KeyVault secret jar failing due to 2.4.3 Jackson jar - java.lang.IllegalAccessError: tried to access method com.fasterxml.jackson.databind.ser.std.StdSerializer

[abhikt48]

key vault jar uses 2.10.0 jackson dependency, but we need to use Jackson 2.4.3 dependency. The application is failing due to cross dependency issue. We can't upgrade the version due to big infrastructure changes.

Exception or Stack Trace Please find attached Error_Test.txt

To Reproduce

1. Use below dependencies in project

   com.azure azure-security-keyvault-secrets 4.0.1

   <dependency>
       <groupId>com.azure</groupId>
       <artifactId>azure-identity</artifactId>
       <version>1.0.1</version>
   </dependency>
          <dependency>
       <groupId>com.fasterxml.jackson.core</groupId>
       <artifactId>jackson-annotations</artifactId>
       <version>2.4.0</version>
   </dependency>
   <dependency>
       <groupId>com.fasterxml.jackson.core</groupId>
       <artifactId>jackson-core</artifactId>
       <version>2.4.3</version>
   </dependency>
   <dependency>
       <groupId>com.fasterxml.jackson.core</groupId>
       <artifactId>jackson-databind</artifactId>
       <version>2.4.3</version>
   </dependency>

2. Get Secret - you will start getting error java.lang.IllegalAccessError: tried to access method com.fasterxml.jackson.databind.ser.std.StdSerializer

Code Snippet `ClientSecretCredential clientSecretCredential = new ClientSecretCredentialBuilder() .clientId(CLIENT_ID) .clientSecret(CLIENT_SECRET) .tenantId(TENANT_ID) .build(); SecretClient secretClient = new SecretClientBuilder() .vaultUrl(KEY_VAULT_URL) .credential(clientSecretCredential) .buildClient();

     KeyVaultSecret keyVaultSecret = secretClient.getSecret("test");
     System.out.println("** keyVaultSecret value **" + keyVaultSecret.getValue());`

Expected behavior Application should run and provide secret value.

Setup (please complete the following information):

• OS: Windons 10
• IDE : Anypoint Studio
• Version of the Library used - 4.0.1 Error_Test.txt

[joshfree]

@g2vinay PTAL

[g2vinay]

Looping in @anuchandy.

[anuchandy]

@abhikt48, unfortunately thedependency conflict is a problem with very limited options to solve it. One option is pin to a specific version in the application, in your case you cannot override Jackson version to 2.10.0 in your application. The only other option I'm aware of is - Shade azure-security-keyvault-secrets and it dependencies with Jackson 2.10.0 dependencies Relocated.

If you download the following app and run mvn package, it should produce a file with name keyvaultshadedlib-1.0-SNAPSHOT-shaded.jar in target dir

simple-app.zip

then your app should be able to take dependency on this produced jar. Its not clean but something we can try.

[abhikt48]

@anuchandy - Thanks a lot for providing backup option. I tried with suggested option, but it is not working as expected with Mule application. It is working fine only with maven based application but not with mule-maven.

There could be two reasons -

1. Some mule defined libraries/classes loaded before application lib/classes. So old jackson classes are already in memory before starting any application.
2. com.azure.core.util.serializer.JacksonAdapter class is part of both libraries "azure-core-1.0.1" and "azure-security-keyvault-secrets-4.0.1". Which is getting trigger by IdentityClient class.
   Some classes are available in different libraries that could be a reason for not working with shaded library.

I replaced below 3 jars at Mule server for testing and it is working fine as expected. In real scenario - we can't replace in production. So we can't use it.

1. jackson-annotations-2.4.0 replaced with jackson-annotations-2.10.0
2. jackson-core-2.4.3 replaced with jackson-core-2.10.0 3 jackson-databind-2.4.3 replaced with jackson-databind-2.10.0

Please find attached ErrorTrace_AKV.txt.

Is it possible for you guyz to provide timeline to fix this issue, so we can plan accordingly. ? ErrorTrace_AKV.txt

[anuchandy]

@abhikt48 thanks for trying it out and sharing your insight!.

The sample app I shared shade only azure-security-keyvault-secrets + it's dependencies (including azure-core) and relocate Jackson 2.10.0 references from classes in the shaded jar. I guess in your app - along with keyvaultshadedlib-1.0-SNAPSHOT-shaded.jar, there is an explicit reference to "com.azure:azure-identity:1.0.1" which result in pulling "azure-core" (and dependencies including Jackson 2.10.0), now the Jackson conflict is back via "azure-core" in class path. This is what I understood from the 2nd point you mentioned.

I think we should include "com.azure:azure-identity:1.0.1" as well in the shaded-jar and make sure your app is not explicitly referring any other azure libs that has transitive dependency on Jackson 2.10.0.

[abhikt48]

@anuchandy - Thanks for information. Yes it is working fine after including "azure-identity" in shaded library. Temperory this issue gone. However i will look forward for permanent fixes. Please let us know once fixes are available.

[anuchandy]

@abhikt48 thanks for trying out and happy to know you were able to deploy the app.

This dependency issue is a common problem in hosted environments (Azure Data Bricks/Functions, Google Cloud Apache Spark, Mule etc..) due to env injecting conflicting libs in the class path. Shading is the only option here. Below given some of the official references on Shading from Cloud providers:

1. https://github.com/Azure/azure-sdk-for-java/wiki/Frequently-Asked-Questions#application-dependencies-adb
2. https://cloud.google.com/blog/products/data-analytics/managing-java-dependencies-apache-spark-applications-cloud-dataproc

[joshfree]

Thanks again for raising this issue @abhikt48 and thanks @g2vinay and @anuchandy for following up with helpful details on dependency conflicts as well as how to resolve them in hosted environments with jar shading.

I'm closing this issue as it is resolved and there's been no further discussion for 2 weeks. @abhikt48 please feel free to reactivate if I've missed anything.

Thanks again.