Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Spring Boot + spring-security-oauth2-resource-server should not throw a ClassNotFoundException once it supports more than one token format #6209

Closed
jzheaux opened this issue Nov 30, 2018 · 6 comments
Closed

Spring Boot + spring-security-oauth2-resource-server should not throw a ClassNotFoundException once it supports more than one token format #6209

jzheaux opened this issue Nov 30, 2018 · 6 comments
Assignees
@jzheaux
Labels
in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: enhancement A general enhancement
Milestone
5.2.0.RC1

Comments

@jzheaux
Copy link
Contributor

jzheaux commented Nov 30, 2018

While it's true that Resource Server effectively requires spring-security-oauth2-jose at this point, it shouldn't once it supports more than one token format.

When spring-boot-starter-security and spring-security-oauth2-resource-server are used together, without further configuration, the application throws the following exception:

Caused by: java.lang.ClassNotFoundException: org.springframework.security.oauth2.jwt.JwtDecoder
    at java.net.URLClassLoader.findClass(URLClassLoader.java:381)
    at java.lang.ClassLoader.loadClass(ClassLoader.java:424)
    at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:349)
    at java.lang.ClassLoader.loadClass(ClassLoader.java:357)
    ... 111 more

In all likelihood, this will be taken care of naturally when coordinating with the boot team to add support for a second token format.
@jzheaux jzheaux added type: enhancement A general enhancement in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) labels Nov 30, 2018
@jzheaux jzheaux added this to the 5.2.0.M1 milestone Nov 30, 2018
@jzheaux jzheaux self-assigned this Nov 30, 2018
@rwinch
Copy link
Member

rwinch commented Dec 1, 2018

@jzheaux There is a spring-boot-starter-oauth2-resource-server that should resolve this. There is a ticket for adding it to start.spring.io

@jzheaux jzheaux changed the title Spring Boot + spring-security-oauth2-resource-server throws ClassNotFoundException on startup Spring Boot + spring-security-oauth2-resource-server should not throw a ClassNotFoundException once it supports more than one token format Dec 1, 2018
@jzheaux
Copy link
Contributor Author

jzheaux commented Dec 1, 2018

Thanks for the tip, @rwinch, about the starter. Agreed that including the starter is simpler, especially since spring-security-oauth2-jose is effectively required right now, even though resource server lists it as an optional dependency.

Are you thinking that its okay to throw a ClassNotFoundException when a user uses spring-boot-starter-security and spring-security-oauth2-resource-server (instead of the starter you mentioned)? I think it's okay for now since resource server only supports JWT. But once resource server supports more than one token format, I think this exception would confuse users.

I re-titled the issue for clarity, but I think it's kind of gangly. Suggestions welcome.

@rwinch
Copy link
Member

rwinch commented Dec 3, 2018

It seems like that would be the case. Won't that naturally sort itself out or is this just to ensure we validate that?

@jzheaux
Copy link
Contributor Author

jzheaux commented Dec 5, 2018

This is just to ensure we validate that. Agreed that it should naturally sort itself out.

@edeandrea
Copy link
Contributor

The Spring Boot team is doing a check on their side as well (see spring-projects/spring-boot#15372).

@rwinch rwinch modified the milestones: 5.2.0.M1, 5.2.0.M2 Jan 16, 2019
@OrangeDog OrangeDog mentioned this issue Mar 20, 2019
Closed
@jgrandja jgrandja modified the milestones: 5.2.0.M2, 5.2.0.RC1 Apr 15, 2019
@eleftherias eleftherias modified the milestones: 5.2.0.M3, 5.2.0.RC1 Jun 14, 2019
@jzheaux jzheaux modified the milestones: 5.2.0.M4, 5.2.0.RC1 Aug 5, 2019
@jzheaux
Copy link
Contributor Author

jzheaux commented Sep 4, 2019

Confirmed by creating a project using the describing configuration and observing that it ran without error.

@jzheaux jzheaux closed this as completed Sep 4, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jzheaux jzheaux

Labels
in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: enhancement A general enhancement
Projects
None yet
Milestone
5.2.0.RC1
Development

No branches or pull requests
5 participants
@rwinch @edeandrea @jzheaux @eleftherias @jgrandja