search

ch4mpy / spring-addons

Ease spring OAuth2 resource-servers configuration and testing
Apache License 2.0
521 stars 84 forks source link

Exception when using using graalvm-native with version 7.1.0 but works fine with 7.0.8 #144

Closed anand1st closed 1 year ago

anand1st commented 1 year ago

Firstly, big thanks for the great contribution to Oauth2 and spring!

I have used spring-addons-starter-oidc 7.0.8 and packaged it as a native image. Everything works perfectly fine. However with version 7.1.0, I'm getting the following error at runtime:

2023-08-17T03:28:16.072Z ERROR 1 --- [           main] o.s.boot.SpringApplication               : Application run failed

java.lang.IllegalArgumentException: Factory method 'rememberMeServicesCookieSerializerCustomizer' with parameter types [] declared on class org.springframework.boot.autoconfigure.session.SessionAutoConfiguration$ServletSessionConfiguration$RememberMeServicesConfiguration cannot be found
        at org.springframework.util.Assert.notNull(Assert.java:222) ~[co.entomo.ehp.Main:6.0.11]
        at org.springframework.beans.factory.aot.BeanInstanceSupplier$FactoryMethodLookup.get(BeanInstanceSupplier.java:450) ~[na:na]
        at org.springframework.beans.factory.aot.BeanInstanceSupplier.getFactoryMethod(BeanInstanceSupplier.java:225) ~[na:na]
        at org.springframework.beans.factory.support.RootBeanDefinition.setInstanceSupplier(RootBeanDefinition.java:447) ~[co.entomo.ehp.Main:6.0.11]
        at org.springframework.boot.autoconfigure.session.SessionAutoConfiguration__BeanDefinitions$ServletSessionConfiguration$RememberMeServicesConfiguration.getRememberMeServicesCookieSerializerCustomizerBeanDefinition(SessionAutoConfiguration__BeanDefinitions.java:97) ~[na:na]

I've tried using spring.aot.enabled to generate the native-image configurations but am unable to get this resolved. Any thoughts?

Thanks!

anand1st commented 1 year ago

Just checked. Adding spring-session-core to the project fixes this. Shouldn't this be made optional?

ch4mpy commented 1 year ago

First, yes AOP was introduced in 7.1, so yes, you need it, but it should be required only if you explicitly enable multi-tenancy on clients (allow users to be logged in with more than one issuer, which is not supported by default in Spring Security). .

Second, no spring-session shouldn't be required. It was used to try to support Back-Channel Logout on reactive clients with AOP. It should by no mean be mandatory. Will investigate arround it.

ch4mpy commented 1 year ago

I just released 7.1.2 with completely removed dependencies on spring-session.

Please confirm that your problem is gone (and kindly close this ticket).

anand1st commented 1 year ago

It worked. Thanks for the fix!