Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

When is javax.servlet a required dependency? #374

Closed
JamiesWhiteShirt opened this issue Oct 6, 2021 · 1 comment
Closed

When is javax.servlet a required dependency? #374

JamiesWhiteShirt opened this issue Oct 6, 2021 · 1 comment

Comments

@JamiesWhiteShirt
Copy link

It seems javax.servlet is an optional dependency of the Vonage Java SDK by design (a39be5f). I can not find any documentation mentioning that it is an optional dependency, nor when it is necessary to have it installed when using the Vonage Java SDK. It seems to not be required for sending SMS with request signing, but it has to be installed anyway due to a (presumably accidental) hard dependency.

With version 5.6.0 of the Vonage Java SDK, I could send SMS with request signing just fine without javax.servlet. After updating to version 6.4.0, sending SMS with request signing will fail unless javax.servlet is installed:

java.lang.NoClassDefFoundError: javax/servlet/ServletInputStream
	at com.vonage.client.auth.SignatureAuthMethod.apply(SignatureAuthMethod.java:47)
	at com.vonage.client.AbstractMethod.applyAuth(AbstractMethod.java:127)
	at com.vonage.client.AbstractMethod.execute(AbstractMethod.java:73)
	at com.vonage.client.sms.SmsClient.submitMessage(SmsClient.java:74)
	...
Caused by: java.lang.ClassNotFoundException: javax.servlet.ServletInputStream
	at java.net.URLClassLoader.findClass(URLClassLoader.java:382)
	at java.lang.ClassLoader.loadClass(ClassLoader.java:418)
	at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:352)
	at java.lang.ClassLoader.loadClass(ClassLoader.java:351)
	... 6 more

I am fairly certain that com.vonage.client.auth.RequestSigning has a hard dependency on javax.servlet due to the runtime class verification of the JVM. More specifically, an implicit cast from javax.servlet.ServletInputStream to java.io.InputStream is causing this hard dependency which was added here, which is a change that was introduced after 5.6.0.

Having a hard dependency on javax.servlet from RequestSigning may be perfectly reasonable, but it does not appear to be necessary given that I was able to send SMS with request signing without javax.servlet prior.

For now, it seems the safest option is to always install javax.servlet even if it should not be required.
@SMadani SMadani mentioned this issue Apr 5, 2023
Merged
@SMadani
Copy link
Contributor

SMadani commented Apr 11, 2023

Thanks for pointing this out. Should be fixed in #445 (v7.3.0) but feel free to reopen if this is not the case :)

@SMadani SMadani closed this as completed Apr 11, 2023
@SMadani SMadani mentioned this issue May 18, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@JamiesWhiteShirt @SMadani