 1.18 the format was the same as the one of licensesOutputFile and the groupIds and artifactIds were matched as plain text rather than regular expressions. No other elements (incl. versions) were matched at all. Since 1.18 the backwards compatibility is achieved by falling back to plain text matching of groupIds and artifactIds if the given <dependency> does not contain the <matchLicenses> element.

Relationship to other parameters:

  • License names and license URLs licensesConfigFile is applied before licenseUrlReplacements
  • licenseUrlReplacements are applied before licenseUrlFileNames
  • licenseUrlFileNames have higher precedence than <file> elements in licensesConfigFile
  • licenseUrlFileNames are ignored when organizeLicensesByDependencies is true

Default value is: ${project.basedir}/src/license/licenses.xml.
User property is: licensesConfigFile.
<licensesErrorsFile> File 1.18 A file containing dependencies whose licenses could not be downloaded for some reason. The format is similar to licensesOutputFile but the entries in licensesErrorsFile have <downloaderMessage> elements attached to them. Those should explain what kind of error happened during the processing of the given dependency.
Default value is: ${project.build.directory}/generated-resources/licenses-errors.xml.
User property is: license.licensesErrorsFile.
<licensesOutputDirectory> File 1.0 The directory to which the dependency licenses should be written.
Default value is: ${project.build.directory}/generated-resources/licenses.
User property is: licensesOutputDirectory.
<licensesOutputFile> File 1.0 The output file containing a mapping between each dependency and it's license information.
Default value is: ${project.build.directory}/generated-resources/licenses.xml.
User property is: licensesOutputFile.
<licensesOutputFileEncoding> String 1.17 Encoding used to (1) read the file specified in licensesConfigFile and (2) write the file specified in licensesOutputFile.
Default value is: ${project.build.sourceEncoding}.
User property is: licensesOutputFileEncoding.
<licensesOutputFileEol> Eol 1.17 An end of line constant name denoting the EOL string to use when redering the licenses.xml file. Possible values are LF, CRLF, AUTODETECT and PLATFORM.

When the value AUTODETECT is used, the mojo will use whatever EOL value is used in the first existing of the following files: licensesConfigFile, ${basedir}/pom.xml.

The value PLATFORM is deprecated but still kept for backwards compatibility reasons.


Default value is: AUTODETECT.
User property is: licensesOutputFileEol.
<offline> boolean 1.0 Settings offline flag (will not download anything if setted to true).
Default value is: ${settings.offline}.
<organizeLicensesByDependencies> boolean 1.9 A flag to organize the licenses by dependencies. When this is done, each dependency will get its full license file, even if already downloaded for another dependency.
Default value is: false.
User property is: license.organizeLicensesByDependencies.
<quiet> boolean 1.0 Deprecated. Use errorRemedy instead
Default value is: false.
<removeOrphanLicenseFiles> boolean 1.19 If true the files referenced from AbstractLicensesXmlMojo.licensesOutputFile before executing the mojo but not referenced from AbstractLicensesXmlMojo.licensesOutputFile after executing the mojo will be deleted; otherwise neither before:after diffing nor any file deletions will happen.

Compared to cleanLicensesOutputDirectory that removes all files from licensesOutputDirectory before downloading all licenses anew, the removeOrphanLicenseFiles removes only files that are certainly not needed anymore, e.g. due to a removal of a dependency. removeOrphanLicenseFiles thus allows to avoid downloading the license files of dependencies that were downloaded in the past and are still available in licensesOutputDirectory.


Default value is: true.
User property is: license.removeOrphanLicenseFiles.
<skipAggregateDownloadLicenses> boolean 1.10 Skip to generate the report.
Default value is: false.
User property is: license.skipAggregateDownloadLicenses.
<socketTimeout> int 1.18 Socket timeout in milliseconds passed to the HTTP client when downloading licenses from remote URLs.
Default value is: 5000.
User property is: license.socketTimeout.
<sortByGroupIdAndArtifactId> boolean 1.10 (no description)
Default value is: false.
User property is: license.sortByGroupIdAndArtifactId.
<useDefaultContentSanitizers> boolean 1.20 If true the default content sanitizers will be added to the internal Map of sanitizes before adding licenseContentSanitizers by their id; otherwise the default content sanitizers will not be added to the internal Map of sanitizes.

Any individual content sanitizer from the set of default sanitizers can be overriden via licenseContentSanitizers if the same id is used in licenseContentSanitizers.

To view the list of default content sanitizers, set useDefaultContentSanitizers to true and run the mojo with debug log level, e.g. using -X or {-Dorg.slf4j.simpleLogger.log.org.codehaus.mojo.license=debug} on the command line.


Default value is: false.
User property is: license.useDefaultContentSanitizers.
<useDefaultUrlReplacements> boolean 1.20 If true the default license URL replacements be added to the internal Map of URL replacements before adding licenseUrlReplacements by their id; otherwise the default license URL replacements will not be added to the internal Map of URL replacements.

Any individual URL replacement from the set of default URL replacements can be overriden via licenseUrlReplacements if the same id is used in licenseUrlReplacements.

To view the list of default URL replacements, set useDefaultUrlReplacements to true and run the mojo with debug log level, e.g. using -X or {-Dorg.slf4j.simpleLogger.log.org.codehaus.mojo.license=debug} on the command line.


Default value is: false.
User property is: license.useDefaultUrlReplacements.
<writeVersions> boolean 1.18 If true, licensesOutputFile and licensesErrorsFile will contain <version> elements for each <dependency>; otherwise the <version> licensesOutputFile and licensesErrorsFile elements will not be appended under <dependency> elements in Might be useful if you want to keep the licensesOutputFile under source control and you do not want to see the changing dependency versions there.
Default value is: true.
User property is: license.writeVersions.

Parameter Details

<artifactFiltersUrl>

A URL returning a plain text file that contains include/exclude artifact filters in the following format:

# this is a comment
include gaPattern org\.my-org:my-artifact
include gaPattern org\.other-org:other-artifact
exclude gaPattern org\.yet-anther-org:.*
include scope compile
include scope test
exclude scope system
include type jar
exclude type war

  • Type: java.lang.String
  • Since: 1.18
  • Required: No
  • User Property: license.artifactFiltersUrl

<cleanLicensesOutputDirectory>

If true, the mojo will delete all files from licensesOutputDirectory and then download them all anew; otherwise the deletion before the download does not happen.

This may be useful if you have removed some dependencies and you want the stale license files to go away. cleanLicensesOutputDirectory = true is not implied by forceDownload because users may have other files there in licensesOutputDirectory that were not downloaded by the plugin.

  • Type: boolean
  • Since: 1.18
  • Required: No
  • User Property: license.cleanLicensesOutputDirectory
  • Default: false

<connectTimeout>

Connect timeout in milliseconds passed to the HTTP client when downloading licenses from remote URLs.
  • Type: int
  • Since: 1.18
  • Required: No
  • User Property: license.connectTimeout
  • Default: 5000

<connectionRequestTimeout>

Connect request timeout in milliseconds passed to the HTTP client when downloading licenses from remote URLs.
  • Type: int
  • Since: 1.18
  • Required: No
  • User Property: license.connectionRequestTimeout
  • Default: 5000

<errorRemedy>

What to do on any license download related error. The possible values are:
ErrorRemedy.ignore: all errors are ignored
ErrorRemedy.warn: all errors are output to the log as warnings
ErrorRemedy.failFast: a MojoFailureException is thrown on the first download related error
ErrorRemedy.xmlOutput: error messages are added as <downloaderMessages> to AbstractDownloadLicensesMojo.licensesErrorsFile; in case there are error messages, the build will fail after processing all dependencies
  • Type: org.codehaus.mojo.license.AbstractDownloadLicensesMojo$ErrorRemedy
  • Since: 1.18
  • Required: No
  • User Property: license.errorRemedy
  • Default: warn

<excludeTransitiveDependencies>

Exclude transitive dependencies from excluded artifacts.
  • Type: boolean
  • Since: 1.13
  • Required: No
  • User Property: license.excludeTransitiveDependencies
  • Default: false

<excludedArtifacts>

A filter to exclude some ArtifactsIds This is a regular expression applied to artifactIds.
  • Type: java.lang.String
  • Since: 1.11
  • Required: No
  • User Property: license.excludedArtifacts

<excludedGroups>

A filter to exclude some GroupIds This is a regular expression that is applied to groupIds (not an ant pattern).
  • Type: java.lang.String
  • Since: 1.11
  • Required: No
  • User Property: license.excludedGroups

<excludedScopes>

A filter to exclude some scopes.
  • Type: java.lang.String
  • Since: 1.0
  • Required: No
  • User Property: license.excludedScopes
  • Default: system

<excludedTypes>

A filter to exclude some types.
  • Type: java.lang.String
  • Since: 1.15
  • Required: No
  • User Property: license.excludedTypes

<executeOnlyOnRootModule>

To generate report only on root module. Default value is true, since aggregate mojo should only be executed on root module.
  • Type: boolean
  • Since: 1.10
  • Required: No
  • User Property: license.executeOnlyOnRootModule
  • Default: true
  • Alias: aggregateDownloadLicenses.executeOnlyOnRootModule

<forceDownload>

If true, all encountered dependency license URLs are downloaded, no matter what is there in licensesConfigFile and licensesOutputFile; otherwise licensesConfigFile, licensesOutputFile (eventually persisted from a previous build) and the content of licensesOutputDirectory are considered sources of valid information - i.e. only URLs that do not appear to have been downloaded in the past will be downloaded. If your licensesOutputDirectory contains only license files downloaded by this plugin, you may consider combining forceDownload with setting cleanLicensesOutputDirectory true
  • Type: boolean
  • Since: 1.18
  • Required: No
  • User Property: license.forceDownload
  • Default: false

<includeOptional>

If true both optional and non-optional dependencies will be included in the list of artifacts for creating the license report; otherwise only non-optional dependencies will be considered.
  • Type: boolean
  • Since: 1.19
  • Required: No
  • User Property: license.includeOptional
  • Default: true

<includeTransitiveDependencies>

Include transitive dependencies when downloading license files.
  • Type: boolean
  • Since: 1.0
  • Required: No
  • Default: true

<includedArtifacts>

A filter to include only some ArtifactsIds This is a regular expression applied to artifactIds.
  • Type: java.lang.String
  • Since: 1.11
  • Required: No
  • User Property: license.includedArtifacts

<includedGroups>

A filter to include only some GroupIds This is a regular expression applied to artifactIds.
  • Type: java.lang.String
  • Since: 1.11
  • Required: No
  • User Property: license.includedGroups

<includedScopes>

A filter to include only some scopes, if let empty then all scopes will be used (no filter).
  • Type: java.lang.String
  • Since: 1.0
  • Required: No
  • User Property: license.includedScopes

<includedTypes>

A filter to include only some types, if let empty then all types will be used (no filter).
  • Type: java.lang.String
  • Since: 1.15
  • Required: No
  • User Property: license.includedTypes

<licenseContentSanitizers>

A list of sanitizers to process the content of license files before storing them locally and before computing their sha1 sums. Useful for removing parts of the content that change over time.

The content sanitizers are applied in alphabetical order by id.

Set useDefaultContentSanitizers to true to apply the built-in content sanitizers.

An example:


<licenseContentSanitizers>
  <licenseContentSanitizer>
    <id>fedoraproject.org-0</id>
    <urlRegexp>.*fedoraproject\\.org.*</urlRegexp><!-- Apply this sanitizer to URLs that contain fedora.org -->
    <contentRegexp>\"wgRequestId\":\"[^\"]*\"</contentRegexp><!-- wgRequestId value changes with every -->
                                                             <!-- request so we just remove it -->
    <contentReplacement>\"wgRequestId\":\"\"</contentReplacement>
  </licenseContentSanitizer>
  <licenseContentSanitizer>
    <id>opensource.org-0</id>
    <urlRegexp>.*opensource\\.org.*</urlRegexp><!-- Apply this sanitizer to URLs that contain opensource.org -->
    <contentRegexp>jQuery\\.extend\\(Drupal\\.settings[^\\n]+</contentRegexp><!-- Drupal\\.settings contain -->
                                                                             <!-- some clutter that changes -->
                                                                             <!-- often so we just remove it -->
    <contentReplacement></contentReplacement>
  </licenseContentSanitizer>
</licenseContentSanitizers>

  • Type: java.util.List
  • Since: 1.20
  • Required: No
  • User Property: license.licenseContentSanitizers

<licenseUrlFileNameSanitizers>

A list of regexp:replacement pairs that should be applied to file names for storing licenses.

Note that these patterns are not applied to file names defined in licenseUrlFileNames.

  • Type: java.util.List
  • Since: 1.18
  • Required: No

<licenseUrlFileNames>

A map that helps to select local files names for the content downloaded from license URLs.

Keys in the map are the local file names. These files will be created under licensesOutputDirectory.

Values are white space (" \t\n\r") separated lists of regular expressions that will be used to match license URLs. The regular expressions are compiled using Pattern.CASE_INSENSITIVE. Note that various characters that commonly occur in URLs have special meanings in regular extensions. Therefore, consider using regex quoting as described in Pattern - e.g. http://example\.com or \Qhttp://example.com\E

In addition to URL patterns, the list can optionally contain a sha1 checksum of the expected content. This is to ensure that the content delivered by a URL does not change without notice. Note that strict checking of the checksum happens only when forceDownload is true. Otherwise the mojo assumes that the URL -> local name mapping is correct and downloads from the URL only if the local file does not exist.

A special value-less entry <spdx/> can be used to activate built-in license names that are based on license IDs from https://spdx.org/licenses. The built-in SPDX mappings can be overridden by the subsequent entries. To see which SPDX mappings are built-in, add the <spdx/> entry and run the mojo with debug log level, e.g. using -X or {-Dorg.slf4j.simpleLogger.log.org.codehaus.mojo.license=debug} on the command line.

An example:


<licenseUrlFileNames>
  <spdx/><!-- A special element to activate built-in file name entries based on spdx.org license IDs -->
  <bsd-antlr.html>
      sha1:81ffbd1712afe8cdf138b570c0fc9934742c33c1
      https?://(www\.)?antlr\.org/license\.html
  </bsd-antlr.html>
  <cddl-gplv2-ce.txt>
      sha1:534a3fc9ae1076409bb00d01127dbba1e2620e92
      \Qhttps://raw.githubusercontent.com/javaee/activation/master/LICENSE.txt\E
  </cddl-gplv2-ce.txt>
</licenseUrlFileNames>

Relationship to other parameters:

  • License names and license URLs licensesConfigFile is applied before licenseUrlReplacements
  • licenseUrlReplacements are applied before licenseUrlFileNames
  • licenseUrlFileNames have higher precedence than <file> elements in licensesConfigFile
  • licenseUrlFileNames are ignored when organizeLicensesByDependencies is true
  • Type: java.util.Map
  • Since: 1.18
  • Required: No

<licenseUrlReplacements>

List of regexps/replacements applied to the license urls prior to download.

License urls that match a regular expression will be replaced by the corresponding replacement. Replacement is performed with java.util.regex.Matcher#replaceAll(String) so you can take advantage of capturing groups to facilitate flexible transformations.

If the replacement element is omitted, this is equivalent to an empty replacement string.

The replacements are applied in the same order as they are present in the configuration. The default replacements (that can be activated via useDefaultUrlReplacements) are appended to licenseUrlReplacements

The id field of LicenseUrlReplacement is optional and is useful only if you want to override some of the default replacements.


<licenseUrlReplacements>
  <licenseUrlReplacement>
    <regexp>\Qhttps://glassfish.java.net/public/CDDL+GPL_1_1.html\E</regexp>
    <replacement>https://oss.oracle.com/licenses/CDDL+GPL-1.1</replacement>
  </licenseUrlReplacement>
  <licenseUrlReplacement>
    <regexp>https://(.*)</regexp><!-- replace https with http -->
    <replacement>http://$1</replacement>
  </licenseUrlReplacement>
  <licenseUrlReplacement>
    <id>github.com-0</id><!-- An optional id to override the default replacement with the same id -->
    <regexp>^https?://github\.com/([^/]+)/([^/]+)/blob/(.*)$</regexp><!-- replace GitHub web UI with raw -->
    <replacement>https://raw.githubusercontent.com/$1/$2/$3</replacement>
  </licenseUrlReplacement>
</licenseUrlReplacements>

Relationship to other parameters:

  • Default URL replacements can be unlocked by setting useDefaultUrlReplacements to true.
  • License names and license URLs licensesConfigFile is applied before licenseUrlReplacements
  • licenseUrlReplacements are applied before licenseUrlFileNames
  • licenseUrlFileNames have higher precedence than <file> elements in licensesConfigFile
  • licenseUrlFileNames are ignored when organizeLicensesByDependencies is true
  • Type: java.util.List
  • Since: 1.17
  • Required: No

<licensesConfigFile>

A file containing the license data (most notably license names and license URLs) missing in pom.xml files of the dependencies.

Note that since 1.18, if you set errorRemedy to xmlOutput the format of licensesErrorsFile is the same as the one of licensesConfigFile. So you can use licensesErrorsFile as a base for licensesConfigFile.

Since 1.18, the format of the file is as follows:


<licenseSummary>
  <dependencies>
    <dependency>
      <groupId>\Qaopalliance\E</groupId><!-- A regular expression -->
      <artifactId>\Qaopalliance\E</artifactId><!-- A regular expression -->
      <!-- <version>.*</version> A version pattern is optional, .* being the default.
      <matchLicenses>
        <!-- Match a list of licenses with a single entry having name "Public Domain" -->
        <license>
          <name>\QPublic Domain\E</name><!-- A regular expression -->
        </license>
      </matchLicenses>
      <licenses approved="true" /><!-- Leave the matched dependency as is. -->
                                  <!-- In this particular case we approve that code in the Public -->
                                  <!-- Domain does not need any license URL. -->
    </dependency>
    <dependency>
        <groupId>\Qasm\E</groupId>
      <artifactId>\Qasm\E</artifactId>
      <matchLicenses>
        <!-- Match an empty list of licenses -->
      </matchLicenses>
      <!-- Replace the list of licenses in all matching dependencies with the following licenses -->
      <licenses>
        <license>
          <name>BSD 3-Clause ASM</name>
          <url>https://gitlab.ow2.org/asm/asm/raw/ASM_3_1_MVN/LICENSE.txt</url>
        </license>
      </licenses>
    </dependency>
    <dependency>
      <groupId>\Qca.uhn.hapi\E</groupId>
      <artifactId>.*</artifactId>
      <matchLicenses>
        <!-- Match a list of licenses with the following three entries in order: -->
        <license>
          <name>\QHAPI is dual licensed (MPL, GPL)\E</name>
          <comments>\QHAPI is dual licensed under both the Mozilla Public License and the GNU General Public License.\E\s+\QWhat this means is that you may choose to use HAPI under the terms of either license.\E\s+\QYou are both permitted and encouraged to use HAPI, royalty-free, within your applications,\E\s+\Qwhether they are free/open-source or commercial/closed-source, provided you abide by the\E\s+\Qterms of one of the licenses below.\E\s+\QYou are under no obligations to inform the HAPI project about what you are doing with\E\s+\QHAPI, but we would love to hear about it anyway!\E</comments>
        </license>
        <license>
          <name>\QMozilla Public License 1.1\E</name>
          <url>\Qhttp://www.mozilla.org/MPL/MPL-1.1.txt\E</url>
          <file>\Qmozilla public license 1.1 - index.0c5913925d40.txt\E</file>
        </license>
        <license>
          <name>\QGNU General Public License\E</name>
          <url>\Qhttp://www.gnu.org/licenses/gpl.txt\E</url>
          <file>\Qgnu general public license - gpl.txt\E</file>
        </license>
      </matchLicenses>
      <licenses approved="true" /><!-- It is OK that the first entry has no URL -->
    </dependency>
  </dependencies>
</licenseSummary>

Before 1.18 the format was the same as the one of licensesOutputFile and the groupIds and artifactIds were matched as plain text rather than regular expressions. No other elements (incl. versions) were matched at all. Since 1.18 the backwards compatibility is achieved by falling back to plain text matching of groupIds and artifactIds if the given <dependency> does not contain the <matchLicenses> element.

Relationship to other parameters:

  • License names and license URLs licensesConfigFile is applied before licenseUrlReplacements
  • licenseUrlReplacements are applied before licenseUrlFileNames
  • licenseUrlFileNames have higher precedence than <file> elements in licensesConfigFile
  • licenseUrlFileNames are ignored when organizeLicensesByDependencies is true
  • Type: java.io.File
  • Since: 1.0
  • Required: No
  • User Property: licensesConfigFile
  • Default: ${project.basedir}/src/license/licenses.xml

<licensesErrorsFile>

A file containing dependencies whose licenses could not be downloaded for some reason. The format is similar to licensesOutputFile but the entries in licensesErrorsFile have <downloaderMessage> elements attached to them. Those should explain what kind of error happened during the processing of the given dependency.
  • Type: java.io.File
  • Since: 1.18
  • Required: No
  • User Property: license.licensesErrorsFile
  • Default: ${project.build.directory}/generated-resources/licenses-errors.xml

<licensesOutputDirectory>

The directory to which the dependency licenses should be written.
  • Type: java.io.File
  • Since: 1.0
  • Required: No
  • User Property: licensesOutputDirectory
  • Default: ${project.build.directory}/generated-resources/licenses

<licensesOutputFile>

The output file containing a mapping between each dependency and it's license information.
  • Type: java.io.File
  • Since: 1.0
  • Required: No
  • User Property: licensesOutputFile
  • Default: ${project.build.directory}/generated-resources/licenses.xml

<licensesOutputFileEncoding>

Encoding used to (1) read the file specified in licensesConfigFile and (2) write the file specified in licensesOutputFile.
  • Type: java.lang.String
  • Since: 1.17
  • Required: No
  • User Property: licensesOutputFileEncoding
  • Default: ${project.build.sourceEncoding}

<licensesOutputFileEol>

An end of line constant name denoting the EOL string to use when redering the licenses.xml file. Possible values are LF, CRLF, AUTODETECT and PLATFORM.

When the value AUTODETECT is used, the mojo will use whatever EOL value is used in the first existing of the following files: licensesConfigFile, ${basedir}/pom.xml.

The value PLATFORM is deprecated but still kept for backwards compatibility reasons.

  • Type: org.codehaus.mojo.license.Eol
  • Since: 1.17
  • Required: No
  • User Property: licensesOutputFileEol
  • Default: AUTODETECT

<offline>

Settings offline flag (will not download anything if setted to true).
  • Type: boolean
  • Since: 1.0
  • Required: No
  • Default: ${settings.offline}

<organizeLicensesByDependencies>

A flag to organize the licenses by dependencies. When this is done, each dependency will get its full license file, even if already downloaded for another dependency.
  • Type: boolean
  • Since: 1.9
  • Required: No
  • User Property: license.organizeLicensesByDependencies
  • Default: false

<quiet>

Deprecated. Use errorRemedy instead
Before 1.18, quiet having value false suppressed any license download related warnings in the log. After 1.18 (incl.), the behavior depends on the value of errorRemedy:
quiet errorRemedy effective errorRemedy
true warn ignore
false warn warn
true or false ignore ignore
true or false failFast failFast
true or false xmlOutput xmlOutput
  • Type: boolean
  • Since: 1.0
  • Required: No
  • Default: false

<removeOrphanLicenseFiles>

If true the files referenced from AbstractLicensesXmlMojo.licensesOutputFile before executing the mojo but not referenced from AbstractLicensesXmlMojo.licensesOutputFile after executing the mojo will be deleted; otherwise neither before:after diffing nor any file deletions will happen.

Compared to cleanLicensesOutputDirectory that removes all files from licensesOutputDirectory before downloading all licenses anew, the removeOrphanLicenseFiles removes only files that are certainly not needed anymore, e.g. due to a removal of a dependency. removeOrphanLicenseFiles thus allows to avoid downloading the license files of dependencies that were downloaded in the past and are still available in licensesOutputDirectory.

  • Type: boolean
  • Since: 1.19
  • Required: No
  • User Property: license.removeOrphanLicenseFiles
  • Default: true

<skipAggregateDownloadLicenses>

Skip to generate the report.
  • Type: boolean
  • Since: 1.10
  • Required: No
  • User Property: license.skipAggregateDownloadLicenses
  • Default: false

<socketTimeout>

Socket timeout in milliseconds passed to the HTTP client when downloading licenses from remote URLs.
  • Type: int
  • Since: 1.18
  • Required: No
  • User Property: license.socketTimeout
  • Default: 5000

<sortByGroupIdAndArtifactId>

(no description)
  • Type: boolean
  • Since: 1.10
  • Required: No
  • User Property: license.sortByGroupIdAndArtifactId
  • Default: false

<useDefaultContentSanitizers>

If true the default content sanitizers will be added to the internal Map of sanitizes before adding licenseContentSanitizers by their id; otherwise the default content sanitizers will not be added to the internal Map of sanitizes.

Any individual content sanitizer from the set of default sanitizers can be overriden via licenseContentSanitizers if the same id is used in licenseContentSanitizers.

To view the list of default content sanitizers, set useDefaultContentSanitizers to true and run the mojo with debug log level, e.g. using -X or {-Dorg.slf4j.simpleLogger.log.org.codehaus.mojo.license=debug} on the command line.

  • Type: boolean
  • Since: 1.20
  • Required: No
  • User Property: license.useDefaultContentSanitizers
  • Default: false

<useDefaultUrlReplacements>

If true the default license URL replacements be added to the internal Map of URL replacements before adding licenseUrlReplacements by their id; otherwise the default license URL replacements will not be added to the internal Map of URL replacements.

Any individual URL replacement from the set of default URL replacements can be overriden via licenseUrlReplacements if the same id is used in licenseUrlReplacements.

To view the list of default URL replacements, set useDefaultUrlReplacements to true and run the mojo with debug log level, e.g. using -X or {-Dorg.slf4j.simpleLogger.log.org.codehaus.mojo.license=debug} on the command line.

  • Type: boolean
  • Since: 1.20
  • Required: No
  • User Property: license.useDefaultUrlReplacements
  • Default: false

<writeVersions>

If true, licensesOutputFile and licensesErrorsFile will contain <version> elements for each <dependency>; otherwise the <version> licensesOutputFile and licensesErrorsFile elements will not be appended under <dependency> elements in Might be useful if you want to keep the licensesOutputFile under source control and you do not want to see the changing dependency versions there.
  • Type: boolean
  • Since: 1.18
  • Required: No
  • User Property: license.writeVersions
  • Default: true