Retain javax.xml.bind:jaxb-api when jackson-module-jaxb-annotations is present#987
Merged
Retain javax.xml.bind:jaxb-api when jackson-module-jaxb-annotations is present#987
Conversation
…s present When migrating from javax.xml.bind to jakarta.xml.bind 3.0+, the ChangeDependency recipe replaces javax.xml.bind:jaxb-api entirely. However, jackson-module-jaxb-annotations still depends on the javax.xml.bind namespace at runtime through its transitive dependency on jakarta.xml.bind:jakarta.xml.bind-api:2.3.x (the bridge version). When version resolution upgrades to 3.0.x+, the javax.xml.bind classes disappear, causing NoClassDefFoundError. This adds a RetainJaxbApiForJackson recipe that re-adds javax.xml.bind:jaxb-api as a runtime dependency when jackson-module-jaxb-annotations is detected on the classpath, for both Gradle and Maven projects. Fixes #504
timtebeek
reviewed
Feb 17, 2026
...est/java/org/openrewrite/java/migrate/jakarta/JavaxXmlBindMigrationToJakartaXmlBindTest.java
Outdated
Show resolved
Hide resolved
timtebeek
reviewed
Feb 17, 2026
Address PR feedback: - Replace imperative RetainJaxbApiForJackson.java with declarative YAML recipes using FindDependency preconditions (split into Gradle and Maven variants since ModuleHasDependency is a ScanningRecipe which doesn't work as a declarative precondition) - Use assertThat().actual() instead of return in test assertions
…econdition Replace the Gradle/Maven split with a single declarative recipe that uses DependencyInsight as a cross-platform precondition instead of build-system specific FindDependency recipes.
timtebeek
approved these changes
Feb 17, 2026
mergify bot
added a commit
to robfrank/linklift
that referenced
this pull request
Feb 26, 2026
…27.0 to 3.28.0 [skip ci] [//]: # (dependabot-start)⚠️ \*\*Dependabot is rebasing this PR\*\*⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps [org.openrewrite.recipe:rewrite-migrate-java](https://github.com/openrewrite/rewrite-migrate-java) from 3.27.0 to 3.28.0. Release notes *Sourced from [org.openrewrite.recipe:rewrite-migrate-java's releases](https://github.com/openrewrite/rewrite-migrate-java/releases).* > 3.28.0 > ------ > > What's Changed > -------------- > > * Add maven-compiler-plugin version when missing during Java migration by [`@jkschneider`](https://github.com/jkschneider) in [openrewrite/rewrite-migrate-java#989](https://redirect.github.com/openrewrite/rewrite-migrate-java/pull/989) > * `UpdateSdkMan` recipe to support `newJavaVersion=latest.patch` by [`@greg-at-moderne`](https://github.com/greg-at-moderne) in [openrewrite/rewrite-migrate-java#990](https://redirect.github.com/openrewrite/rewrite-migrate-java/pull/990) > * Fix UpdateSdkManTest to use current SDKMAN Java versions by [`@timtebeek`](https://github.com/timtebeek) in [openrewrite/rewrite-migrate-java#991](https://redirect.github.com/openrewrite/rewrite-migrate-java/pull/991) > > **Full Changelog**: <openrewrite/rewrite-migrate-java@v3.27.1...v3.28.0> > > 3.27.1 > ------ > > What's Changed > -------------- > > * Add UpgradePluginsForJava25 for surefire, failsafe, compiler, and byte-buddy by [`@timtebeek`](https://github.com/timtebeek) in [openrewrite/rewrite-migrate-java#981](https://redirect.github.com/openrewrite/rewrite-migrate-java/pull/981) > * Skip adding methods already provided by a superclass by [`@Jenson3210`](https://github.com/Jenson3210) in [openrewrite/rewrite-migrate-java#983](https://redirect.github.com/openrewrite/rewrite-migrate-java/pull/983) > * Prevent UseTextBlocks from dropping comments in concatenations by [`@timtebeek`](https://github.com/timtebeek) in [openrewrite/rewrite-migrate-java#985](https://redirect.github.com/openrewrite/rewrite-migrate-java/pull/985) > * Prevent LombokValToFinalVar from removing star imports by [`@Jenson3210`](https://github.com/Jenson3210) in [openrewrite/rewrite-migrate-java#986](https://redirect.github.com/openrewrite/rewrite-migrate-java/pull/986) > * Retain javax.xml.bind:jaxb-api when jackson-module-jaxb-annotations is present by [`@Jenson3210`](https://github.com/Jenson3210) in [openrewrite/rewrite-migrate-java#987](https://redirect.github.com/openrewrite/rewrite-migrate-java/pull/987) > > **Full Changelog**: <openrewrite/rewrite-migrate-java@v3.27.0...v3.27.1> Commits * [`f5a2bd8`](openrewrite/rewrite-migrate-java@f5a2bd8) Update Gradle wrapper to 9.3.1 * [`0b2cb73`](openrewrite/rewrite-migrate-java@0b2cb73) Fix UpdateSdkManTest to use current SDKMAN Java versions ([#991](https://redirect.github.com/openrewrite/rewrite-migrate-java/issues/991)) * [`7c8b223`](openrewrite/rewrite-migrate-java@7c8b223) [Auto] SDKMAN! Java candidates as of 2026-02-23T1044 * [`e750f1b`](openrewrite/rewrite-migrate-java@e750f1b) OpenRewrite recipe best practices * [`f30e774`](openrewrite/rewrite-migrate-java@f30e774) Update SDKMan Java version * [`626e34f`](openrewrite/rewrite-migrate-java@626e34f) `UpdateSdkMan` recipe to support `newJavaVersion=latest.patch` ([#990](https://redirect.github.com/openrewrite/rewrite-migrate-java/issues/990)) * [`32b8caa`](openrewrite/rewrite-migrate-java@32b8caa) OpenRewrite recipe best practices * [`c17f866`](openrewrite/rewrite-migrate-java@c17f866) Add maven-compiler-plugin version when missing during Java migration ([#989](https://redirect.github.com/openrewrite/rewrite-migrate-java/issues/989)) * [`56b280c`](openrewrite/rewrite-migrate-java@56b280c) Retain javax.xml.bind:jaxb-api when jackson-module-jaxb-annotations is presen... * [`0c1793f`](openrewrite/rewrite-migrate-java@0c1793f) Prevent LombokValToFinalVar from removing star imports ([#986](https://redirect.github.com/openrewrite/rewrite-migrate-java/issues/986)) * Additional commits viewable in [compare view](openrewrite/rewrite-migrate-java@v3.27.0...v3.28.0) [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
RetainJaxbApiForJacksonrecipe that re-addsjavax.xml.bind:jaxb-apias a runtime dependency whenjackson-module-jaxb-annotationsis on the classpathJavaxXmlBindMigrationToJakartaXmlBindinjakarta-ee-9.yml, after theChangeDependencystepProblem
When running the Jakarta EE 9 migration (
JavaxXmlBindMigrationToJakartaXmlBind),ChangeDependencyreplacesjavax.xml.bind:jaxb-apiwithjakarta.xml.bind:jakarta.xml.bind-api:3.0.x. However,jackson-module-jaxb-annotationstransitively depends onjakarta.xml.bind:jakarta.xml.bind-api:2.3.x(the bridge version that still provides thejavax.xml.bindnamespace). Version resolution picks the highest version (3.0.x), which no longer providesjavax.xml.bindclasses, causingNoClassDefFoundErrorat runtime.Solution
A new imperative recipe
RetainJaxbApiForJacksonchecks ifjackson-module-jaxb-annotationsis on the resolved classpath (for both Gradle and Maven). If found, it addsjavax.xml.bind:jaxb-api:2.3.xas aruntimeOnly/runtimedependency so the javax namespace classes remain available.Test plan
New tests reproduce the bug on unmodified
main(both Gradle and Maven assertions fail without the fix)New tests pass with the fix applied
Negative test confirms
jaxb-apiis NOT retained when Jackson is absentExisting
AddJaxbDependenciesWithRuntimeTest,AddJaxbDependenciesWithoutRuntimeTest, andJavaxToJakartaTestall pass (no regressions)Fixes AddJaxbDependencies removes
javax.xml.bind:jaxb-apiwhen it is required by another dependency #504