Azure-sdk-for-java: [BUG] Version problem of nimbus-jose-jwt in azure-keyvault-secrets-spring-boot-starter-2.1.7
Describe the bug
azure-keyvault-secrets-spring-boot-starter has latest com.nimbusds:nimbus-jose-jwt as a transitive dependency. Latest version, 9.0 released on September 6 is not backwards compatible.
Upgrade to 2.3.x is not an option for us, as you have breaking changes to api, for example com.microsoft.azure.keyvault.KeyVaultClient is gone.
Exception or Stack Trace
Sep 7, 2020 16:27:41 +0000 [1 1] com.newrelic INFO: New Relic Agent: Loading configuration file "/usr/local/tomcat/webapps/telemetry/newrelic/./newrelic.yml"
Sep 7, 2020 16:27:42 +0000 [1 1] com.newrelic INFO: Using default collector host: collector.newrelic.com
Sep 7, 2020 16:27:42 +0000 [1 1] com.newrelic ERROR: license_key is empty in the config. Not starting New Relic Agent.
07-Sep-2020 16:27:44.331 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server version name: Apache Tomcat/8.5.57
07-Sep-2020 16:27:44.342 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server built: Jun 30 2020 21:49:10 UTC
07-Sep-2020 16:27:44.342 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server version number: 8.5.57.0
07-Sep-2020 16:27:44.342 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log OS Name: Linux
07-Sep-2020 16:27:44.342 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log OS Version: 4.15.0-1089-azure
07-Sep-2020 16:27:44.343 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Architecture: amd64
07-Sep-2020 16:27:44.343 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Java Home: /usr/local/openjdk-8/jre
07-Sep-2020 16:27:44.344 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log JVM Version: 1.8.0_265-b01
07-Sep-2020 16:27:44.344 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log JVM Vendor: Oracle Corporation
07-Sep-2020 16:27:44.344 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log CATALINA_BASE: /usr/local/tomcat
07-Sep-2020 16:27:44.344 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log CATALINA_HOME: /usr/local/tomcat
07-Sep-2020 16:27:44.344 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.util.logging.config.file=/usr/local/tomcat/conf/logging.properties
07-Sep-2020 16:27:44.346 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
07-Sep-2020 16:27:44.346 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -javaagent:/usr/local/tomcat/webapps/telemetry/applicationinsights-agent.jar
07-Sep-2020 16:27:44.346 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -javaagent:/usr/local/tomcat/webapps/telemetry/newrelic/newrelic.jar
07-Sep-2020 16:27:44.346 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dnewrelic.environment=production
07-Sep-2020 16:27:44.347 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dorg.apache.catalina.security.SecurityListener.UMASK=0027
07-Sep-2020 16:27:44.347 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dignore.endorsed.dirs=
07-Sep-2020 16:27:44.347 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dcatalina.base=/usr/local/tomcat
07-Sep-2020 16:27:44.347 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dcatalina.home=/usr/local/tomcat
07-Sep-2020 16:27:44.347 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.io.tmpdir=/usr/local/tomcat/temp
07-Sep-2020 16:27:44.348 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Loaded Apache Tomcat Native library [1.2.24] using APR version [1.6.5].
07-Sep-2020 16:27:44.349 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR capabilities: IPv6 [true], sendfile [true], accept filters [false], random [true].
07-Sep-2020 16:27:44.349 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR/OpenSSL configuration: useAprConnector [false], useOpenSSL [true]
07-Sep-2020 16:27:44.361 INFO [main] org.apache.catalina.core.AprLifecycleListener.initializeSSL OpenSSL successfully initialized [OpenSSL 1.1.1d 10 Sep 2019]
07-Sep-2020 16:27:44.586 INFO [main] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler ["http-nio-8080"]
07-Sep-2020 16:27:44.613 INFO [main] org.apache.tomcat.util.net.NioSelectorPool.getSharedSelector Using a shared selector for servlet write/read
07-Sep-2020 16:27:44.636 INFO [main] org.apache.catalina.startup.Catalina.load Initialization processed in 1358 ms
07-Sep-2020 16:27:44.687 INFO [main] org.apache.catalina.core.StandardService.startInternal Starting service [Catalina]
07-Sep-2020 16:27:44.687 INFO [main] org.apache.catalina.core.StandardEngine.startInternal Starting Servlet Engine: Apache Tomcat/8.5.57
07-Sep-2020 16:27:44.723 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Deploying web application directory [/usr/local/tomcat/webapps/ROOT]
07-Sep-2020 16:27:45.343 WARNING [localhost-startStop-1] org.apache.tomcat.util.descriptor.web.WebXml.setVersion Unknown version string [4.0]. Default version will be used.
07-Sep-2020 16:28:12.890 INFO [localhost-startStop-1] org.apache.jasper.servlet.TldScanner.scanJars At least one JAR was scanned for TLDs yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs that were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning can improve startup time and JSP compilation time.
07-09-2020 16:28:21.057 [localhost-startStop-1] ERROR o.s.boot.SpringApplication.reportFailure - Application run failed
java.lang.NoSuchMethodError: com.nimbusds.jwt.JWTClaimsSet.toJSONObject()Lnet/minidev/json/JSONObject;
at com.nimbusds.oauth2.sdk.auth.JWTAuthenticationClaimsSet.parse(JWTAuthenticationClaimsSet.java:166)
at com.nimbusds.oauth2.sdk.auth.JWTAuthentication.<init>(JWTAuthentication.java:140)
at com.nimbusds.oauth2.sdk.auth.PrivateKeyJWT.<init>(PrivateKeyJWT.java:248)
at com.nimbusds.oauth2.sdk.auth.PrivateKeyJWT.parse(PrivateKeyJWT.java:283)
at com.microsoft.aad.adal4j.AuthenticationContext.createClientAuthFromClientAssertion(AuthenticationContext.java:941)
at com.microsoft.aad.adal4j.AuthenticationContext.acquireToken(AuthenticationContext.java:241)
at com.microsoft.aad.adal4j.AuthenticationContext.acquireToken(AuthenticationContext.java:376)
at com.microsoft.azure.keyvault.spring.KeyVaultCertificateCredential.doAuthenticate(KeyVaultCertificateCredential.java:63)
at com.microsoft.azure.keyvault.authentication.KeyVaultCredentials.getAuthenticationCredentials(KeyVaultCredentials.java:113)
at com.microsoft.azure.keyvault.authentication.KeyVaultCredentials.access$100(KeyVaultCredentials.java:27)
at com.microsoft.azure.keyvault.authentication.KeyVaultCredentials$2.authenticate(KeyVaultCredentials.java:81)
at okhttp3.internal.http.RetryAndFollowUpInterceptor.followUpRequest(RetryAndFollowUpInterceptor.java:230)
at okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.java:119)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:142)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:117)
at com.microsoft.rest.retry.RetryHandler.intercept(RetryHandler.java:75)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:142)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:117)
at com.microsoft.rest.interceptors.CustomHeadersInterceptor.intercept(CustomHeadersInterceptor.java:140)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:142)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:117)
at com.microsoft.rest.interceptors.BaseUrlHandler.intercept(BaseUrlHandler.java:43)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:142)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:117)
at com.microsoft.rest.interceptors.RequestIdHeaderInterceptor.intercept(RequestIdHeaderInterceptor.java:29)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:142)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:117)
at com.microsoft.rest.interceptors.UserAgentInterceptor.intercept(UserAgentInterceptor.java:83)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:142)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:117)
at com.microsoft.azure.keyvault.authentication.KeyVaultCredentials$1.intercept(KeyVaultCredentials.java:59)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:142)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:117)
at okhttp3.RealCall.getResponseWithInterceptorChain(RealCall.java:229)
at okhttp3.RealCall.execute(RealCall.java:81)
at retrofit2.OkHttpCall.execute(OkHttpCall.java:186)
at retrofit2.adapter.rxjava.RxJavaCallAdapterFactory$RequestArbiter.request(RxJavaCallAdapterFactory.java:171)
at rx.Subscriber.setProducer(Subscriber.java:211)
at rx.internal.operators.OnSubscribeMap$MapSubscriber.setProducer(OnSubscribeMap.java:102)
at retrofit2.adapter.rxjava.RxJavaCallAdapterFactory$CallOnSubscribe.call(RxJavaCallAdapterFactory.java:152)
at retrofit2.adapter.rxjava.RxJavaCallAdapterFactory$CallOnSubscribe.call(RxJavaCallAdapterFactory.java:138)
at rx.Observable.unsafeSubscribe(Observable.java:10327)
at rx.internal.operators.OnSubscribeMap.call(OnSubscribeMap.java:48)
at rx.internal.operators.OnSubscribeMap.call(OnSubscribeMap.java:33)
at rx.internal.operators.OnSubscribeLift.call(OnSubscribeLift.java:48)
at rx.internal.operators.OnSubscribeLift.call(OnSubscribeLift.java:30)
at rx.internal.operators.OnSubscribeLift.call(OnSubscribeLift.java:48)
at rx.internal.operators.OnSubscribeLift.call(OnSubscribeLift.java:30)
at rx.Observable.subscribe(Observable.java:10423)
at rx.Observable.subscribe(Observable.java:10390)
at rx.observables.BlockingObservable.blockForSingle(BlockingObservable.java:443)
at rx.observables.BlockingObservable.single(BlockingObservable.java:340)
at com.microsoft.azure.keyvault.KeyVaultClientImpl.getSecrets(KeyVaultClientImpl.java:2951)
at com.microsoft.azure.keyvault.KeyVaultClient.listSecrets(KeyVaultClient.java:911)
at com.microsoft.azure.keyvault.spring.KeyVaultOperation.fillSecretsHashMap(KeyVaultOperation.java:111)
at com.microsoft.azure.keyvault.spring.KeyVaultOperation.<init>(KeyVaultOperation.java:43)
at com.microsoft.azure.keyvault.spring.KeyVaultEnvironmentPostProcessorHelper.addKeyVaultPropertySource(KeyVaultEnvironmentPostProcessorHelper.java:66)
at com.microsoft.azure.keyvault.spring.KeyVaultEnvironmentPostProcessor.postProcessEnvironment(KeyVaultEnvironmentPostProcessor.java:26)
at org.springframework.boot.context.config.ConfigFileApplicationListener.onApplicationEnvironmentPreparedEvent(ConfigFileApplicationListener.java:188)
at org.springframework.boot.context.config.ConfigFileApplicationListener.onApplicationEvent(ConfigFileApplicationListener.java:176)
at org.springframework.context.event.SimpleApplicationEventMulticaster.doInvokeListener(SimpleApplicationEventMulticaster.java:172)
at org.springframework.context.event.SimpleApplicationEventMulticaster.invokeListener(SimpleApplicationEventMulticaster.java:165)
at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:139)
at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:127)
at org.springframework.boot.context.event.EventPublishingRunListener.environmentPrepared(EventPublishingRunListener.java:76)
at org.springframework.boot.SpringApplicationRunListeners.environmentPrepared(SpringApplicationRunListeners.java:53)
at org.springframework.boot.SpringApplication.prepareEnvironment(SpringApplication.java:345)
at org.springframework.boot.SpringApplication.run(SpringApplication.java:308)
at org.springframework.boot.web.servlet.support.SpringBootServletInitializer.run(SpringBootServletInitializer.java:152)
at org.springframework.boot.web.servlet.support.SpringBootServletInitializer.createRootApplicationContext(SpringBootServletInitializer.java:132)
at org.springframework.boot.web.servlet.support.SpringBootServletInitializer.onStartup(SpringBootServletInitializer.java:92)
at org.springframework.web.SpringServletContainerInitializer.onStartup(SpringServletContainerInitializer.java:172)
at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5144)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:743)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:719)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:705)
at org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:1125)
at org.apache.catalina.startup.HostConfig$DeployDirectory.run(HostConfig.java:1858)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
07-Sep-2020 16:28:21.269 SEVERE [localhost-startStop-1] org.apache.catalina.core.ContainerBase.addChildInternal ContainerBase.addChild: start:
org.apache.catalina.LifecycleException: Failed to start component [StandardEngine[Catalina].StandardHost[localhost].StandardContext[]]
at org.apache.catalina.util.LifecycleBase.handleSubClassException(LifecycleBase.java:440)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:198)
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:743)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:719)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:705)
at org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:1125)
at org.apache.catalina.startup.HostConfig$DeployDirectory.run(HostConfig.java:1858)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
Caused by: java.lang.NoSuchMethodError: com.nimbusds.jwt.JWTClaimsSet.toJSONObject()Lnet/minidev/json/JSONObject;
at com.nimbusds.oauth2.sdk.auth.JWTAuthenticationClaimsSet.parse(JWTAuthenticationClaimsSet.java:166)
at com.nimbusds.oauth2.sdk.auth.JWTAuthentication.<init>(JWTAuthentication.java:140)
at com.nimbusds.oauth2.sdk.auth.PrivateKeyJWT.<init>(PrivateKeyJWT.java:248)
at com.nimbusds.oauth2.sdk.auth.PrivateKeyJWT.parse(PrivateKeyJWT.java:283)
at com.microsoft.aad.adal4j.AuthenticationContext.createClientAuthFromClientAssertion(AuthenticationContext.java:941)
at com.microsoft.aad.adal4j.AuthenticationContext.acquireToken(AuthenticationContext.java:241)
at com.microsoft.aad.adal4j.AuthenticationContext.acquireToken(AuthenticationContext.java:376)
at com.microsoft.azure.keyvault.spring.KeyVaultCertificateCredential.doAuthenticate(KeyVaultCertificateCredential.java:63)
at com.microsoft.azure.keyvault.authentication.KeyVaultCredentials.getAuthenticationCredentials(KeyVaultCredentials.java:113)
at com.microsoft.azure.keyvault.authentication.KeyVaultCredentials.access$100(KeyVaultCredentials.java:27)
at com.microsoft.azure.keyvault.authentication.KeyVaultCredentials$2.authenticate(KeyVaultCredentials.java:81)
at okhttp3.internal.http.RetryAndFollowUpInterceptor.followUpRequest(RetryAndFollowUpInterceptor.java:230)
at okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.java:119)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:142)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:117)
at com.microsoft.rest.retry.RetryHandler.intercept(RetryHandler.java:75)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:142)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:117)
at com.microsoft.rest.interceptors.CustomHeadersInterceptor.intercept(CustomHeadersInterceptor.java:140)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:142)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:117)
at com.microsoft.rest.interceptors.BaseUrlHandler.intercept(BaseUrlHandler.java:43)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:142)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:117)
at com.microsoft.rest.interceptors.RequestIdHeaderInterceptor.intercept(RequestIdHeaderInterceptor.java:29)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:142)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:117)
at com.microsoft.rest.interceptors.UserAgentInterceptor.intercept(UserAgentInterceptor.java:83)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:142)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:117)
at com.microsoft.azure.keyvault.authentication.KeyVaultCredentials$1.intercept(KeyVaultCredentials.java:59)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:142)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:117)
at okhttp3.RealCall.getResponseWithInterceptorChain(RealCall.java:229)
at okhttp3.RealCall.execute(RealCall.java:81)
at retrofit2.OkHttpCall.execute(OkHttpCall.java:186)
at retrofit2.adapter.rxjava.RxJavaCallAdapterFactory$RequestArbiter.request(RxJavaCallAdapterFactory.java:171)
at rx.Subscriber.setProducer(Subscriber.java:211)
at rx.internal.operators.OnSubscribeMap$MapSubscriber.setProducer(OnSubscribeMap.java:102)
at retrofit2.adapter.rxjava.RxJavaCallAdapterFactory$CallOnSubscribe.call(RxJavaCallAdapterFactory.java:152)
at retrofit2.adapter.rxjava.RxJavaCallAdapterFactory$CallOnSubscribe.call(RxJavaCallAdapterFactory.java:138)
at rx.Observable.unsafeSubscribe(Observable.java:10327)
at rx.internal.operators.OnSubscribeMap.call(OnSubscribeMap.java:48)
at rx.internal.operators.OnSubscribeMap.call(OnSubscribeMap.java:33)
at rx.internal.operators.OnSubscribeLift.call(OnSubscribeLift.java:48)
at rx.internal.operators.OnSubscribeLift.call(OnSubscribeLift.java:30)
at rx.internal.operators.OnSubscribeLift.call(OnSubscribeLift.java:48)
at rx.internal.operators.OnSubscribeLift.call(OnSubscribeLift.java:30)
at rx.Observable.subscribe(Observable.java:10423)
at rx.Observable.subscribe(Observable.java:10390)
at rx.observables.BlockingObservable.blockForSingle(BlockingObservable.java:443)
at rx.observables.BlockingObservable.single(BlockingObservable.java:340)
at com.microsoft.azure.keyvault.KeyVaultClientImpl.getSecrets(KeyVaultClientImpl.java:2951)
at com.microsoft.azure.keyvault.KeyVaultClient.listSecrets(KeyVaultClient.java:911)
at com.microsoft.azure.keyvault.spring.KeyVaultOperation.fillSecretsHashMap(KeyVaultOperation.java:111)
at com.microsoft.azure.keyvault.spring.KeyVaultOperation.<init>(KeyVaultOperation.java:43)
at com.microsoft.azure.keyvault.spring.KeyVaultEnvironmentPostProcessorHelper.addKeyVaultPropertySource(KeyVaultEnvironmentPostProcessorHelper.java:66)
at com.microsoft.azure.keyvault.spring.KeyVaultEnvironmentPostProcessor.postProcessEnvironment(KeyVaultEnvironmentPostProcessor.java:26)
at org.springframework.boot.context.config.ConfigFileApplicationListener.onApplicationEnvironmentPreparedEvent(ConfigFileApplicationListener.java:188)
at org.springframework.boot.context.config.ConfigFileApplicationListener.onApplicationEvent(ConfigFileApplicationListener.java:176)
at org.springframework.context.event.SimpleApplicationEventMulticaster.doInvokeListener(SimpleApplicationEventMulticaster.java:172)
at org.springframework.context.event.SimpleApplicationEventMulticaster.invokeListener(SimpleApplicationEventMulticaster.java:165)
at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:139)
at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:127)
at org.springframework.boot.context.event.EventPublishingRunListener.environmentPrepared(EventPublishingRunListener.java:76)
at org.springframework.boot.SpringApplicationRunListeners.environmentPrepared(SpringApplicationRunListeners.java:53)
at org.springframework.boot.SpringApplication.prepareEnvironment(SpringApplication.java:345)
at org.springframework.boot.SpringApplication.run(SpringApplication.java:308)
at org.springframework.boot.web.servlet.support.SpringBootServletInitializer.run(SpringBootServletInitializer.java:152)
at org.springframework.boot.web.servlet.support.SpringBootServletInitializer.createRootApplicationContext(SpringBootServletInitializer.java:132)
at org.springframework.boot.web.servlet.support.SpringBootServletInitializer.onStartup(SpringBootServletInitializer.java:92)
at org.springframework.web.SpringServletContainerInitializer.onStartup(SpringServletContainerInitializer.java:172)
at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5144)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
... 10 more
{"message":"Application run failed","timestamp":1599496101057,"log.level":"ERROR","logger.name":"org.springframework.boot.SpringApplication","thread.name":"localhost-startStop-1","class.name":"org.apache.catalina.core.StandardContext","method.name":"startInternal","line.number":5144,"error.class":"java.lang.NoSuchMethodError","error.message":"com.nimbusds.jwt.JWTClaimsSet.toJSONObject()Lnet/minidev/json/JSONObject;","error.stack":" at com.nimbusds.oauth2.sdk.auth.JWTAuthenticationClaimsSet.parse(JWTAuthenticationClaimsSet.java:166)\n at com.nimbusds.oauth2.sdk.auth.JWTAuthentication.<init>(JWTAuthentication.java:140)\n at com.nimbusds.oauth2.sdk.auth.PrivateKeyJWT.<init>(PrivateKeyJWT.java:248)\n at com.nimbusds.oauth2.sdk.auth.PrivateKeyJWT.parse(PrivateKeyJWT.java:283)\n at com.microsoft.aad.adal4j.AuthenticationContext.createClientAuthFromClientAssertion(AuthenticationContext.java:941)\n at com.microsoft.aad.adal4j.AuthenticationContext.acquireToken(AuthenticationContext.java:241)\n at com.microsoft.aad.adal4j.AuthenticationContext.acquireToken(AuthenticationContext.java:376)\n at com.microsoft.azure.keyvault.spring.KeyVaultCertificateCredential.doAuthenticate(KeyVaultCertificateCredential.java:63)\n at com.microsoft.azure.keyvault.authentication.KeyVaultCredentials.getAuthenticationCredentials(KeyVaultCredentials.java:113)\n at com.microsoft.azure.keyvault.authentication.KeyVaultCredentials.access$100(KeyVaultCredentials.java:27)\n"}
07-Sep-2020 16:28:21.274 SEVERE [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Error deploying web application directory [/usr/local/tomcat/webapps/ROOT]
java.lang.IllegalStateException: ContainerBase.addChild: start: org.apache.catalina.LifecycleException: Failed to start component [StandardEngine[Catalina].StandardHost[localhost].StandardContext[]]
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:747)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:719)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:705)
at org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:1125)
at org.apache.catalina.startup.HostConfig$DeployDirectory.run(HostConfig.java:1858)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
07-Sep-2020 16:28:21.275 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory [/usr/local/tomcat/webapps/ROOT] has finished in [36,552] ms
07-Sep-2020 16:28:21.276 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Deploying web application directory [/usr/local/tomcat/webapps/telemetry]
07-Sep-2020 16:28:40.241 INFO [localhost-startStop-1] org.apache.jasper.servlet.TldScanner.scanJars At least one JAR was scanned for TLDs yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs that were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning can improve startup time and JSP compilation time.
07-Sep-2020 16:28:40.280 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory [/usr/local/tomcat/webapps/telemetry] has finished in [19,003] ms
07-Sep-2020 16:28:40.284 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["http-nio-8080"]
07-Sep-2020 16:28:40.305 INFO [main] org.apache.catalina.startup.Catalina.start Server startup in 55668 ms
Steps to reproduce
- have code that works
Expected behavior
I expect azure-keyvault-secrets client to continue to authenticate to keyvault, given no code changes, no azure-keyvault-secrets version is changed, and, presumably, no api changes with azure keyvault went live on September 6.
Setup (please complete the following information):
- OS: linux/windows
- IDE : command line
- Version of the Library used: 2.1.7
Information Checklist
Kindly make sure that you have added all the following information above and checkoff the required fields otherwise we will treat the issuer as an incomplete report
- [x] Bug Description Added
- [ ] Repro Steps Added
- [ ] Setup information Added
mercer
All 17 comments
A screenshot with the dependency tree
The new com.nimbusds:nimbus-jose-jwt:9.0 version
mercer
on 8 Sep 2020
This solved my problem, as a workaround. 8.20 is last version that worked for us
<!-- we're stuck with 2.1.7 as 2.1.8 breaks the api -->
<dependency>
<groupId>com.microsoft.azure</groupId>
<artifactId>azure-keyvault-secrets-spring-boot-starter</artifactId>
<version>2.1.7</version>
</dependency>
<!-- put an upper boundary to 8.20, last known version to work -->
<dependency>
<groupId>com.nimbusds</groupId>
<artifactId>nimbus-jose-jwt</artifactId>
<version>[6.0.1,8.20]</version>
</dependency>
👍6
❤2
🚀1
i just ran into the same issue. Your post helped. Thank you. For those using gradle, this worked for me >>
compile "com.microsoft.azure:adal4j:1.6.4"
constraints {
implementation('com.nimbusds:nimbus-jose-jwt:8.20') {
because 'state reason here.'
}
}
nlazouzi
on 8 Sep 2020
Same for me, many thanks !
I had this exception: NoSuchMethodError: com.nimbusds.jose.Header.toJSONObject()Lnet/minidev/json/JSONObject
And adding this:
<dependency>
<groupId>com.nimbusds</groupId>
<artifactId>nimbus-jose-jwt</artifactId>
<version>8.20</version>
</dependency>
to my pom.xml file, fixed the issue.
GVerg
on 8 Sep 2020
👍1
Thanks for reporting this @mercer. @vcolin7 @jialindai can you please follow up?
joshfree
on 8 Sep 2020
No problem, I'm looking into this.
vcolin7
on 10 Sep 2020
Usually when we see a NoSuchMethodError it's due to a mismatch between what you have declared and what was actually compiled. Here's a StackOverflow post explaining in more detail. You can also find more info here.
I set up a small Key Vault Spring project and was able to run it without issue with version com.nimbusds:nimbus-jose-jwt:jar:9.0.
Can you try running mvn clean install at you POM file location and then run your app again? //cc @mercer @nlazouzi @GVerg @dev-usa
vcolin7
on 10 Sep 2020
- the issue for us started appearing on september 6
- same date nimbus-jose-jwt v9.0 is released
- it's either nimbus-jose-jwt, or azure keyvault's api changed on the same date, september 6
- for us, the part of system that failed in the pipeline, is legacy code, no changes to code, or pipeline, or dependencies (declared), or the keyvault it goes to fetch configuration in more than 6 months
- pipeline runs on code changes from other parts of system (dotnet), and rebuilds all artifacts
- the dependency of your dependency of your dependency (adal4j) is happy to get any future version [6.0.1,)
- this is dangerous for them (nimbusds), for them (adal4j), for you (keyvault client), and for all of us using this
- its a :bomb: waiting to go boom
- it has to be a broken api with nimbus-jose-jwt, they even changed the major version!, while there is not even a patch version change for azure-keyvault-secrets-spring-boot-starter
Please pin down all your dependency versions, even if I'm wrong about the root cause, as safety for future transient dependency changes.
(for example all spring starters guarantee that all the jars you get work well together, they do extensive tests to prove this, so that we don't have to)
Good luck :+1:
mercer
on 10 Sep 2020
Let's do two things here; Let's open an external bug on adal4j to fix their unbounded dependencies; and let's also update spring to ensure we don't float versions. @vcolin7 can you open up the adal bug please?
@jialindai can you follow up on the sprint starter?
joshfree
on 10 Sep 2020
Thanks for the feedback @mercer, we filed an issue with ADAL4J and will have the Spring team look into this.
vcolin7
on 10 Sep 2020
❤1
The issue is being hit thru azurestack specific libraries as well
java.lang.NoSuchMethodError: 'net.minidev.json.JSONObject com.nimbusds.jwt.JWTClaimsSet.toJSONObject()'
..
at com.microsoft.aad.adal4j.AuthenticationContext.createClientAuthFromClientAssertion(AuthenticationContext.java:941)
at com.microsoft.aad.adal4j.AuthenticationContext.acquireToken(AuthenticationContext.java:241)
at com.microsoft.aad.adal4j.AuthenticationContext.acquireToken(AuthenticationContext.java:376)
...
at com.microsoft.azure.management.profile_2019_03_01_hybrid.Azure$AuthenticatedImpl.withDefaultSubscription(Azure.java:293)
at com.microsoft.azure.management.utility.Authenticate.authenticate(Authenticate.java:141)
bganapa
on 10 Sep 2020
Conclusion:
Please add the following fragment in your pom to solve the problem.
<dependency>
<groupId>com.nimbusds</groupId>
<artifactId>nimbus-jose-jwt</artifactId>
<version>8.20</version>
</dependency>
More details:
azure-keyvault-secrets-spring-boot-starter's dependency path tonimbus-jose-jwt(4.39.2)
azure-keyvault-secrets-spring-boot-sample's dependency path tonimbus-jose-jwt(9.0.1, latest version)
It's caused by oauth2-oidc-sdk-6.5.pom, it have content like this:
<dependency>
<groupId>com.nimbusds</groupId>
<artifactId>nimbus-jose-jwt</artifactId>
<version>[6.0.1,)</version>
</dependency>
After adding the following fragment in azure-keyvault-secrets-spring-boot-sample's pom:
<dependency>
<groupId>com.nimbusds</groupId>
<artifactId>nimbus-jose-jwt</artifactId>
<version>8.20</version>
</dependency>
The azure-keyvault-secrets-spring-boot-sample's dependency path to nimbus-jose-jwt will be like this: i.e. Use 8.2.0 instead of latest version (9.0.1)
Links:
chenrujun
on 15 Sep 2020
@chenrujun I think we should keep this open until the offending dependency is pinned down either by Nimbus, ADAL4J or in the Spring Boot Starter for Key Vault. Even though the workaround is pretty useful, our libraries should work out of the box without requiring customers doing something like that.
vcolin7
on 15 Sep 2020
👍1
Hi, @vcolin7 .
Thank you for your check.
The root cause of this problem is oauth2-oidc-sdk used version ranges instead of explicit dependencies,
and the problem have been solved in oauth2-oidc-sdk-7.0.3.
The latest version of azure-keyvault-secrets-spring-boot-starter (2.3.5) already use oauth2-oidc-sdk-7.1.1:
So the problem does not exist if we use azure-keyvault-secrets-spring-boot-starter-2.3.5.
Maybe we can close the issue now?
chenrujun
on 16 Sep 2020
@chenrujun The problem is that apparently the customer cannot use a newer version of the Spring Boot Starter because after 2.1.7 it uses the Track 2 Key Vault library instead of Track 1. I don't really know if everything that's available on said version can be done in newer ones without introducing breaking changes.
@mercer is it possible for you to try making the upgrade to the latest Spring Boot Key Vault Starter version to see if things can be built with it? All functionality from Track 1 Key Vault clients (com.microsoft.azure.keyvault.KeyVaultClient) is available in the form of new clients in Track 2, while also offering new and improved APIs:
com.azure.security.keyvault.certificates.CertificateClientcom.azure.security.keyvault.keys.KeyClientcom.azure.security.keyvault.secrets.SecretClient
The Spring Boot Key Vault Starter has leveraged these clients and, based on some tests I've run in a sample project, it seems you can go from version 2.1.7 to a newer one without making code changes.
vcolin7
on 16 Sep 2020
I'm afraid I can't go higher than 2.1.7 without code changes because 2.1.8 brings some api changes.
mercer
on 16 Sep 2020
I see :( In that case I would recommend going with the workaround mentioned earlier in this thread.
A good thing to come out of this is that ADAL4J will make the switch to a newer version of com.nimbusds:oauth2-oidc-sdk where all dependencies are fixed or closed ranges. (Source).
//cc @chenrujun
vcolin7
on 17 Sep 2020
👍2
Was this page helpful?
0 / 5 - 0 ratings
Related issues
abhikt48
·
3Comments
algra4
·
4Comments
ronny-sphera
·
3Comments
dkirrane
·
4Comments
abelmariam
·
4Comments
Most helpful comment
This solved my problem, as a workaround. 8.20 is last version that worked for us