UPDATED FULL DESCRIPTION
Hello all again,
I am currently developing a demo prototype to secure a spring service through a Spring Gateway against a Keycloak. In a first step without any security implemented, I created the gateway and was able to redirect the traffic to the service but, unfortunately, as soon as I implemented the security it stopped working.
To my surprise, the gateway part seems to work fine and, after checking the keycloak dashboard,I can see that a client session had been created successfully (which means that my user/password is ok). I have also tested the user/password/client-secret against keycloak using Postman and it correctly returns the token. From my point of view, the gateway works fine.
The problem seems to come from the service part, which triggers the next error and is not even deployed:
middleware-tomcat-1 | 2023-06-19T15:21:51.291Z DEBUG 1 --- [ main] swordEncoderAuthenticationManagerBuilder : No authenticationProviders and no parentAuthenticationManager defined. Returning null.
middleware-tomcat-1 | 2023-06-19T15:21:51.432Z WARN 1 --- [ main] ConfigServletWebServerApplicationContext : Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'filterChain' defined in class path resource [com/webdemo/SecurityConfiguration.class]: Failed to instantiate [org.springframework.security.web.SecurityFilterChain]: Factory method 'filterChain' threw exception with message: org/springframework/security/oauth2/server/resource/web/authentication/BearerTokenAuthenticationFilter
middleware-tomcat-1 | 2023-06-19T15:21:51.433Z INFO 1 --- [ main] j.LocalContainerEntityManagerFactoryBean : Closing JPA EntityManagerFactory for persistence unit 'default'
middleware-tomcat-1 | 2023-06-19T15:21:51.435Z INFO 1 --- [ main] com.zaxxer.hikari.HikariDataSource : HikariPool-1 - Shutdown initiated...
middleware-tomcat-1 | 2023-06-19T15:21:51.450Z INFO 1 --- [ main] com.zaxxer.hikari.HikariDataSource : HikariPool-1 - Shutdown completed.
middleware-tomcat-1 | 2023-06-19T15:21:51.458Z INFO 1 --- [ main] .s.b.a.l.ConditionEvaluationReportLogger :
middleware-tomcat-1 |
middleware-tomcat-1 | Error starting ApplicationContext. To display the condition evaluation report re-run your application with 'debug' enabled.
middleware-tomcat-1 | 2023-06-19T15:21:51.482Z ERROR 1 --- [ main] o.s.boot.SpringApplication : Application run failed
middleware-tomcat-1 |
middleware-tomcat-1 | org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'filterChain' defined in class path resource [com/webdemo/SecurityConfiguration.class]: Failed to instantiate [org.springframework.security.web.SecurityFilterChain]: Factory method 'filterChain' threw exception with message: org/springframework/security/oauth2/server/resource/web/authentication/BearerTokenAuthenticationFilter
middleware-tomcat-1 | at org.springframework.beans.factory.support.ConstructorResolver.instantiate(ConstructorResolver.java:657) ~[spring-beans-6.0.7.jar:6.0.7]
middleware-tomcat-1 | at org.springframework.beans.factory.support.ConstructorResolver.instantiateUsingFactoryMethod(ConstructorResolver.java:645) ~[spring-beans-6.0.7.jar:6.0.7]
middleware-tomcat-1 | at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.instantiateUsingFactoryMethod(AbstractAutowireCapableBeanFactory.java:1332) ~[spring-beans-6.0.7.jar:6.0.7]
middleware-tomcat-1 | at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1162) ~[spring-beans-6.0.7.jar:6.0.7]
middleware-tomcat-1 | at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:560) ~[spring-beans-6.0.7.jar:6.0.7]
middleware-tomcat-1 | at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:520) ~[spring-beans-6.0.7.jar:6.0.7]
middleware-tomcat-1 | at org.springframework.beans.factory.support.AbstractBeanFactory.lambda$doGetBean$0(AbstractBeanFactory.java:326) ~[spring-beans-6.0.7.jar:6.0.7]
middleware-tomcat-1 | at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:234) ~[spring-beans-6.0.7.jar:6.0.7]
middleware-tomcat-1 | at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:324) ~[spring-beans-6.0.7.jar:6.0.7]
middleware-tomcat-1 | at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:200) ~[spring-beans-6.0.7.jar:6.0.7]
middleware-tomcat-1 | at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:973) ~[spring-beans-6.0.7.jar:6.0.7]
middleware-tomcat-1 | at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:917) ~[spring-context-6.0.7.jar:6.0.7]
middleware-tomcat-1 | at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:584) ~[spring-context-6.0.7.jar:6.0.7]
middleware-tomcat-1 | at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.refresh(ServletWebServerApplicationContext.java:146) ~[spring-boot-3.0.5.jar:3.0.5]
middleware-tomcat-1 | at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:732) ~[spring-boot-3.0.5.jar:3.0.5]
middleware-tomcat-1 | at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:434) ~[spring-boot-3.0.5.jar:3.0.5]
middleware-tomcat-1 | at org.springframework.boot.SpringApplication.run(SpringApplication.java:310) ~[spring-boot-3.0.5.jar:3.0.5]
middleware-tomcat-1 | at org.springframework.boot.web.servlet.support.SpringBootServletInitializer.run(SpringBootServletInitializer.java:174) ~[spring-boot-3.0.5.jar:3.0.5]
middleware-tomcat-1 | at org.springframework.boot.web.servlet.support.SpringBootServletInitializer.createRootApplicationContext(SpringBootServletInitializer.java:154) ~[spring-boot-3.0.5.jar:3.0.5]
middleware-tomcat-1 | at org.springframework.boot.web.servlet.support.SpringBootServletInitializer.onStartup(SpringBootServletInitializer.java:96) ~[spring-boot-3.0.5.jar:3.0.5]
middleware-tomcat-1 | at org.springframework.web.SpringServletContainerInitializer.onStartup(SpringServletContainerInitializer.java:171) ~[spring-web-6.0.7.jar:6.0.7]
middleware-tomcat-1 | at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:4875) ~[catalina.jar:10.1.7]
middleware-tomcat-1 | at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183) ~[catalina.jar:10.1.7]
middleware-tomcat-1 | at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:683) ~[catalina.jar:10.1.7]
middleware-tomcat-1 | at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:658) ~[catalina.jar:10.1.7]
middleware-tomcat-1 | at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:713) ~[catalina.jar:10.1.7]
middleware-tomcat-1 | at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:975) ~[catalina.jar:10.1.7]
middleware-tomcat-1 | at org.apache.catalina.startup.HostConfig$DeployWar.run(HostConfig.java:1949) ~[catalina.jar:10.1.7]
middleware-tomcat-1 | at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:539) ~[na:na]
middleware-tomcat-1 | at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264) ~[na:na]
middleware-tomcat-1 | at org.apache.tomcat.util.threads.InlineExecutorService.execute(InlineExecutorService.java:75) ~[tomcat-util.jar:10.1.7]
middleware-tomcat-1 | at java.base/java.util.concurrent.AbstractExecutorService.submit(AbstractExecutorService.java:123) ~[na:na]
middleware-tomcat-1 | at org.apache.catalina.startup.HostConfig.deployWARs(HostConfig.java:776) ~[catalina.jar:10.1.7]
middleware-tomcat-1 | at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:426) ~[catalina.jar:10.1.7]
middleware-tomcat-1 | at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1656) ~[catalina.jar:10.1.7]
middleware-tomcat-1 | at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:309) ~[catalina.jar:10.1.7]
middleware-tomcat-1 | at org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:123) ~[catalina.jar:10.1.7]
middleware-tomcat-1 | at org.apache.catalina.util.LifecycleBase.setStateInternal(LifecycleBase.java:423) ~[catalina.jar:10.1.7]
middleware-tomcat-1 | at org.apache.catalina.util.LifecycleBase.setState(LifecycleBase.java:366) ~[catalina.jar:10.1.7]
middleware-tomcat-1 | at org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:898) ~[catalina.jar:10.1.7]
middleware-tomcat-1 | at org.apache.catalina.core.StandardHost.startInternal(StandardHost.java:846) ~[catalina.jar:10.1.7]
middleware-tomcat-1 | at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183) ~[catalina.jar:10.1.7]
middleware-tomcat-1 | at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1332) ~[catalina.jar:10.1.7]
middleware-tomcat-1 | at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1322) ~[catalina.jar:10.1.7]
middleware-tomcat-1 | at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264) ~[na:na]
middleware-tomcat-1 | at org.apache.tomcat.util.threads.InlineExecutorService.execute(InlineExecutorService.java:75) ~[tomcat-util.jar:10.1.7]
middleware-tomcat-1 | at java.base/java.util.concurrent.AbstractExecutorService.submit(AbstractExecutorService.java:145) ~[na:na]
middleware-tomcat-1 | at org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:871) ~[catalina.jar:10.1.7]
middleware-tomcat-1 | at org.apache.catalina.core.StandardEngine.startInternal(StandardEngine.java:241) ~[catalina.jar:10.1.7]
middleware-tomcat-1 | at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183) ~[catalina.jar:10.1.7]
middleware-tomcat-1 | at org.apache.catalina.core.StandardService.startInternal(StandardService.java:428) ~[catalina.jar:10.1.7]
middleware-tomcat-1 | at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183) ~[catalina.jar:10.1.7]
middleware-tomcat-1 | at org.apache.catalina.core.StandardServer.startInternal(StandardServer.java:913) ~[catalina.jar:10.1.7]
middleware-tomcat-1 | at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183) ~[catalina.jar:10.1.7]
middleware-tomcat-1 | at org.apache.catalina.startup.Catalina.start(Catalina.java:795) ~[catalina.jar:10.1.7]
middleware-tomcat-1 | at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:na]
middleware-tomcat-1 | at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77) ~[na:na]
middleware-tomcat-1 | at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:na]
middleware-tomcat-1 | at java.base/java.lang.reflect.Method.invoke(Method.java:568) ~[na:na]
middleware-tomcat-1 | at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:347) ~[bootstrap.jar:10.1.7]
middleware-tomcat-1 | at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:478) ~[bootstrap.jar:10.1.7]
middleware-tomcat-1 | Caused by: org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.springframework.security.web.SecurityFilterChain]: Factory method 'filterChain' threw exception with message: org/springframework/security/oauth2/server/resource/web/authentication/BearerTokenAuthenticationFilter
middleware-tomcat-1 | at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:171) ~[spring-beans-6.0.7.jar:6.0.7]
middleware-tomcat-1 | at org.springframework.beans.factory.support.ConstructorResolver.instantiate(ConstructorResolver.java:653) ~[spring-beans-6.0.7.jar:6.0.7]
middleware-tomcat-1 | ... 60 common frames omitted
middleware-tomcat-1 | Caused by: java.lang.NoClassDefFoundError: org/springframework/security/oauth2/server/resource/web/authentication/BearerTokenAuthenticationFilter
middleware-tomcat-1 | at org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer.configure(OAuth2ResourceServerConfigurer.java:273) ~[spring-security-config-6.1.0.jar:6.1.0]
middleware-tomcat-1 | at org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer.configure(OAuth2ResourceServerConfigurer.java:147) ~[spring-security-config-6.1.0.jar:6.1.0]
middleware-tomcat-1 | at org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder.configure(AbstractConfiguredSecurityBuilder.java:349) ~[spring-security-config-6.1.0.jar:6.1.0]
middleware-tomcat-1 | at org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder.doBuild(AbstractConfiguredSecurityBuilder.java:303) ~[spring-security-config-6.1.0.jar:6.1.0]
middleware-tomcat-1 | at org.springframework.security.config.annotation.AbstractSecurityBuilder.build(AbstractSecurityBuilder.java:38) ~[spring-security-config-6.1.0.jar:6.1.0]
middleware-tomcat-1 | at com.webdemo.SecurityConfiguration.filterChain(SecurityConfiguration.java:21) ~[classes/:1.0]
middleware-tomcat-1 | at com.webdemo.SecurityConfiguration$$SpringCGLIB$$0.CGLIB$filterChain$0(<generated>) ~[classes/:1.0]
middleware-tomcat-1 | at com.webdemo.SecurityConfiguration$$SpringCGLIB$$2.invoke(<generated>) ~[classes/:1.0]
middleware-tomcat-1 | at org.springframework.cglib.proxy.MethodProxy.invokeSuper(MethodProxy.java:258) ~[spring-core-6.0.7.jar:6.0.7]
middleware-tomcat-1 | at org.springframework.context.annotation.ConfigurationClassEnhancer$BeanMethodInterceptor.intercept(ConfigurationClassEnhancer.java:331) ~[spring-context-6.0.7.jar:6.0.7]
middleware-tomcat-1 | at com.webdemo.SecurityConfiguration$$SpringCGLIB$$0.filterChain(<generated>) ~[classes/:1.0]
middleware-tomcat-1 | at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:na]
middleware-tomcat-1 | at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77) ~[na:na]
middleware-tomcat-1 | at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:na]
middleware-tomcat-1 | at java.base/java.lang.reflect.Method.invoke(Method.java:568) ~[na:na]
middleware-tomcat-1 | at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:139) ~[spring-beans-6.0.7.jar:6.0.7]
middleware-tomcat-1 | ... 61 common frames omitted
middleware-tomcat-1 | Caused by: java.lang.ClassNotFoundException: org.springframework.security.oauth2.server.resource.web.authentication.BearerTokenAuthenticationFilter
middleware-tomcat-1 | at org.apache.catalina.loader.WebappClassLoaderBase.loadClass(WebappClassLoaderBase.java:1437) ~[catalina.jar:10.1.7]
middleware-tomcat-1 | at org.apache.catalina.loader.WebappClassLoaderBase.loadClass(WebappClassLoaderBase.java:1245) ~[catalina.jar:10.1.7]
middleware-tomcat-1 | ... 77 common frames omitted
middleware-tomcat-1 |
middleware-tomcat-1 | 19-Jun-2023 15:21:51.488 SEVERE [main] org.apache.catalina.startup.HostConfig.deployWAR Error deploying web application archive [/usr/local/tomcat/webapps/webdemo-1.0.war]
middleware-tomcat-1 | java.lang.IllegalStateException: Error starting child
middleware-tomcat-1 | at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:686)
middleware-tomcat-1 | at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:658)
middleware-tomcat-1 | at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:713)
middleware-tomcat-1 | at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:975)
middleware-tomcat-1 | at org.apache.catalina.startup.HostConfig$DeployWar.run(HostConfig.java:1949)
middleware-tomcat-1 | at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:539)
middleware-tomcat-1 | at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
middleware-tomcat-1 | at org.apache.tomcat.util.threads.InlineExecutorService.execute(InlineExecutorService.java:75)
middleware-tomcat-1 | at java.base/java.util.concurrent.AbstractExecutorService.submit(AbstractExecutorService.java:123)
middleware-tomcat-1 | at org.apache.catalina.startup.HostConfig.deployWARs(HostConfig.java:776)
middleware-tomcat-1 | at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:426)
middleware-tomcat-1 | at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1656)
middleware-tomcat-1 | at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:309)
middleware-tomcat-1 | at org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:123)
middleware-tomcat-1 | at org.apache.catalina.util.LifecycleBase.setStateInternal(LifecycleBase.java:423)
middleware-tomcat-1 | at org.apache.catalina.util.LifecycleBase.setState(LifecycleBase.java:366)
middleware-tomcat-1 | at org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:898)
middleware-tomcat-1 | at org.apache.catalina.core.StandardHost.startInternal(StandardHost.java:846)
middleware-tomcat-1 | at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
middleware-tomcat-1 | at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1332)
middleware-tomcat-1 | at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1322)
middleware-tomcat-1 | at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
middleware-tomcat-1 | at org.apache.tomcat.util.threads.InlineExecutorService.execute(InlineExecutorService.java:75)
middleware-tomcat-1 | at java.base/java.util.concurrent.AbstractExecutorService.submit(AbstractExecutorService.java:145)
middleware-tomcat-1 | at org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:871)
middleware-tomcat-1 | at org.apache.catalina.core.StandardEngine.startInternal(StandardEngine.java:241)
middleware-tomcat-1 | at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
middleware-tomcat-1 | at org.apache.catalina.core.StandardService.startInternal(StandardService.java:428)
middleware-tomcat-1 | at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
middleware-tomcat-1 | at org.apache.catalina.core.StandardServer.startInternal(StandardServer.java:913)
middleware-tomcat-1 | at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
middleware-tomcat-1 | at org.apache.catalina.startup.Catalina.start(Catalina.java:795)
middleware-tomcat-1 | at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
middleware-tomcat-1 | at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
middleware-tomcat-1 | at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
middleware-tomcat-1 | at java.base/java.lang.reflect.Method.invoke(Method.java:568)
middleware-tomcat-1 | at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:347)
middleware-tomcat-1 | at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:478)
middleware-tomcat-1 | Caused by: org.apache.catalina.LifecycleException: Failed to start component [StandardEngine[Catalina].StandardHost[localhost].StandardContext[/webdemo-1.0]]
middleware-tomcat-1 | at org.apache.catalina.util.LifecycleBase.handleSubClassException(LifecycleBase.java:440)
middleware-tomcat-1 | at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:198)
middleware-tomcat-1 | at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:683)
middleware-tomcat-1 | ... 37 more
middleware-tomcat-1 | Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'filterChain' defined in class path resource [com/webdemo/SecurityConfiguration.class]: Failed to instantiate [org.springframework.security.web.SecurityFilterChain]: Factory method 'filterChain' threw exception with message: org/springframework/security/oauth2/server/resource/web/authentication/BearerTokenAuthenticationFilter
Following I paste the POM of the SERVICE:
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>3.0.5</version>
<relativePath/>
</parent>
<groupId>com.demoweb</groupId>
<artifactId>webdemo</artifactId>
<version>1.0</version>
<packaging>war</packaging>
<name>webdemo</name>
<description>Demo project</description>
<properties>
<java.version>17</java.version>
<spring-cloud.version>2022.0.3</spring-cloud.version>
<maven.test.skip>true</maven.test.skip>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-jpa</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-thymeleaf</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>com.mysql</groupId>
<artifactId>mysql-connector-j</artifactId>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-tomcat</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-oauth2-resource-server</artifactId>
<version>5.6.2</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-oauth2-jose</artifactId>
<version>5.6.2</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
<version>2.6.4</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>6.1.0</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>6.1.0</version>
</dependency>
</dependencies>
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-dependencies</artifactId>
<version>${spring-cloud.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-security</artifactId>
<scope>provided</scope>
</dependency>
</dependencies>
</dependencyManagement>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
</project>
This is the SERVICE securityconfiguration class that I have been able to gather from several updated sources including official spring documentation:
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.oauth2.jwt.JwtDecoder;
import org.springframework.security.oauth2.jwt.NimbusJwtDecoder;
import org.springframework.security.web.SecurityFilterChain;
@Configuration
public class SecurityConfiguration {
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http.authorizeHttpRequests((authorize) -> authorize.anyRequest().authenticated()).oauth2ResourceServer((oauth2ResourceServer) -> oauth2ResourceServer.jwt((jwt) -> jwt.decoder(jwtDecoder())));
return http.build();
}
@Bean
public JwtDecoder jwtDecoder() {
return NimbusJwtDecoder.withJwkSetUri("http://[KEYCLOAK_IP:PORT]/realms/my-realm/protocol/openid-connect/certs").build();
}
}
Next are the relevant properties from the SERVICE property file:
spring.security.oauth2.resourceserver.jwt.issuer-uri=http://[KEYCLOAK_IP:PORT]/realms/my-realm
Can someone help me? Thanks in advance!
As stated by ch4mp, I was trying to use spring-security 5 with spring-boot 3. As soon as a I removed all version from my POM it worked!