search

wso2 / product-is

Welcome to the WSO2 Identity Server source code! For info on working with the WSO2 Identity Server repository and contributing code, click the link below.
http://wso2.github.io/
Apache License 2.0
746 stars 724 forks source link

“NoSuchMethodErrors” due to multiple versions of commons-codec:commons-codec:jar #9128

Open Bing-ok opened 4 years ago

Bing-ok commented 4 years ago

Issue description

Hi, there are multiple versions of commons-codec:commons-codec in carbon-identity-framework-master\components\authentication-framework\org.wso2.carbon.identity.application.authentication.endpoint.util. As shown in the following dependency tree, according to Maven's “nearest wins” strategy, only commons-codec:commons-codec:1.2 can be loaded, commons-codec:commons-codec:1.10 will be shadowed.

However, one method defined in shadowed version commons-codec:commons-codec:1.10 is referenced by client project via org.wso2.carbon.identity.framework:org.wso2.carbon.identity.core:5.18.34-SNAPSHOT, but missing in the actually loaded version commons-codec:commons-codec:1.2.

For instance, the following missing method(defined in commons-codec:commons-codec:1.10) is actually referenced by carbon-identity-framework-master\components\authentication-framework\org.wso2.carbon.identity.application.authentication.endpoint.util, which will introduce a runtime error(i.e., "NoSuchMethodErrors") into carbon-identity-framework-master\components\authentication-framework\org.wso2.carbon.identity.application.authentication.endpoint.util.

Missing method: org.apache.commons.codec.binary.Base64: void init (int) is invoked by carbon-identity-framework-master\components\authentication-framework\org.wso2.carbon.identity.application.authentication.endpoint.util via the following path:


paths------
<org.wso2.carbon.identity.application.authentication.endpoint.util.client.AuthAPIServiceClient: org.wso2.carbon.identity.application.authentication.endpoint.util.client.model.AuthenticationResponse authenticate(java.lang.String,java.lang.Object)> carbon-identity-framework-master\components\authentication-framework\org.wso2.carbon.identity.application.authentication.endpoint.util\target\classes
<org.apache.http.impl.client.CloseableHttpClient: org.apache.http.client.methods.CloseableHttpResponse execute(org.apache.http.client.methods.HttpUriRequest)> Repositories\org\wso2\orbit\org\apache\httpcomponents\httpclient\4.3.1.wso2v2\httpclient-4.3.1.wso2v2.jar
<org.apache.http.impl.client.CloseableHttpClient: org.apache.http.client.methods.CloseableHttpResponse execute(org.apache.http.client.methods.HttpUriRequest,org.apache.http.protocol.HttpContext)> Repositories\org\wso2\orbit\org\apache\httpcomponents\httpclient\4.3.1.wso2v2\httpclient-4.3.1.wso2v2.jar
<org.apache.http.impl.client.AbstractHttpClient: org.apache.http.client.methods.CloseableHttpResponse doExecute(org.apache.http.HttpHost,org.apache.http.HttpRequest,org.apache.http.protocol.HttpContext)> Repositories\org\wso2\orbit\org\apache\httpcomponents\httpclient\4.3.1.wso2v2\httpclient-4.3.1.wso2v2.jar
<org.apache.http.impl.client.DefaultRequestDirector: org.apache.http.HttpResponse execute(org.apache.http.HttpHost,org.apache.http.HttpRequest,org.apache.http.protocol.HttpContext)> Repositories\org\wso2\orbit\org\apache\httpcomponents\httpclient\4.3.1.wso2v2\httpclient-4.3.1.wso2v2.jar
<org.apache.http.impl.auth.BasicScheme: void init ()> Repositories\org\wso2\orbit\org\apache\httpcomponents\httpclient\4.3.1.wso2v2\httpclient-4.3.1.wso2v2.jar
<org.apache.http.impl.auth.BasicScheme: void init (java.nio.charset.Charset)> Repositories\org\wso2\orbit\org\apache\httpcomponents\httpclient\4.3.1.wso2v2\httpclient-4.3.1.wso2v2.jar
<org.apache.commons.codec.binary.Base64: void init (int)>

Suggested fixing solutions

  1. Declare a direct dependency commons-codec:commons-codec:1.10 in the pom file of carbon-identity-framework-master\components\authentication-framework\org.wso2.carbon.identity.application.authentication.endpoint.util to upgrade version from 1.2 to 1.10.
  2. Use configuration attribute <dependencyManagement> to unify the version of library commons-codec:commons-codec to be 1.10 in carbon-identity-framework-master\components\authentication-framework\org.wso2.carbon.identity.application.authentication.endpoint.util's pom file.
  3. Use <exclude> to exclude commons-codec:commons-codec:1.2 from the dependency tree, so that version 1.10 will be loaded.

Please let me know which solution do you prefer? I can submit a PR to fix it.

Thank you very much for your attention. Best regards,

Dependency tree----


[INFO] org.wso2.carbon.identity.framework:org.wso2.carbon.identity.application.authentication.endpoint.util:bundle:5.18.34-SNAPSHOT
[INFO] +- org.wso2.carbon.identity.framework:org.wso2.carbon.identity.core:jar:5.18.34-SNAPSHOT:provided
[INFO] |  \- org.wso2.orbit.org.opensaml:opensaml:jar:3.3.1.wso2v1:provided
[INFO] |     \- (commons-codec:commons-codec:jar:1.10:provided - omitted for conflict with 1.2)
[INFO] \- org.wso2.securevault:org.wso2.securevault:jar:1.1.3:compile
[INFO]    \- commons-codec:commons-codec:jar:1.2:compile
Bing-ok commented 4 years ago

@gayashanbc Could you please help me review this issue? Thank you very much.