The simplest way is you wrap acegi-security bundle yourself and add OSGi header like
Import-Package org.apache.commons.codec* with version range like [1.4, 1.5), so that your customer acegi-security bundle can resolve package from commons-codec 1.4.
My app is dependent on several 3rd party jars (like around 30), and each might uses the other other jars like this. do we have to re build all the jars as bundle?
For ex. spring web jar uses - commons-fileupload of older version and my app is using the latest version of fileupload.
Some 3rd party jars are already available in servicemix as bundles but version is different.
Is there any way to handle these problems?
Yeah, per best OSGi practice, you should install all 3rd libs as bundles and servicemix already wrapped a lot of bundles(including different versions for same 3rd lib) for easy of use.
However, you can use a big umbrella jar and embed all necessary 3rd libs but you'll lose a lot of OSGi nature this way.