Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

After spring boot upgrade : com.nimbusds.jose.shaded.json.JSONArray cannot be cast to net.minidev.json.JSONArray #26912

Closed
2 tasks done
antoineclaval opened this issue Feb 8, 2022 · 5 comments
Closed
2 tasks done

After spring boot upgrade : com.nimbusds.jose.shaded.json.JSONArray cannot be cast to net.minidev.json.JSONArray #26912

antoineclaval opened this issue Feb 8, 2022 · 5 comments
Assignees
@chenrujun
Labels
azure-spring All azure-spring related issues Client This issue points to a problem in the data-plane of the library. customer-reported Issues that are reported by GitHub users external to the Azure organization. needs-team-attention This issue needs attention from Azure service team or SDK team question The issue doesn't require a change to the product in order to be resolved. Most issues start as that
Milestone
[2022] March

Comments

@antoineclaval
Copy link

antoineclaval commented Feb 8, 2022
edited

Query/Question
I'm having difficulty upgrading from spring-boot 2.3.4.RELEASE to spring-boot 2.5.8 while keeping azure-spring-boot:2.2.0

After the upgrade I'm seeing runtime errors as below when authenticating.

java.lang.ClassCastException: com.nimbusds.jose.shaded.json.JSONArray cannot be cast to net.minidev.json.JSONArray
	at com.microsoft.azure.spring.autoconfigure.aad.AADAppRoleStatelessAuthenticationFilter.doFilterInternal(AADAppRoleStatelessAuthenticationFilter.java:59)
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
	at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:103)
	at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:89)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
	at org.springframework.security.web.header.HeaderWriterFilter.doHeadersAfter(HeaderWriterFilter.java:90)
	at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:75)
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
	at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:110)
	at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:80)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
	at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:55)
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
	at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:211)
	at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:183)
	at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:354)
	at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:267)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100)
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93)
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.springframework.boot.actuate.metrics.web.servlet.WebMvcMetricsFilter.doFilterInternal(WebMvcMetricsFilter.java:96)
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201)
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at com.xyz.imm.rm.configs.CorsFilter.doFilter(CorsFilter.java:38)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at com.microsoft.applicationinsights.web.internal.WebRequestTrackingFilter.doFilter(WebRequestTrackingFilter.java:143)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:542)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:143)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
	at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:374)
	at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
	at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:880)
	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1601)
	at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
	at java.lang.Thread.run(Thread.java:748)

I've read the following related ticket :
#15180
#14898

In the light of those, I've try to tweak the nimbusds version,

  • uppgraded nimbus-jose-jwt to 8.20.2
  • downgraded nimbus-jose-jwt to 7.9

Similarly, I've try to keep a 5.3.4-release for spring-security-web.

Without success.

Can I keep com.microsoft.azure.azure-servicebus-spring-boot-starter:2.2.0 and upgrade to spring-boot 2.5.x ? Is there a workaround to avoid upgrade azure-spring-boot-starter since further version have API changes?

Why is this not a Bug or a feature Request?
It's a question to understand what options are available to me.

Setup (please complete the following information if applicable):

  • OS: linux
  • IDE: command line
  • Library/Libraries: com.microsoft.azure.azure-servicebus-spring-boot-starter:2.2.0

Information Checklist
Kindly make sure that you have added all the following information above and checkoff the required fields otherwise we will treat the issuer as an incomplete report

  • Query Added
  • Setup information Added
@ghost ghost added needs-triage This is a new issue that needs to be triaged to the appropriate team. customer-reported Issues that are reported by GitHub users external to the Azure organization. question The issue doesn't require a change to the product in order to be resolved. Most issues start as that labels Feb 8, 2022
@backwind1233 backwind1233 added the azure-spring All azure-spring related issues label Feb 8, 2022
@ghost ghost removed the needs-triage This is a new issue that needs to be triaged to the appropriate team. label Feb 8, 2022
@backwind1233 backwind1233 added the Client This issue points to a problem in the data-plane of the library. label Feb 8, 2022
@ghost ghost added the needs-team-attention This issue needs attention from Azure service team or SDK team label Feb 8, 2022
@backwind1233 backwind1233 added this to the [2022] March milestone Feb 8, 2022
@chenrujun
Copy link
Member

chenrujun commented Feb 8, 2022
edited

Hi, @antoineclaval.
Thanks for reaching out.

The suggested way is to upgrade azure-spring-boot-starter.
Since you don't want to upgrade it, one workaround is to copy the source code of AADAppRoleStatelessAuthenticationFilter to a new class, for example, named AnotherAADAppRoleStatelessAuthenticationFilter, change the package name from net.minidev.json.JSONArray to com.nimbusds.jose.shaded.json.JSONArray. Use the new class in your project.

@yiliuTo yiliuTo added the needs-author-feedback More information is needed from author to address the issue. label Feb 10, 2022
@ghost ghost added the no-recent-activity There has been no recent activity on this issue. label Feb 17, 2022
@ghost
Copy link

ghost commented Feb 17, 2022

Hi, we're sending this friendly reminder because we haven't heard back from you in a while. We need more information about this issue to help address it. Please be sure to give us your input within the next 7 days. If we don't hear back from you within 14 days of this comment the issue will be automatically closed. Thank you!

@antoineclaval
Copy link
Author

Thanks that clarify my situation, I could not find migration notes. We're starting the process of upgrading.
Is there particular things to look for?

@ghost ghost removed needs-author-feedback More information is needed from author to address the issue. no-recent-activity There has been no recent activity on this issue. labels Feb 17, 2022
@chenrujun
Copy link
Member

@antoineclaval

Since you are using spring-boot 2.5.8.

You can choose one of the following options:

Option 1: Use Spring Security

Option 2: Use spring-cloud-azure-starter-active-directory:4.0.0-beta.3

Or you can tell me all of your requirements, and let me help you to choose the option.

@chenrujun
Copy link
Member

Closing this issue, because no response from author for a long time.

@github-actions github-actions bot locked and limited conversation to collaborators Apr 11, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@chenrujun chenrujun

Labels
azure-spring All azure-spring related issues Client This issue points to a problem in the data-plane of the library. customer-reported Issues that are reported by GitHub users external to the Azure organization. needs-team-attention This issue needs attention from Azure service team or SDK team question The issue doesn't require a change to the product in order to be resolved. Most issues start as that
Projects
Spring Cloud Azure
Archived in project
Milestone
[2022] March
Development

No branches or pull requests
4 participants
@antoineclaval @backwind1233 @chenrujun @yiliuTo