search

SAP / cloud-security-services-integration-library

Integration libraries and samples for authenticating users and clients bound to XSUAA authentication and authorization service or Identity authentication service.
Apache License 2.0
151 stars 135 forks source link

Class loading error while incorporating security library changes #405

Closed Kshitiz-Shailendra closed 4 years ago

Kshitiz-Shailendra commented 4 years ago

Hi Everyone,

We are trying to incorporate new spring-xsuaa library for our application. Right now we have incorporated most of the changes but we are facing problem for local jwt generation for our WebMVC unit test cases using spring MockMVC class. For our local jwt generation we are using spring-xsuaa-test library’s JwtGenerator method. We have made changes to the local VCAP_SERVICES variables according to migration guide here. While running unit test cases we are getting NimbusJwtDecoder NoClassDefFoundError. I have attached the stacktrace and pom.xml file.

Below is the sample code for jwtgeneration and using in unit class.

Local Jwtgeneration :

private String getStandardToken(String... scopes) { Map<String, Object> claims = new HashMap<String, Object>()
claims.put("client_id",CLIENT_ID); claims.put("exp", Integer.MAX_VALUE); claims.put("grant_type", "client_credentials"); claims.put("zid", IDENTITY_ZONE); jwtGenerator = new JwtGenerator(APP_CLIENT_ID); Jwt jwt = jwtGenerator.addScopes(scopes) .addCustomClaims(claims) .getToken(); return jwt.getTokenValue(); }

JwtUsage:

mockMvc.perform(put(DimensionControllerConstants.STANDARD_DIMENSIONS_DIMENSIONCODE_FULL_PATH, dimensionCode) .header(AUTHORIZATION, standardJWT).content(data).contentType(APPLICATION_JSON_UTF8) .accept(MediaType.APPLICATION_JSON)).andExpect(status().isCreated());

Attached files stacktrace_nimbus_classloadexception.txt pom.txt

Below is the console printout: MockHttpServletResponse: Status = 401 Error message = null Headers = [WWW-Authenticate:"Bearer error="invalid_token", error_description="Error initializing JWT decoder: Invalid JWT serialization: Missing dot delimiter(s)", error_uri="https://tools.ietf.org/html/rfc6750#section-3.1"", X-Content-Type-Options:"nosniff", X-XSS-Protection:"1; mode=block", Cache-Control:"no-cache, no-store, max-age=0, must-revalidate", Pragma:"no-cache", Expires:"0"] Content type = null Body = Forwarded URL = null Redirected URL = null Cookies = []

It will be great if some examples can be provided regarding jwt generation.

Thanks and regards, Kshitiz

nenaraab commented 4 years ago

Hi @Kshitiz-Shailendra

Thanks for the detailed issue! As of version 2.6.1 we expect Spring Boot >= 2.2.

When I analyzed your Pom.xml right you make use of spring Boot version 2.1. An upgrade should solve your NimbusJwtDecoder NoClassDefFoundError.

Finally run mvn dependency:tree to check all referenced dependencies, also the transient ones.

Best regards, Nena

nenaraab commented 4 years ago

BTW: Furthermore the suggested client lib for testing is java-security-test as documented here: https://github.com/SAP/cloud-security-xsuaa-integration/blob/master/spring-xsuaa/Migration_JavaContainerSecurityProjects.md#testing

Kshitiz-Shailendra commented 4 years ago

Hi Nena,

Thanks for your support. I have updated the POM with latest spring and spring-boot as well as corresponding project phosphor version and the NimBusJwtDecoder error is gone. I will close the issue.

Thanks and regards, Kshitiz