spring-bootoauth-2.0azure-active-directoryspring-security-oauth2
NoSuchMethodError after successful Login at Microsoft Azure Active Directory and while redirecting to Spring Boot application
I am trying to integrate Spring Boot with azure active directory for authentication. SpringBoot application started successfully and it is redirecting to Azure AD login page and login also successful but while redirecting to my spring boot application getting below error and flow stopping at Microsoft login page as attached.
I am not sure if it is due to jar conflicts or configuration issue. Could someone guide me in right path to resolve this issue please.
I am using below dependencies:
spring-boot-starter-parent - 2.5.0
azure-spring-boot-starter-active-directory - 3.5.0
spring-security-oauth2-client-5.5.0.jar
2021-11-18 13:42:53.308 ERROR 10380 --- [nio-8586-exec-5] o.a.c.c.C.[.[.[.[dispatcherServlet] : Servlet.service() for servlet [dispatcherServlet] in context with path [/supervisor] threw exception [Filter execution threw an exception] with root cause
java.lang.NoSuchMethodError: org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequestEntityConverter.convert(Lorg/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationCodeGrantRequest;)Lorg/springframework/http/RequestEntity;
at com.azure.spring.common.AbstractOAuth2AuthorizationCodeGrantRequestEntityConverter.convert(AbstractOAuth2AuthorizationCodeGrantRequestEntityConverter.java:30)
at com.azure.spring.aad.webapp.AADOAuth2AuthorizationCodeGrantRequestEntityConverter.convert(AADOAuth2AuthorizationCodeGrantRequestEntityConverter.java:29)
at com.azure.spring.aad.webapp.AADOAuth2AuthorizationCodeGrantRequestEntityConverter.convert(AADOAuth2AuthorizationCodeGrantRequestEntityConverter.java:16)
at org.springframework.security.oauth2.client.endpoint.DefaultAuthorizationCodeTokenResponseClient.getTokenResponse(DefaultAuthorizationCodeTokenResponseClient.java:77)
at org.springframework.security.oauth2.client.endpoint.DefaultAuthorizationCodeTokenResponseClient.getTokenResponse(DefaultAuthorizationCodeTokenResponseClient.java:57)
at org.springframework.security.oauth2.client.oidc.authentication.OidcAuthorizationCodeAuthenticationProvider.getResponse(OidcAuthorizationCodeAuthenticationProvider.java:170)
at org.springframework.security.oauth2.client.oidc.authentication.OidcAuthorizationCodeAuthenticationProvider.authenticate(OidcAuthorizationCodeAuthenticationProvider.java:144)
at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:182)
at org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter.attemptAuthentication(OAuth2LoginAuthenticationFilter.java:192)
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:222)
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:212)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
at com.azure.spring.aad.webapp.AADHandleConditionalAccessFilter.doFilterInternal(AADHandleConditionalAccessFilter.java:41)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
at org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter.doFilterInternal(OAuth2AuthorizationRequestRedirectFilter.java:178)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:103)
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:89)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
at org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:117)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
at org.springframework.security.web.header.HeaderWriterFilter.doHeadersAfter(HeaderWriterFilter.java:90)
at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:75)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:110)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:80)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:55)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:211)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:183)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:358)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:271)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:542)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:143)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:357)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:374)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:893)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1707)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:748)
Solution
The issue java.lang.NoSuchMethodError majorly occurs due to version conflicts of dependencies ,as few methods or libraries in some cases maynot be compatible or maynot be present.
And this can be worked around by upgrading the dependent versions or even by downgrading them when required .Sometimes, even by removing the dependencies which are not necessary in some use cases.
The issue was resolved by downgrading the spring-boot-starter-parent version to 2.4.12 as spring-security-oauth2-client-5.5.0.jar doesn't have OAuth2AuthorizationCodeGrantRequestEntityConverter.convert method having transitive dependency for spring-boot-starter-parent as updated by @IamVenkatReddy.
Please note that ,if any issues occur or when suspected attacks seems to be likely ,it is recommended to use Spring Boot Starter for Azure Active Directory version greater than 3.6.1 as Spring Security versions ex:5.5.x prior to 5.5.1 are susceptible for Denial of service attacks
Reference Note in spring boot starter for azure-active-directory developer-guide | Microsoft docs
- Why does adding @JsonIgnoreProperties(ignoreUnknown = true) resolve UnrecognizedPropertyException when mapping DTO to Entity using ObjectMapper?
- Vulnerabilities in spring-webmvc-5.3.39 to 5.3.40
- Swagger declaration schema = @Schema(implementation = Map.class) represents Schema as String in swagger-ui
- Overriding beans in Integration tests
- How to track progress and speed of DataBufferUtils.write()?
- Kubernetes Authentication no re-create token
- Spring transaction rolled back on RuntimeException
- Artemis Auto configuration problem when using corda-rpc with Spring boot
- How to test main class of Spring-boot application
- Spring Boot ignores dashes in property names in YML files
- How to set up liquibase in Spring for multiple data sources?
- Cannot authenticate SAML because response not have signature block in it
- Thymeleaf syntax for the form action
- Accepting FHIR Resource 'Patient' as a RequestBody in spring boot
- Spring Boot projects storing data in memory options
- Maven and Spring Boot - non resolvable parent pom - repo.spring.io (Unknown host)
- How can i enable kafka metrics in Kafka streams spring boot app
- Properties are not passed to docker-compose
- If condition based on Activeprofile
- save(...) must not be null in spring boot tests with Kotlin
- Load Multiple CSV files into database using Spring Batch
- Integrate k8s secret live reload with spring-boot 3 and spring-cloud-k8s-config-watcher
- Spring Actuator /info returns an empty body
- IntelliJ fails to start Spring Boot/Gradle application when using Spring Boot developer tools
- Java Specific webclient connect timeout per request
- Spring Boot i18n resolution
- How to configure Azure Application Insight for a Java Spring Boot in a Pod in Azure AKS
- Publishing Spring Batch metrics using Micrometer
- @JsonRootName not working with @RequestBody
- Possible to access HealthIndicator methods as endpoints?