Dependency conflict with SAP CloudSDK for java

[dannykruitbosch]

We're trying to use SAP SpringBoot Starter XSUAA 2.7.8 together with the SAP CloudSDK for Java 3.32.0.

The CloudSDK depends on part of the xsuaa (java-api, java-security, tokenclient, java-security-test) version 2.7.8, but does not use spring-xsuaa. The CloudSDK also depends on Spring Security 5.4.1. When we add xsuaa-spring-boot-starter, our security integration tests break, and it seems to be due to the fact that xsuaa-spring-boot-starter depends on Spring Security 5.3.4.RELEASE.

We get errors saying: java.lang.NoSuchMethodError: 'java.util.Map com.nimbusds.jose.Header.toJSONObject()

We've not been able to resolve this issue. Can this be the cause of different dependencies? If so, any ideas on how to resolve these?

Thanks,

Danny

[liga-oz]

Hi @dannykruitbosch,

the dependency that is used in cloud-security-xsuaa-integration library is Spring Boot Dependencies » 2.3.4.RELEASE that contains transient dependency of Spring Security OAuth2 JOSE » 5.3.4.RELEASE. Even the latest version of Spring Boot Dependencies library 2.3.5.RELEASE is using only Spring Security OAuth2 JOSE » 5.3.5.RELEASE.

In your case, perhaps, if the higher version of Spring Security OAuth2 JOSE library is not required by your project, you could try to provide this dependency explicitly in your pom like this:

<dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-oauth2-jose</artifactId> <version>5.3.4.RELEASE</version> </dependency>

Kind Regards, Liga Ozolina

[MatKuhr]

Just putting this here for other people to see: https://stackoverflow.com/questions/64764311/dependency-conflicts-between-sap-cloud-sdk-and-sap-cloud-security-xsuaa-integrat

[liga-oz]

Closing the issue. If you require further assistance please reopen again.

[anshulsaxena-93]

<?xml version="1.0" encoding="UTF-8"?> <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">

4.0.0

<parent>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-parent</artifactId>
    <version>2.4.0-M3</version>
    <relativePath /> <!-- lookup parent from repository -->
</parent>

<properties>
    <maven-jar-plugin.version>3.1.1</maven-jar-plugin.version>
    <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
    <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
    <java.version>1.8</java.version>
    <cxf.version>3.3.5</cxf.version>
    <olingo.version>2.0.11</olingo.version>
    <olingo.commons>4.7.1-sap-01</olingo.commons>
    <io.guava.version>28.1-jre</io.guava.version>
    <org.json.version>20180813</org.json.version>
    <sap.cloud.security.version>2.7.7</sap.cloud.security.version>
</properties>

<dependencies>

    <!-- Web Module -->
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-web</artifactId>
    </dependency>

    <!-- JPA -->
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-data-jpa</artifactId>
    </dependency>

    <!-- Tomcat Server -->
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-tomcat</artifactId>
        <scope>provided</scope>
    </dependency>

    <!-- Olingo -->
    <dependency>
        <groupId>org.apache.cxf</groupId>
        <artifactId>cxf-rt-frontend-jaxrs</artifactId>
        <version>${cxf.version}</version>
    </dependency>
    <dependency>
        <groupId>org.apache.olingo</groupId>
        <artifactId>olingo-odata2-jpa-processor-api</artifactId>
        <version>${olingo.version}</version>
        <exclusions>
            <exclusion>
                <groupId>org.eclipse.persistence</groupId>
                <artifactId>javax.persistence</artifactId>
            </exclusion>
        </exclusions>
    </dependency>
    <dependency>
        <groupId>org.apache.olingo</groupId>
        <artifactId>olingo-odata2-jpa-processor-core</artifactId>
        <version>${olingo.version}</version>
        <exclusions>
            <exclusion>
                <groupId>org.eclipse.persistence</groupId>
                <artifactId>javax.persistence</artifactId>
            </exclusion>
            <exclusion>
                <groupId>javax.ws.rs</groupId>
                <artifactId>javax.ws.rs-api</artifactId>
            </exclusion>
        </exclusions>
    </dependency>
    <dependency>
        <groupId>org.apache.olingo</groupId>
        <artifactId>odata-commons-core</artifactId>
        <version>${olingo.commons}</version>
    </dependency>

    <!-- HANA & Cloud Connectors -->
    <dependency>
        <groupId>org.springframework.cloud</groupId>
        <artifactId>spring-cloud-cloudfoundry-connector</artifactId>
        <version>1.2.2.RELEASE</version>
        <scope>runtime</scope>
    </dependency>
    <dependency>
        <groupId>com.sap.hana.cloud</groupId>
        <artifactId>spring-cloud-cloudfoundry-hana-service-connector</artifactId>
        <version>1.0.4.RELEASE</version>
    </dependency>
    <dependency>
        <groupId>org.springframework.cloud</groupId>
        <artifactId>spring-cloud-spring-service-connector</artifactId>
        <version>1.2.2.RELEASE</version>
    </dependency>
    <dependency>
        <groupId>com.sap.cloud.db.jdbc</groupId>
        <artifactId>ngdbc</artifactId>
        <version>2.3.55</version>
    </dependency>

    <!-- SAP cloud security -->
    <dependency>
        <groupId>org.springframework.security</groupId>
        <artifactId>spring-security-oauth2-jose</artifactId>
        <version>5.3.4.RELEASE</version>
    </dependency>
    <dependency>
        <groupId>com.sap.cloud.security.xsuaa</groupId>
        <artifactId>xsuaa-spring-boot-starter</artifactId>
        <version>${sap.cloud.security.version}</version>
    </dependency>

    <!-- Email -->
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-mail</artifactId>
    </dependency>

    <dependency>
        <groupId>io.pivotal.cfenv</groupId>
        <artifactId>java-cfenv-boot</artifactId>
        <version>2.2.2.RELEASE</version>
    </dependency>

    <dependency>
        <groupId>org.projectlombok</groupId>
        <artifactId>lombok</artifactId>
    </dependency>

    <dependency>
        <groupId>com.google.guava</groupId>
        <artifactId>guava</artifactId>
        <version>${io.guava.version}</version>
    </dependency>

    <dependency>
        <groupId>com.jayway.jsonpath</groupId>
        <artifactId>json-path</artifactId>
    </dependency>

    <dependency>
        <groupId>org.json</groupId>
        <artifactId>json</artifactId>
        <version>${org.json.version}</version>
    </dependency>

    <!-- H2 Database -->
    <dependency>
        <groupId>com.h2database</groupId>
        <artifactId>h2</artifactId>
        <scope>runtime</scope>
    </dependency>

    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-test</artifactId>
        <scope>test</scope>
    </dependency>
</dependencies>

<profiles>
    <profile>
        <id>local</id>
        <properties>
            <activatedProperties>local</activatedProperties>
        </properties>
        <activation>
            <activeByDefault>true</activeByDefault>
        </activation>
    </profile>
    <profile>
        <id>cloud</id>
        <activation>
            <activeByDefault>false</activeByDefault>
        </activation>
        <properties>
            <activatedProperties>cloud</activatedProperties>
        </properties>
    </profile>
</profiles>

<build>
    <plugins>
        <plugin>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-maven-plugin</artifactId>
        </plugin>
    </plugins>
</build>

Hi @liga-oz

I am still facing the same issue even after downgrading spring security to 5.3.4.RELEASE.

Can you please help?