search

apache / shiro

Apache Shiro
https://shiro.apache.org/
Apache License 2.0
4.32k stars 2.31k forks source link

[Bug] Blocking wrong javax imports in Jakarta OSGi bundles #1445

Closed marcanpilami closed 5 months ago

marcanpilami commented 6 months ago

Search before asking

Environment

OSGi R8 Felix environment.

Shiro version

Version 2.0.0 of shiro-web, jakarta classifier.

What was the actual outcome?

Inside its manifest, shiro-web with jakarta classifier (as documented in https://shiro.apache.org/jakarta-ee.html) imports old javax.servlet packages instead of the newer jakarta ones.

As a result, we need to install old javax bundles just to start the shiro-web bundle, and in the end we get a very logical exception java.lang.ClassNotFoundException: jakarta.servlet.ServletContextListener not found by org.apache.shiro.web

This is logical since the code refers to jakarta.* packages, but as the manifest says to import javax.* instead jakarta packages are not seen (and we have the old packages present, but that is a lesser evil - the main issue here is that we fail).

This seems to be due to the way the shiro jakarta packages are created by using shading - the manifest does not seem to be re-written at the time. I may be wrong.

What was the expected outcome?

shiro-web bundle should start.

How to reproduce

Just try to start the bundle in any OSGi R8 container like Karaf.

Debug logs

org.osgi.framework.ServiceException: Service factory exception: jakarta/servlet/ServletContextListener
        at org.apache.felix.framework.ServiceRegistrationImpl.getFactoryUnchecked(ServiceRegistrationImpl.java:354)
        at org.apache.felix.framework.ServiceRegistrationImpl.getService(ServiceRegistrationImpl.java:249)
        at org.apache.felix.framework.ServiceRegistry.getService(ServiceRegistry.java:362)
        at org.apache.felix.framework.Felix.getService(Felix.java:3984)
        at org.apache.felix.framework.BundleContextImpl$ServiceObjectsImpl.getService(BundleContextImpl.java:554)
        at org.apache.felix.http.base.internal.util.ServiceUtils.safeGetServiceObjects(ServiceUtils.java:65)
        at org.apache.felix.http.base.internal.runtime.AbstractInfo.getService(AbstractInfo.java:253)
        at org.apache.felix.http.base.internal.handler.ListenerHandler.init(ListenerHandler.java:118)
        at org.apache.felix.http.base.internal.registry.EventListenerRegistry.addListeners(EventListenerRegistry.java:95)
        at org.apache.felix.http.base.internal.registry.PerContextHandlerRegistry.registerListeners(PerContextHandlerRegistry.java:257)
        at org.apache.felix.http.base.internal.whiteboard.WhiteboardManager.registerWhiteboardService(WhiteboardManager.java:768)
        at org.apache.felix.http.base.internal.whiteboard.WhiteboardManager.activate(WhiteboardManager.java:272)
        at org.apache.felix.http.base.internal.whiteboard.WhiteboardManager.addContextHelper(WhiteboardManager.java:365)
        at org.apache.felix.http.base.internal.whiteboard.tracker.JavaxServletContextHelperTracker.added(JavaxServletContextHelperTracker.java:108)
        at org.apache.felix.http.base.internal.whiteboard.tracker.JavaxServletContextHelperTracker.addingService(JavaxServletContextHelperTracker.java:82)
        at org.apache.felix.http.base.internal.whiteboard.tracker.JavaxServletContextHelperTracker.addingService(JavaxServletContextHelperTracker.java:38)
        at org.osgi.util.tracker.ServiceTracker$Tracked.customizerAdding(ServiceTracker.java:944)
        at org.osgi.util.tracker.ServiceTracker$Tracked.customizerAdding(ServiceTracker.java:872)
        at org.osgi.util.tracker.AbstractTracked.trackAdding(AbstractTracked.java:256)
        at org.osgi.util.tracker.AbstractTracked.trackInitial(AbstractTracked.java:183)
        at org.osgi.util.tracker.ServiceTracker.open(ServiceTracker.java:322)
        at org.osgi.util.tracker.ServiceTracker.open(ServiceTracker.java:265)
        at org.apache.felix.http.base.internal.whiteboard.WhiteboardManager.addTracker(WhiteboardManager.java:187)
        at org.apache.felix.http.base.internal.whiteboard.WhiteboardManager.start(WhiteboardManager.java:172)
        at org.apache.felix.http.base.internal.HttpServiceController.register(HttpServiceController.java:136)
        at org.apache.felix.http.jetty.internal.JettyService.initializeJetty(JettyService.java:360)
        at org.apache.felix.http.jetty.internal.JettyService.startJetty(JettyService.java:174)
        at org.apache.felix.http.jetty.internal.JettyService.updated(JettyService.java:166)
        at org.apache.felix.http.jetty.internal.JettyManagedService.updated(JettyManagedService.java:38)
        at org.apache.felix.cm.impl.helper.ManagedServiceTracker.updated(ManagedServiceTracker.java:189)
        at org.apache.felix.cm.impl.helper.ManagedServiceTracker.updateService(ManagedServiceTracker.java:152)
        at org.apache.felix.cm.impl.helper.ManagedServiceTracker.provideConfiguration(ManagedServiceTracker.java:85)
        at org.apache.felix.cm.impl.ConfigurationManager$UpdateConfiguration.run(ConfigurationManager.java:1418)
        at org.apache.felix.cm.impl.UpdateThread.run0(UpdateThread.java:122)
        at org.apache.felix.cm.impl.UpdateThread.run(UpdateThread.java:84)
        at java.base/java.lang.Thread.run(Thread.java:1583)
Caused by: java.lang.NoClassDefFoundError: jakarta/servlet/ServletContextListener
        at java.base/java.lang.ClassLoader.defineClass1(Native Method)
        at java.base/java.lang.ClassLoader.defineClass(ClassLoader.java:1027)
        at org.apache.felix.framework.BundleWiringImpl$BundleClassLoader.defineClass(BundleWiringImpl.java:2338)
        at org.apache.felix.framework.BundleWiringImpl$BundleClassLoader.defineClassParallel(BundleWiringImpl.java:2156)
        at org.apache.felix.framework.BundleWiringImpl$BundleClassLoader.findClass(BundleWiringImpl.java:2090)
        at org.apache.felix.framework.BundleWiringImpl.findClassOrResourceByDelegation(BundleWiringImpl.java:1556)
        at org.apache.felix.framework.BundleWiringImpl.access$300(BundleWiringImpl.java:79)
        at org.apache.felix.framework.BundleWiringImpl$BundleClassLoader.loadClass(BundleWiringImpl.java:1976)
        at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:526)
        at org.apache.felix.framework.BundleWiringImpl.getClassByDelegation(BundleWiringImpl.java:1358)
        at org.apache.felix.framework.BundleWiringImpl.searchImports(BundleWiringImpl.java:1612)
        at org.apache.felix.framework.BundleWiringImpl.findClassOrResourceByDelegation(BundleWiringImpl.java:1528)
        at org.apache.felix.framework.BundleWiringImpl.access$300(BundleWiringImpl.java:79)
        at org.apache.felix.framework.BundleWiringImpl$BundleClassLoader.loadClass(BundleWiringImpl.java:1976)
        at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:526)
        at java.base/java.lang.ClassLoader.defineClass1(Native Method)
        at java.base/java.lang.ClassLoader.defineClass(ClassLoader.java:1027)
        at org.apache.felix.framework.BundleWiringImpl$BundleClassLoader.defineClass(BundleWiringImpl.java:2338)
        at org.apache.felix.framework.BundleWiringImpl$BundleClassLoader.defineClassParallel(BundleWiringImpl.java:2156)
        at org.apache.felix.framework.BundleWiringImpl$BundleClassLoader.findClass(BundleWiringImpl.java:2090)
        at org.apache.felix.framework.BundleWiringImpl.findClassOrResourceByDelegation(BundleWiringImpl.java:1556)
        at org.apache.felix.framework.BundleWiringImpl.access$300(BundleWiringImpl.java:79)
        at org.apache.felix.framework.BundleWiringImpl$BundleClassLoader.loadClass(BundleWiringImpl.java:1976)
        at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:526)
        at org.apache.felix.framework.Felix.loadBundleClass(Felix.java:2116)
        at org.apache.felix.framework.BundleImpl.loadClass(BundleImpl.java:986)
        at org.apache.felix.scr.impl.manager.AbstractComponentManager.initDependencyManagers(AbstractComponentManager.java:1027)
        at org.apache.felix.scr.impl.manager.AbstractComponentManager.collectDependencies(AbstractComponentManager.java:1057)
        at org.apache.felix.scr.impl.manager.SingleComponentManager.getServiceInternal(SingleComponentManager.java:955)
        at org.apache.felix.scr.impl.manager.SingleComponentManager.getService(SingleComponentManager.java:920)
        at org.apache.felix.framework.ServiceRegistrationImpl.getFactoryUnchecked(ServiceRegistrationImpl.java:349)
        ... 35 common frames omitted
Caused by: java.lang.ClassNotFoundException: jakarta.servlet.ServletContextListener not found by org.apache.shiro.web [106]
        at org.apache.felix.framework.BundleWiringImpl.findClassOrResourceByDelegation(BundleWiringImpl.java:1591)
        at org.apache.felix.framework.BundleWiringImpl.access$300(BundleWiringImpl.java:79)
        at org.apache.felix.framework.BundleWiringImpl$BundleClassLoader.loadClass(BundleWiringImpl.java:1976)
        at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:526)
        ... 66 common frames omitted

Manifest of the bundle :

Manifest-Version: 1.0
Automatic-Module-Name: org.apache.shiro.web
Build-Jdk-Spec: 21
Bundle-Description: Apache Shiro is a powerful and flexible open-sourc
 e security framework that cleanly handles        authentication, auth
 orization, enterprise session management, single sign-on and cryptogr
 aphy services.
Bundle-DocURL: https://www.apache.org/
Bundle-License: https://www.apache.org/licenses/LICENSE-2.0.txt
Bundle-ManifestVersion: 2
Bundle-Name: Apache Shiro :: Web
Bundle-SymbolicName: org.apache.shiro.web
Bundle-Vendor: The Apache Software Foundation
Bundle-Version: 2.0.0
Created-By: Apache Maven Bundle Plugin 5.1.9
Export-Package: org.apache.shiro.web;version="2.0.0",org.apache.shiro.
 web.config;version="2.0.0";uses:="javax.servlet,org.apache.shiro.conf
 ig,org.apache.shiro.ini,org.apache.shiro.mgt,org.apache.shiro.web.fil
 ter.mgt",org.apache.shiro.web.env;version="2.0.0";uses:="javax.servle
 t,org.apache.shiro.config,org.apache.shiro.env,org.apache.shiro.lang.
 util,org.apache.shiro.mgt,org.apache.shiro.web.config,org.apache.shir
 o.web.filter.mgt,org.apache.shiro.web.mgt",org.apache.shiro.web.filte
 r;version="2.0.0";uses:="javax.servlet,org.apache.shiro.subject,org.a
 pache.shiro.util,org.apache.shiro.web.servlet",org.apache.shiro.web.f
 ilter.authc;version="2.0.0";uses:="javax.servlet,org.apache.shiro.aut
 hc,org.apache.shiro.subject,org.apache.shiro.web.filter,org.apache.sh
 iro.web.servlet",org.apache.shiro.web.filter.authz;version="2.0.0";us
 es:="javax.servlet,javax.servlet.http,org.apache.shiro.web.filter",or
 g.apache.shiro.web.filter.mgt;version="2.0.0";uses:="javax.servlet,or
 g.apache.shiro.config,org.apache.shiro.util",org.apache.shiro.web.fil
 ter.session;version="2.0.0";uses:="javax.servlet,org.apache.shiro.web
 .filter",org.apache.shiro.web.mgt;version="2.0.0";uses:="javax.servle
 t,org.apache.shiro.mgt,org.apache.shiro.realm,org.apache.shiro.sessio
 n,org.apache.shiro.session.mgt,org.apache.shiro.subject,org.apache.sh
 iro.web.servlet",org.apache.shiro.web.servlet;version="2.0.0";uses:="
 javax.servlet,javax.servlet.http,org.apache.shiro.config,org.apache.s
 hiro.lang.util,org.apache.shiro.session,org.apache.shiro.subject,org.
 apache.shiro.web.config,org.apache.shiro.web.filter.mgt,org.apache.sh
 iro.web.mgt,org.apache.shiro.web.subject",org.apache.shiro.web.sessio
 n;version="2.0.0";uses:="javax.servlet.http,org.apache.shiro.session"
 ,org.apache.shiro.web.session.mgt;version="2.0.0";uses:="javax.servle
 t,javax.servlet.http,org.apache.shiro.authz,org.apache.shiro.session,
 org.apache.shiro.session.mgt,org.apache.shiro.web.servlet,org.apache.
 shiro.web.util",org.apache.shiro.web.subject;version="2.0.0";uses:="j
 avax.servlet,org.apache.shiro.mgt,org.apache.shiro.subject,org.apache
 .shiro.web.util",org.apache.shiro.web.subject.support;version="2.0.0"
 ;uses:="javax.servlet,org.apache.shiro.mgt,org.apache.shiro.session,o
 rg.apache.shiro.session.mgt,org.apache.shiro.subject,org.apache.shiro
 .subject.support,org.apache.shiro.web.subject",org.apache.shiro.web.t
 ags;version="2.0.0";uses:="javax.servlet.jsp,javax.servlet.jsp.tagext
 ,org.apache.shiro.subject",org.apache.shiro.web.util;version="2.0.0";
 uses:="javax.servlet,javax.servlet.http,org.apache.shiro.web.env"
Implementation-Title: Apache Shiro :: Web
Implementation-Vendor: The Apache Software Foundation
Implementation-Version: 2.0.0
Import-Package: org.apache.shiro;version="[2,3)",org.apache.shiro.auth
 c;version="[2,3)",org.apache.shiro.authz;version="[2,3)",org.apache.s
 hiro.config;version="[2,3)",org.apache.shiro.config.ogdl;version="[2,
 3)",org.apache.shiro.env;version="[2,3)",org.apache.shiro.ini;version
 ="[2,3)",org.apache.shiro.lang.codec;version="[2,3)",org.apache.shiro
 .lang.io;version="[2,3)",org.apache.shiro.lang.util;version="[2,3)",o
 rg.apache.shiro.mgt;version="[2,3)",org.apache.shiro.realm;version="[
 2,3)",org.apache.shiro.session;version="[2,3)",org.apache.shiro.sessi
 on.mgt;version="[2,3)",org.apache.shiro.subject;version="[2,3)",org.a
 pache.shiro.subject.support;version="[2,3)",org.apache.shiro.util;ver
 sion="[2,3)",org.apache.shiro.web.config;version="[2,3)",org.apache.s
 hiro.web.env;version="[2,3)",org.apache.shiro.web.filter;version="[2,
 3)",org.apache.shiro.web.filter.authc;version="[2,3)",org.apache.shir
 o.web.filter.authz;version="[2,3)",org.apache.shiro.web.filter.mgt;ve
 rsion="[2,3)",org.apache.shiro.web.filter.session;version="[2,3)",org
 .apache.shiro.web.mgt;version="[2,3)",org.apache.shiro.web.servlet;ve
 rsion="[2,3)",org.apache.shiro.web.session;version="[2,3)",org.apache
 .shiro.web.session.mgt;version="[2,3)",org.apache.shiro.web.subject;v
 ersion="[2,3)",org.apache.shiro.web.subject.support;version="[2,3)",o
 rg.apache.shiro.web.util;version="[2,3)",javax.servlet.jsp;resolution
 :=optional,javax.servlet.jsp.tagext;resolution:=optional,java.beans,j
 ava.io,java.lang,java.lang.invoke,java.lang.reflect,java.net,java.sec
 urity,java.text,java.util,java.util.concurrent,java.util.function,jav
 a.util.regex,java.util.stream,javax.servlet;version="[4.0,5)",javax.s
 ervlet.http;version="[4.0,5)",org.owasp.encoder;version="[1.2,2)",org
 .slf4j;version="[2.0,3)"
Include-Resource: META-INF/shiro.tld=src/main/resources/META-INF/shiro
 .tld,META-INF/DEPENDENCIES=target/maven-shared-archive-resources/META
 -INF/DEPENDENCIES,META-INF/LICENSE=target/maven-shared-archive-resour
 ces/META-INF/LICENSE,META-INF/NOTICE=target/maven-shared-archive-reso
 urces/META-INF/NOTICE
Private-Package: org.apache.shiro.web.config,org.apache.shiro.web.env,
 org.apache.shiro.web.filter,org.apache.shiro.web.filter.authc,org.apa
 che.shiro.web.filter.authz,org.apache.shiro.web.filter.mgt,org.apache
 .shiro.web.filter.session,org.apache.shiro.web.mgt,org.apache.shiro.w
 eb,org.apache.shiro.web.servlet,org.apache.shiro.web.session,org.apac
 he.shiro.web.session.mgt,org.apache.shiro.web.subject,org.apache.shir
 o.web.subject.support,org.apache.shiro.web.tags,org.apache.shiro.web.
 util
Require-Capability: osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=11))"
Specification-Title: Apache Shiro :: Web
Specification-Vendor: The Apache Software Foundation
Specification-Version: 2.0
Tool: Bnd-6.3.1.202206071316
lprimak commented 5 months ago

Thank you for your report. This will be fixed in Shiro 2.0.1 Duplicate of #1324

marcanpilami commented 5 months ago

Sorry for missing the duplicate (did not search in closed tickets I'm afraid), and thank you very much for all your work!