我做了一个测试项目来验证问题。
app。libA的库模块。libA中,我使用implementation 'com.google.code.gson:gson:2.8.5' ClassA的单一方法。Gson中,我通过app添加了依赖项
libA implementation project(path: ':liba')中的类。 libA从主要活动中无法访问。Gson插件和maven-publish ./gradlew :liba:publishMsdkPublicationToMavenLocal implementation "com.ndefiorenze:lib-a:1.0.0"当 List<String> list = new ArrayList<>();
list.add("a");
list.add("b");
list.add("c");
Log.d("classA", new Gson().toJson(list));
在行家中时,如何防止Gson暴露在app中?
以下是一些来源:
libapublic class ClassA {
public void fooA(){
List<String> list = new ArrayList<>();
list.add("a");
Log.d("classA", new Gson().toJson(list));
}
}
liba build.gradle
class MainActivity : AppCompatActivity() {
override fun onCreate(savedInstanceState: Bundle?) {
super.onCreate(savedInstanceState)
setContentView(R.layout.activity_main)
ClassA().fooA()
}
}
应用程序build.gradle
apply plugin: 'com.android.library'
apply plugin: 'maven-publish'
android {
compileSdkVersion 28
defaultConfig {
minSdkVersion 19
targetSdkVersion 28
versionCode 1
versionName "1.0"
testInstrumentationRunner "android.support.test.runner.AndroidJUnitRunner"
}
buildTypes {
release {
minifyEnabled false
proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro'
}
}
}
dependencies {
implementation fileTree(dir: 'libs', include: ['*.jar'])
implementation 'com.google.code.gson:gson:2.8.5'
}
publishing {
publications {
msdk(MavenPublication) {
groupId 'com.ndefiorenze'
artifactId 'lib-a'
version "1.0.0"
artifact(bundleReleaseAar)
pom.withXml {
def dependenciesNode = asNode().appendNode('dependencies')
configurations.implementation.allDependencies.each {
if(it.group != null && (it.name != null || "unspecified" == it.name) && it.version != null) {
def dependencyNode = dependenciesNode.appendNode('dependency')
dependencyNode.appendNode('groupId', it.group)
dependencyNode.appendNode('artifactId', it.name)
dependencyNode.appendNode('version', it.version)
}
}
}
}
}
repositories {
maven {
url "${System.env.HOME}/.m2/repository"
}
}
}
项目build.gradle:
apply plugin: 'com.android.application'
apply plugin: 'kotlin-android'
apply plugin: 'kotlin-android-extensions'
android {
compileSdkVersion 28
defaultConfig {
applicationId "com.ndefiorenze.dependencyagain"
minSdkVersion 19
targetSdkVersion 28
versionCode 1
versionName "1.0"
testInstrumentationRunner "android.support.test.runner.AndroidJUnitRunner"
}
buildTypes {
release {
minifyEnabled false
proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro'
}
}
}
dependencies {
implementation fileTree(dir: 'libs', include: ['*.jar'])
implementation"org.jetbrains.kotlin:kotlin-stdlib-jdk7:$kotlin_version"
implementation 'com.android.support:appcompat-v7:28.0.0'
implementation 'com.android.support.constraint:constraint-layout:1.1.3'
testImplementation 'junit:junit:4.12'
androidTestImplementation 'com.android.support.test:runner:1.0.2'
androidTestImplementation 'com.android.support.test.espresso:espresso-core:3.0.2'
implementation project(path: ':liba')
// implementation "com.ndefiorenze:lib-a:1.0.0"
}
答案 0 :(得分:0)
我对最近的更改感到很陌生,但是我没有正确阅读this article时,您想要排除传递依赖,如图所示。
dependencies {
implementation('log4j:log4j:1.2.15') {
exclude group: 'javax.jms', module: 'jms'
exclude group: 'com.sun.jdmk', module: 'jmxtools'
exclude group: 'com.sun.jmx', module: 'jmxri'
} }
因此在您的应用程序构建文件中;
dependencies {
...
implementation project(path: ':liba'){
exclude group: 'com.google.code.gson', module:'gson'
}
应该阻止Gson从应用程序访问。