I don't want to repeat previous other threads. I just don't see this being tracked anywhere although it is a known issue. If it is tracked, please point me in the right direction.
Currently spring-authorization-server works with Spring Boot 2.5.x. It is known that there is an inconsistency with the spring-boot-starter-oauth2-client implementation and the Jwt tokens and that of spring-authorization-server.
This means you can successfully run spring-authorization-server with Spring Boot 2.6.x BUT you cannot add the dependency spring-boot-starter-oauth2-client.
And that's where I'm stuck. I wanted to implement a federated security example using the federated sample located in the codebase here: https://github.com/spring-projects/spring-authorization-server/tree/main/samples/federated-identity-authorizationserver
2022-04-25 14:14:34.067 ERROR 54601 --- [ XNIO-1 task-2] io.undertow.request : UT005023: Exception handling request to /oauth2/token
java.lang.IllegalAccessError: failed to access class org.springframework.security.oauth2.jwt.JoseHeader from class org.springframework.security.oauth2.server.authorization.token.JwtGenerator (org.springframework.security.oauth2.jwt.JoseHeader and org.springframework.security.oauth2.server.authorization.token.JwtGenerator are in unnamed module of loader 'app')
at org.springframework.security.oauth2.server.authorization.token.JwtGenerator.generate(JwtGenerator.java:130) ~[spring-security-oauth2-authorization-server-0.2.3.jar:0.2.3]
at org.springframework.security.oauth2.server.authorization.token.JwtGenerator.generate(JwtGenerator.java:59) ~[spring-security-oauth2-authorization-server-0.2.3.jar:0.2.3]
at org.springframework.security.oauth2.server.authorization.token.DelegatingOAuth2TokenGenerator.generate(DelegatingOAuth2TokenGenerator.java:60) ~[spring-security-oauth2-authorization-server-0.2.3.jar:0.2.3]
at org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthorizationCodeAuthenticationProvider.authenticate(OAuth2AuthorizationCodeAuthenticationProvider.java:212) ~[spring-security-oauth2-authorization-server-0.2.3.jar:0.2.3]
What's the status of this inconsistency?
As a workaround, you can move the security-oauth2-authorization-server dependency
before any other spring-boot dependencies declaration inside the pom, that will force classloader to load the org.springframework.security.oauth2.jwt.JoseHeader from security-oauth2-authorization-server.
Please read https://github.com/spring-projects/spring-authorization-server/issues/518#issuecomment-1017332290
Spring Authorization Server v0.3.0 has been released and there is no longer a discrepancy between SAS and Spring Security OAuth.
🦸♂️
Related
I am upgrading my springboot app from 2.7.x to 3.0.0, I have made required changes for jakartaEE. When starting my app I am getting the below error
{"#timestamp":"2023-01-03T15:28:01.149Z","#version":"1","message":"\r\n\r\n***************************\r\nAPPLICATION
FAILED TO
START\r\n***************************\r\n\r\nDescription:\r\n\r\nParameter
1 of method collectionModelContentConverter in
org.springdoc.core.configuration.SpringDocHateoasConfiguration
required a bean of type
'org.springframework.hateoas.server.LinkRelationProvider' that could
not be found.\r\n\r\n\r\nAction:\r\n\r\nConsider defining a bean of
type 'org.springframework.hateoas.server.LinkRelationProvider' in your
configuration.\r\n","logger_name":"org.springframework.boot.diagnostics.LoggingFailureAnalysisReporter","thread_name":"main","level":"ERROR","level_value":40000}
I am using hateos lib for representation in my app, Also I am using springdoc-openapi-starter-webmvc-ui for swagger UI.
When I disable configuration for api-docs springdoc.api-docs.enabled=false the above error go away but my swagger page is also gone, which definitely means this is not the solution.
Could someone please guide me why this bean is not getting found with springboot 3 while it was all working before with springboot2.7.x and java-11.
here is my pom.xml https://gist.github.com/bruce2019/c93a16dc20f7edb7d922b1e284f39d15
Thanks in advance
You can use springdoc-openapi-starter-webmvc-ui with 2.0.2 version
Add "/v3/api-docs/**" to mvcMatchers in WebSecurityCustomizer
I want to convert properties to map, see below
field2ZhNameMap.platform=平台
==>
private Map<String,String> field2ZhNameMap;
In Spring boot 1.5.6 start the app in tomcat it's OK, but use sprint boot 2.0.0.M7 start the app in tomcat I got below error
Caused by: org.springframework.boot.context.properties.bind.BindException: Failed to bind properties under '' to com.foo.bar.util.Field2ZhNameProperties
at org.springframework.boot.context.properties.bind.Binder.handleBindError(Binder.java:227)
Caused by: java.lang.IllegalArgumentException: PropertyName must not be empty
at org.springframework.util.Assert.hasLength(Assert.java:233)
at org.springframework.boot.origin.PropertySourceOrigin.<init>(PropertySourceOrigin.java:41)
After debuging source code I found start the app in tomcat it has a JndiPropertySource which caused above problem. So I have to explicitly disable JndiPropertySource by specify spring.jndi.ignore=true in a spring.properties to solve this problem.
In addition I found these classes like Binder do not exist in 1.5.6, it seems it has a big change from 1.5.6 to 2.0.0. So I want to know if has some documents record these change and guide how to correctly map properties to java class in spring boot 2?
For me, upgrade to Spring Boot 2.0.1.RELEASE on Tomcat 8.5.30 resolved PropertyName must not be empty
I have a Spring-boot project that uses spring-boot actuator to provide application statistics and metrics.
The actuator functionality is being provided by adding "spring-boot-starter-actuator" to the project.
At this point, security is disable, so the project does not import spring-security.
Using spring-boot 1.5.x, all actuator Endpoints (automatic provided, as the /info, as well as my specific defined endpoints), are working correctly.
After updating to Spring-boot 2.0.0 M1, the actuator endpoints are no longer exposed. Invoking the /info endpoint returns the following error:
{"timestamp":1496948526890,"status":404,"error":"Not Found","message":"No
message available","path":"/info"}
A note regarding Tomcat: i'm redefining the tomcat.version property, in order to use version 9.
When using spring-boot 1.5.x, tomcat.version=9.0.0.M9
When using spring-boot 2.0.0.M1, tomcat.version=9.0.0.M21
And it's moved again. Right now, the URL are living under /actuator, for example: /actuator/health.
See https://docs.spring.io/spring-boot/docs/current-SNAPSHOT/reference/htmlsingle/#production-ready-endpoints
It look's like the endpoint is no longer mapped to /info
2017-06-08 13:11:57.817 [main] INFO o.s.b.a.e.mvc.EndpointHandlerMapping - Mapped "{[/application/info || /application/info.json],methods=[GET],produces=[application/vnd.spring-boot.actuator.v2+json || application/json]}" onto public java.lang.Object org.springframework.boot.actuate.endpoint.mvc.EndpointMvcAdapter.invoke()
and according to the 2.0.0/SNAPSHOT documentation this is expected.
https://docs.spring.io/spring-boot/docs/current-SNAPSHOT/reference/htmlsingle/#production-ready-endpoints
Try /application/info
try this
management:
endpoints:
web:
exposure:
include: '*'
base-path: /actuator
Even you could define a specific path using the management attribute:
management.context-path =
If you set an empty space, you can reach "/info", as you want.
I'm facing a JAXBException " is not known to this context" when calling a web service from within a job controlled by Quartz on Spring:
javax.xml.ws.WebServiceException: javax.xml.bind.JAXBException: com.xxxx.yyyy.zzzz.ImageMetaData is not known to this context
at org.apache.axis2.jaxws.ExceptionFactory.createWebServiceException(ExceptionFactory.java:175)
at org.apache.axis2.jaxws.ExceptionFactory.makeWebServiceException(ExceptionFactory.java:70)
at org.apache.axis2.jaxws.ExceptionFactory.makeWebServiceException(ExceptionFactory.java:128)
at org.apache.axis2.jaxws.marshaller.impl.alt.DocLitWrappedMinimalMethodMarshaller.demarshalResponse(DocLitWrappedMinimalMethodMarshaller.java:624)
at org.apache.axis2.jaxws.client.proxy.JAXWSProxyHandler.createResponse(JAXWSProxyHandler.java:593)
at org.apache.axis2.jaxws.client.proxy.JAXWSProxyHandler.invokeSEIMethod(JAXWSProxyHandler.java:432)
at org.apache.axis2.jaxws.client.proxy.JAXWSProxyHandler.invoke(JAXWSProxyHandler.java:213)
at com.sun.proxy.$Proxy299.findAllImageMetaData(Unknown Source)
I'm having a Spring 3.2.4 Java EE application with JSF running on IBM WebSphere v8.
When calling a specific web service from the JSF part of the application (i.e. from an action or a service), everything's ok.
The exception occurs only when the call is done from within a Quartz/Spring triggered job.
Executing exacty the same job code from the action does not result in an exception.
I tried a lot of different things like using a corresponding #XmlSeeAlso annotation in the JAXB generated classes but even using the annotation in the webservice interface itself does not solve the issue.
I also updated the Spring and Quartz libraries to more recent versions but this didn't help.
Anyone any idea?
I've finally solved the issue.
After much analysis I encountered the following issue in the Spring framework:
https://jira.spring.io/i#browse/SPR-11125
When a job is triggered via Spring/Quartz on WebSphere, the wrong ContextClassLoader is set.
This may cause many different problems - among them is the JAXBException as described.
The Spring bug is still open - so as a workaround I had to overwrite the context class loader of the current thread by the correct one:
ClassLoader cl = invoiceService.getClass().getClassLoader();
Thread.currentThread().setContextClassLoader(cl);
The correct class loader can be simply retrieved by a class that has been loaded by the container. Using this class loader as the context class loader for the current thread solved my issue.
I am trying to access facebook data via spring social facebook integration using the instructions provided at http://spring.io/guides/gs/accessing-facebook.
But currently i am facing 2 type of problem
When i run example as mentioned in tutorial i get following error
No matching bean of type [org.springframework.social.facebook.api.Facebook] found for dependency
When i run this with #Configuration on FacebookConfig class, i get below mentioned error
A ConnectionFactory for provider 'facebook' has already been registered
Is there a workaround to it?
I have kept the war file with source code at https://skydrive.live.com/redir?resid=EA49CD7184E0E40!168&authkey=!AIkoKKx5-Um8AQE
What version are you using?
Try using the version 1.1.0.RELEASE
<dependency>
<groupId>org.springframework.social</groupId>
<artifactId>spring-social-facebook</artifactId>
<version>1.1.0.RELEASE</version>
</dependency>
If it not works, please try post the stacktrace printed.
You need to create a the beans to your class, please post more information like your pom.xml and your spring context configuration.
Ihad the same problem. Spring Social Facebook will automatically add connection factory based on the configuration in application.properties. This auto-configured connection factory is clashing with the one that you're trying to add. Try just to remove your connection factory you add through addConnectionFactories.
Try to use different setting to load your custom connection factory...
E.g. Instead of using OOTB keys use different keys:
#Facebook Social App Details:
# Commented below 2 OOTB Keys & Bingo it worked.
#spring.social.facebook.appId=APP_ID
#spring.social.facebook.appSecret=APP_SECRET
facebook.app.id=APP_ID
facebook.app.secret=APP_SECRET
This will resolve your problem.