Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

SEC-1301: security setup doesn't add commons codec to pom.xml #1547

spring-issuemaster opened this Issue Nov 18, 2009 · 3 comments


None yet
1 participant

Craig Walls (Migrated from SEC-1301) said:

I was trying out "security setup" to add security to my Roo-based application. After it generated the Spring Security config, I tweaked it to limit access to certain URLs unless logged in as 'admin'. It worked great until I tried logging in. Upon attempting to login, I get "java.lang.NoClassDefFoundError: org/apache/commons/codec/binary/Hex".

Apparently Common Codec needs to be added to the pom.xml file. This is something that I would have expected "security setup" to do for me.

Maximiliano Guzenski said:

Yes, I've this issue as well.

Spring security works well with "mvn tomcat:run" but fail on login in an external tomcat. Solution is add dependecy of commons codec to project.

But, it looks like to by more a bug of spring security pom.xml then a roo bug.

Luke Taylor said:

I think the codec dep is optional at the moment. I'd like to removed it from the distro and just add internal code for base64 and hex encoding.

Luke Taylor said:

Closing as commons codec is no longer required (see SEC-1303). In any case, an optional maven dependency isn't a bug - it just means that users have to add that dependency themselves if they need it.

@spring-issuemaster spring-issuemaster added this to the 3.0.0.RC2 milestone Feb 5, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment