Spring boot is using an older version of CrashHub (crashub.version in POM) that uses an old version of bouncycastle that using the class PemReader. This conflicts with the latest version of bouncycastle I am using in my application. Can you update Spring Boot or is there a work around I can do. Right now I get the exception below when I try to ssh into my application:
java.lang.NoClassDefFoundError: org/bouncycastle/openssl/PEMReader
at org.crsh.ssh.term.URLKeyPairProvider.loadKeys(URLKeyPairProvider.java:54)
at org.apache.sshd.common.keyprovider.AbstractKeyPairProvider.getKeyTypes(AbstractKeyPairProvider.java:53)
at org.apache.sshd.server.session.ServerSession.sendKexInit(ServerSession.java:127)
at org.apache.sshd.server.session.ServerSession.<init>(ServerSession.java:60)
at org.apache.sshd.server.session.SessionFactory.doCreateSession(SessionFactory.java:43)
at org.apache.sshd.common.session.AbstractSessionFactory.createSession(AbstractSessionFactory.java:38)
at org.apache.sshd.common.AbstractSessionIoHandler.sessionCreated(AbstractSessionIoHandler.java:36)
at org.apache.sshd.common.io.nio2.Nio2Acceptor$AcceptCompletionHandler.completed(Nio2Acceptor.java:128)
at org.apache.sshd.common.io.nio2.Nio2Acceptor$AcceptCompletionHandler.completed(Nio2Acceptor.java:109)
at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126)
at sun.nio.ch.Invoker$2.run(Invoker.java:218)
at sun.nio.ch.AsynchronousChannelGroupImpl$1.run(AsynchronousChannelGroupImpl.java:112)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.lang.ClassNotFoundException: org.bouncycastle.openssl.PEMReader
at java.net.URLClassLoader$1.run(URLClassLoader.java:372)
at java.net.URLClassLoader$1.run(URLClassLoader.java:361)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:360)
at java.lang.ClassLoader.loadClass(ClassLoader.java:424)
at org.springframework.boot.loader.LaunchedURLClassLoader.doLoadClass(LaunchedURLClassLoader.java:170)
at org.springframework.boot.loader.LaunchedURLClassLoader.loadClass(LaunchedURLClassLoader.java:136)
at java.lang.ClassLoader.loadClass(ClassLoader.java:357)
... 15 common frames omitted
1.3.0 is the latest version of Crashub and that's the version that Spring Boot supports so there's nothing that can be done on the Spring Boot side of things. Assuming that you don't want to downgrade your Bouncycastle dependency, your only easy choice is to stop using Crashub.
A more involved alternative would be to fork Crashub and make the changes necessary for it to work with your desired version of Bouncycastle.
Related
I am doing an upgrade of all my dependencies of my spring-boot project but I cannot upgrade ognl dependency from version 3.1.12 (containing the vulnerability CVE-2020-15250) to the last version 3.3.3 because I use the process() function on org.thymeleaf.TemplateEngine and I have the following error if I try to force the version of ognl dependency to 3.3.3 in my pom.xml:
java.lang.NoClassDefFoundError: ognl/DefaultMemberAccess
at java.lang.ClassLoader.defineClass1(Native Method)
at java.lang.ClassLoader.defineClass(ClassLoader.java:756)
at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:142)
at java.net.URLClassLoader.defineClass(URLClassLoader.java:468)
at java.net.URLClassLoader.access$100(URLClassLoader.java:74)
at java.net.URLClassLoader$1.run(URLClassLoader.java:369)
at java.net.URLClassLoader$1.run(URLClassLoader.java:363)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:362)
at java.lang.ClassLoader.loadClass(ClassLoader.java:418)
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:352)
at java.lang.ClassLoader.loadClass(ClassLoader.java:351)
at org.thymeleaf.standard.expression.OGNLVariableExpressionEvaluator.<clinit>(OGNLVariableExpressionEvaluator.java:76)
at org.thymeleaf.standard.StandardDialect.getVariableExpressionEvaluator(StandardDialect.java:179)
at org.thymeleaf.standard.StandardDialect.getExecutionAttributes(StandardDialect.java:393)
at org.thymeleaf.DialectSetConfiguration.build(DialectSetConfiguration.java:263)
at org.thymeleaf.EngineConfiguration.<init>(EngineConfiguration.java:123)
at org.thymeleaf.TemplateEngine.initialize(TemplateEngine.java:336)
at org.thymeleaf.TemplateEngine.process(TemplateEngine.java:1079)
at org.thymeleaf.TemplateEngine.process(TemplateEngine.java:1059)
at org.thymeleaf.TemplateEngine.process(TemplateEngine.java:1048)
It seems that in version 2.7.2 of spring-boot-starter-thymeleaf, the version 3.0.15.RELEASE of thymeleaf is used and this version try to use DefaultMemberAccess in ognl that is not available anymore after the version 3.2.1 of ognl according to what I saw.
I do not want to keep a dependency that have a vulnerability (ognl) but the version of thymeleaf in the last spring-boot version does not permit me to upgrade ognl because of that error.
Am I blocked for the upgrade or is it possible to do something please?
As #Andy Wilkinson said, the solution was to replace the new TemplateEngine() by new SpringTemplateEngine().
By doing that, OGNL seems to be useless because SpringTemplateEngine uses SpEL instead of OGNL if I understand.
Thank you for your help.
Since yesterday we have a problem on our spring boot project after clean install without change nothing of configuration of the maven files, libs or something else.
We did try to update version of pom's of SpringFrameWork and Spring boot to 1.5.4.Release.
The error that is show is:
Exception in thread "main" java.lang.NoClassDefFoundError: org/springframework/boot/context/properties/source/ConfigurationPropertySources
at org.springframework.cloud.client.HostInfoEnvironmentPostProcessor.getFirstNonLoopbackHostInfo(HostInfoEnvironmentPostProcessor.java:46)
at org.springframework.cloud.client.HostInfoEnvironmentPostProcessor.postProcessEnvironment(HostInfoEnvironmentPostProcessor.java:35)
at org.springframework.boot.context.config.ConfigFileApplicationListener.onApplicationEnvironmentPreparedEvent(ConfigFileApplicationListener.java:168)
at org.springframework.boot.context.config.ConfigFileApplicationListener.onApplicationEvent(ConfigFileApplicationListener.java:154)
at org.springframework.context.event.SimpleApplicationEventMulticaster.invokeListener(SimpleApplicationEventMulticaster.java:166)
at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:138)
at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:121)
at org.springframework.boot.context.event.EventPublishingRunListener.environmentPrepared(EventPublishingRunListener.java:68)
at org.springframework.boot.SpringApplicationRunListeners.environmentPrepared(SpringApplicationRunListeners.java:54)
at org.springframework.boot.SpringApplication.prepareEnvironment(SpringApplication.java:337)
at org.springframework.boot.SpringApplication.run(SpringApplication.java:308)
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1186)
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1175)
at br.com.ibliss.auth.app.AuthServerApplication.main(AuthServerApplication.java:216)
Caused by: java.lang.ClassNotFoundException: org.springframework.boot.context.properties.source.ConfigurationPropertySources
at java.net.URLClassLoader.findClass(URLClassLoader.java:381)
at java.lang.ClassLoader.loadClass(ClassLoader.java:424)
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:331)
at java.lang.ClassLoader.loadClass(ClassLoader.java:357)
... 14 more
According to ConfigurationPropertySources source, this class is around from version 2.0.0
Provides access to {#link ConfigurationPropertySource ConfigurationPropertySources}.
#author Phillip Webb
#since 2.0.0
You probably did not upgrade your spring boot version but actually downgrade.
When I'm trying to run the below code
#Override
public List<EventDetails> process(int event_status) throws EventDetailDataException {
String sql="select * from MicroServiceEventDetails where event_status=?";
List<EventDetails> EventDetailsList = template.query(sql, new BeanPropertyRowMapper<EventDetails>(EventDetails.class),new Object[] {event_status});
return EventDetailsList;
}
It throws the following exception and here's the error log:-
Apr 02, 2017 6:26:04 AM org.springframework.scheduling.support.TaskUtils$LoggingErrorHandler handleError
SEVERE: Unexpected error occurred in scheduled task.
java.lang.NoSuchMethodError: org.springframework.core.convert.support.DefaultConversionService.getSharedInstance()Lorg/springframework/core/convert/ConversionService;
at org.springframework.jdbc.core.BeanPropertyRowMapper.<init>(BeanPropertyRowMapper.java:91)
at com.syntel.boot.dao.EventProcessDaoImpl.process(EventProcessDaoImpl.java:38)
at com.syntel.boot.services.EventDetailServiceImpl.process(EventDetailServiceImpl.java:73)
at com.syntel.boot.scheduler.microeventschudler.eventExcuter(microeventschudler.java:30)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.springframework.scheduling.support.ScheduledMethodRunnable.run(ScheduledMethodRunnable.java:65)
at org.springframework.scheduling.support.DelegatingErrorHandlingRunnable.run(DelegatingErrorHandlingRunnable.java:54)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:308)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:180)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:294)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
Maybe maven dependencies would be the reason i'm not sure, help?
I assume you are using Maven/Gradle, any build tool.
I was working on a spring MVC project and added LDAP functionality, however I added the LDAP jar dependency on the top of the dependency list in pom.xml and the jar version I used, utilized a lower version of spring core which did not have the ConversionService class. I identified this by back tracking to what was the most recent change to the Spring jar versions I made(i.e. added ldap libs) and using the Maven - Dependency hierarchy tab to identify what had changed. Once I removed the new dependency. did a clean, install, add the dependencies to the bottom of the list. The issue was fixed.
Your resolved dependencies should have the highest spring core version referenced on the column on the left. Any lower version should be omitted. In the screenshot, notice that spring core 4.3.9 is omitted for 4.3.4. Avoid this by adding the dependencies that use lower spring core versions below those which use higher versions.
All,
I've built Spring Cloud Config servers and clients before with previous versions of Spring Cloud / Spring Boot, but I seem to be having an issue with the Angel.SR4 / Boot 1.3.1 combination.
Following the basic instructions here (http://projects.spring.io/spring-cloud/docs/1.0.3/spring-cloud.html#_client_side_usage), except using the current releases of Boot and Cloud (1.3.1.RELEASE / Angel.SR4 at present), I get the following stack trace:
Exception in thread "main" java.lang.IllegalArgumentException: Cannot instantiate interface org.springframework.context.ApplicationListener : org.springframework.boot.logging.ClasspathLoggingApplicationListener
at org.springframework.boot.SpringApplication.createSpringFactoriesInstances(SpringApplication.java:412)
at org.springframework.boot.SpringApplication.getSpringFactoriesInstances(SpringApplication.java:392)
at org.springframework.boot.SpringApplication.getSpringFactoriesInstances(SpringApplication.java:383)
at org.springframework.boot.SpringApplication.initialize(SpringApplication.java:263)
at org.springframework.boot.SpringApplication.<init>(SpringApplication.java:237)
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1124)
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1113)
at demo.Application.main(Application.java:10)
Caused by: java.lang.NoClassDefFoundError: org/springframework/context/event/GenericApplicationListener
at java.lang.ClassLoader.defineClass1(Native Method)
at java.lang.ClassLoader.defineClass(ClassLoader.java:760)
at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:142)
at java.net.URLClassLoader.defineClass(URLClassLoader.java:455)
at java.net.URLClassLoader.access$100(URLClassLoader.java:73)
at java.net.URLClassLoader$1.run(URLClassLoader.java:367)
at java.net.URLClassLoader$1.run(URLClassLoader.java:361)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:360)
at java.lang.ClassLoader.loadClass(ClassLoader.java:424)
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:308)
at java.lang.ClassLoader.loadClass(ClassLoader.java:357)
at org.springframework.util.ClassUtils.forName(ClassUtils.java:250)
at org.springframework.boot.SpringApplication.createSpringFactoriesInstances(SpringApplication.java:405)
... 7 more
Caused by: java.lang.ClassNotFoundException: org.springframework.context.event.GenericApplicationListener
at java.net.URLClassLoader$1.run(URLClassLoader.java:372)
at java.net.URLClassLoader$1.run(URLClassLoader.java:361)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:360)
at java.lang.ClassLoader.loadClass(ClassLoader.java:424)
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:308)
at java.lang.ClassLoader.loadClass(ClassLoader.java:357)
... 21 more
If I back off the Boot version to 1.2.8 the problem disappears. If I move Cloud up to Brixton.M4 the problem disappears. Is there a prescribed version combination of Boot / Cloud that should be used together? Thanks in advance.
K
Is there a prescribed version combination of Boot / Cloud that should be used together?
Yes. Angel is Boot 1.2, and Brixton is Boot 1.3. See the blog for more detail: https://spring.io/blog/2015/11/25/migrating-spring-cloud-apps-from-spring-boot-1-2-to-1-3
In my Spring Starter created Soring Boot application I switched from Spring Boot 1.3.0M1 to 1.3.0M2. When trying to start the application (either from STS 3.7.0 or via spring-boot:run at the command line) I get the following exception:
java.lang.reflect.InvocationTargetException
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:497)
at org.springframework.boot.maven.AbstractRunMojo$LaunchRunner.run(AbstractRunMojo.java:435)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.lang.IllegalArgumentException: Cannot instantiate interface org.springframework.context.ApplicationListener : org.springframework.boot.logging.ClasspathLoggingApplicationListener
at org.springframework.boot.SpringApplication.getSpringFactoriesInstances(SpringApplication.java:385)
at org.springframework.boot.SpringApplication.getSpringFactoriesInstances(SpringApplication.java:362)
at org.springframework.boot.SpringApplication.initialize(SpringApplication.java:231)
at org.springframework.boot.SpringApplication.<init>(SpringApplication.java:206)
at org.springframework.boot.SpringApplication.run(SpringApplication.java:971)
at org.springframework.boot.SpringApplication.run(SpringApplication.java:960)
at com.daimler.daivb.services.application.dummyservice.DummyServiceApplication.main(DummyServiceApplication.java:18)
... 6 more
Caused by: java.lang.NoClassDefFoundError: org/springframework/context/event/GenericApplicationListener
at java.lang.ClassLoader.defineClass1(Native Method)
at java.lang.ClassLoader.defineClass(ClassLoader.java:760)
at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:142)
at java.net.URLClassLoader.defineClass(URLClassLoader.java:467)
at java.net.URLClassLoader.access$100(URLClassLoader.java:73)
at java.net.URLClassLoader$1.run(URLClassLoader.java:368)
at java.net.URLClassLoader$1.run(URLClassLoader.java:362)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:361)
at java.lang.ClassLoader.loadClass(ClassLoader.java:424)
at java.lang.ClassLoader.loadClass(ClassLoader.java:357)
at org.springframework.util.ClassUtils.forName(ClassUtils.java:250)
at org.springframework.boot.SpringApplication.getSpringFactoriesInstances(SpringApplication.java:378)
... 12 more
Caused by: java.lang.ClassNotFoundException: org.springframework.context.event.GenericApplicationListener
at java.net.URLClassLoader.findClass(URLClassLoader.java:381)
at java.lang.ClassLoader.loadClass(ClassLoader.java:424)
at java.lang.ClassLoader.loadClass(ClassLoader.java:357)
... 25 more
The mentioned class has been added in spring-context version 4.2.0 but when looking at the dependency tree I can see that Spring Boot 1.3.0M2 still depends on spring-context 4.1.6:
[INFO] com.company.services.application:dummyservice:war:0.0.1-SNAPSHOT
[INFO] +- org.springframework.boot:spring-boot-devtools:jar:1.3.0.M2:compile
[INFO] | +- org.springframework.boot:spring-boot:jar:1.3.0.M2:compile
[INFO] | | \- org.springframework:spring-context:jar:4.1.6.RELEASE:compile
[INFO] | \- org.springframework.boot:spring-boot-autoconfigure:jar:1.3.0.M2:compile
[INFO] | \- org.yaml:snakeyaml:jar:1.15:compile
Spring Boot manages a bunch of dependencies for you and allows you to add them without specifying the version. Spring Boot is obviously based on Spring Framework and uses the latest and greatest so you should avoid at all cost to fix the spring framework version to use yourself.
If you have upgraded to a newer version (to include a bug fix or something) make sure to remove the override before you upgrade Spring Boot as the new version it requires may be incompatible with your override.
If you are using other projects that also provide a dependency management on Spring Framework (such as Spring Cloud) make sure that the dependency management of Spring Boot takes precedence. With Maven, make sure to add the spring-boot-dependencies BOM as the first entry in the <dependenciesManagement> section.
I had the same problem because my POM had a properties section with a <spring.version> tag copied from another project.
Remove any <abc.version> tag in your properties section that may conflict with Spring Boot libraries.
Caused by: java.lang.NoClassDefFoundError: org/springframework/context/event/GenericApplicationListener
From the above error, application is unable to find the class defined from the jar dependencies. GenericApplicationListener is added from spring version 4.2.
Upgrade your Spring version to 4.2 and recheck.