search

spring-projects / spring-security

Spring Security
http://spring.io/projects/spring-security
Apache License 2.0
8.83k stars 5.9k forks source link

NoSuchMethodError: com.nimbusds.jose.Header.toJSONObject()Ljava/util/Map #9269

Closed mikolasz closed 3 years ago

mikolasz commented 3 years ago

Describe the bug When we trying to run our application the metadata load failed with 401 Unauthorized. In the log what we see is: "level":"ERROR","categories":[],"msg":"Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception [Filter execution threw an exception] with root cause","stacktrace":["java.lang.NoSuchMethodError: com.nimbusds.jose.Header.toJSONObject()Ljava/util/Map;","tat org.springframework.security.oauth2.jwt.NimbusJwtDecoder.createJwt(NimbusJwtDecoder.java:154)","tat org.springframework.security.oauth2.jwt.NimbusJwtDecoder.decode(NimbusJwtDecoder.java:136)",

In our project I upgrade to spring-boot-dependencies: 2.4.0

<spring.boot.version>2.4.0</spring.boot.version>

<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-dependencies</artifactId>
    <version>${spring.boot.version}</version>
    <type>pom</type>
    <scope>import</scope>
</dependency>

Now I got a newer nimbus: 9.1.2

\- com.sap.cloud.security.xsuaa:xsuaa-spring-boot-starter:jar:2.7.8:compile
[INFO] |     +- com.sap.cloud.security.xsuaa:spring-xsuaa:jar:2.7.8:compile
[INFO] |     |  +- org.apache.logging.log4j:log4j-to-slf4j:jar:2.13.3:compile
[INFO] |     |  |  \- org.apache.logging.log4j:log4j-api:jar:2.13.3:compile
[INFO] |     |  \- com.sap.cloud.security.xsuaa:api:jar:2.7.8:compile
[INFO] |     +- org.springframework.boot:spring-boot-starter-security:jar:2.4.0:compile
[INFO] |     |  +- org.springframework:spring-aop:jar:5.3.1:compile
[INFO] |     |  |  \- org.springframework:spring-beans:jar:5.3.1:compile
[INFO] |     |  +- org.springframework.security:spring-security-config:jar:5.4.1:compile
[INFO] |     |  \- org.springframework.security:spring-security-web:jar:5.4.1:compile
[INFO] |     |     \- org.springframework:spring-expression:jar:5.3.1:compile
[INFO] |     +- org.springframework.security:spring-security-oauth2-jose:jar:5.4.1:compile
[INFO] |     |  +- com.nimbusds:nimbus-jose-jwt:jar:9.1.2:compile
[INFO] |     |  |  \- com.github.stephenc.jcip:jcip-annotations:jar:1.0-1:compile
[INFO] |     |  +- org.springframework.security:spring-security-core:jar:5.4.1:compile
[INFO] |     |  \- org.springframework.security:spring-security-oauth2-core:jar:5.4.1:compile
[INFO] |     \- org.springframework.security:spring-security-oauth2-resource-server:jar:5.4.1:compile

I saw this incident: https://github.com/spring-projects/spring-security/issues/9120 where the com.nimbusds:nimbus-jose-jwt 9.0.1 solved the issue. Should I also use that version?

Best Regards, Laszlo

jzheaux commented 3 years ago

Thanks for the report, @mikolasz.

It seems like something else might be going on since that Nimbus method has been there since 9.0.

I'm not able to reproduce the issue with Spring Boot 2.4.0. Are you able to create a minimal sample of your application that does?

mikolasz commented 3 years ago

Hi Josh,

The problem is the same like https://github.com/SAP/cloud-security-xsuaa-integration/issues/413 Now we solved the issue with the proper version using.

I'm closing this incident.

Best regards, Laszlo