Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] Version problem of nimbus-jose-jwt in azure-keyvault-secrets-spring-boot-starter-2.1.7 #14898

Closed
1 of 3 tasks
mercer opened this issue Sep 8, 2020 · 17 comments
Closed
1 of 3 tasks

[BUG] Version problem of nimbus-jose-jwt in azure-keyvault-secrets-spring-boot-starter-2.1.7 #14898

mercer opened this issue Sep 8, 2020 · 17 comments
Assignees
@vcolin7 @chenrujun
Labels
azure-spring All azure-spring related issues azure-spring-keyvault Spring keyvault related issues. Client This issue points to a problem in the data-plane of the library. customer-reported Issues that are reported by GitHub users external to the Azure organization. question The issue doesn't require a change to the product in order to be resolved. Most issues start as that tracking-external-issue The issue is caused by external problem (e.g. OS) - nothing we can do to fix it directly

Comments

@mercer
Copy link

mercer commented Sep 8, 2020

Describe the bug
azure-keyvault-secrets-spring-boot-starter has latest com.nimbusds:nimbus-jose-jwt as a transitive dependency. Latest version, 9.0 released on September 6 is not backwards compatible.

Upgrade to 2.3.x is not an option for us, as you have breaking changes to api, for example com.microsoft.azure.keyvault.KeyVaultClient is gone.

Exception or Stack Trace

Sep 7, 2020 16:27:41 +0000 [1 1] com.newrelic INFO: New Relic Agent: Loading configuration file "/usr/local/tomcat/webapps/telemetry/newrelic/./newrelic.yml"
Sep 7, 2020 16:27:42 +0000 [1 1] com.newrelic INFO: Using default collector host: collector.newrelic.com
Sep 7, 2020 16:27:42 +0000 [1 1] com.newrelic ERROR: license_key is empty in the config. Not starting New Relic Agent.
07-Sep-2020 16:27:44.331 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server version name:   Apache Tomcat/8.5.57
07-Sep-2020 16:27:44.342 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server built:          Jun 30 2020 21:49:10 UTC
07-Sep-2020 16:27:44.342 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server version number: 8.5.57.0
07-Sep-2020 16:27:44.342 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log OS Name:               Linux
07-Sep-2020 16:27:44.342 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log OS Version:            4.15.0-1089-azure
07-Sep-2020 16:27:44.343 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Architecture:          amd64
07-Sep-2020 16:27:44.343 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Java Home:             /usr/local/openjdk-8/jre
07-Sep-2020 16:27:44.344 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log JVM Version:           1.8.0_265-b01
07-Sep-2020 16:27:44.344 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log JVM Vendor:            Oracle Corporation
07-Sep-2020 16:27:44.344 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log CATALINA_BASE:         /usr/local/tomcat
07-Sep-2020 16:27:44.344 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log CATALINA_HOME:         /usr/local/tomcat
07-Sep-2020 16:27:44.344 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.util.logging.config.file=/usr/local/tomcat/conf/logging.properties
07-Sep-2020 16:27:44.346 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
07-Sep-2020 16:27:44.346 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -javaagent:/usr/local/tomcat/webapps/telemetry/applicationinsights-agent.jar
07-Sep-2020 16:27:44.346 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -javaagent:/usr/local/tomcat/webapps/telemetry/newrelic/newrelic.jar
07-Sep-2020 16:27:44.346 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dnewrelic.environment=production
07-Sep-2020 16:27:44.347 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dorg.apache.catalina.security.SecurityListener.UMASK=0027
07-Sep-2020 16:27:44.347 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dignore.endorsed.dirs=
07-Sep-2020 16:27:44.347 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dcatalina.base=/usr/local/tomcat
07-Sep-2020 16:27:44.347 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dcatalina.home=/usr/local/tomcat
07-Sep-2020 16:27:44.347 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.io.tmpdir=/usr/local/tomcat/temp
07-Sep-2020 16:27:44.348 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Loaded Apache Tomcat Native library [1.2.24] using APR version [1.6.5].
07-Sep-2020 16:27:44.349 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR capabilities: IPv6 [true], sendfile [true], accept filters [false], random [true].
07-Sep-2020 16:27:44.349 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR/OpenSSL configuration: useAprConnector [false], useOpenSSL [true]
07-Sep-2020 16:27:44.361 INFO [main] org.apache.catalina.core.AprLifecycleListener.initializeSSL OpenSSL successfully initialized [OpenSSL 1.1.1d  10 Sep 2019]
07-Sep-2020 16:27:44.586 INFO [main] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler ["http-nio-8080"]
07-Sep-2020 16:27:44.613 INFO [main] org.apache.tomcat.util.net.NioSelectorPool.getSharedSelector Using a shared selector for servlet write/read
07-Sep-2020 16:27:44.636 INFO [main] org.apache.catalina.startup.Catalina.load Initialization processed in 1358 ms
07-Sep-2020 16:27:44.687 INFO [main] org.apache.catalina.core.StandardService.startInternal Starting service [Catalina]
07-Sep-2020 16:27:44.687 INFO [main] org.apache.catalina.core.StandardEngine.startInternal Starting Servlet Engine: Apache Tomcat/8.5.57
07-Sep-2020 16:27:44.723 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Deploying web application directory [/usr/local/tomcat/webapps/ROOT]
07-Sep-2020 16:27:45.343 WARNING [localhost-startStop-1] org.apache.tomcat.util.descriptor.web.WebXml.setVersion Unknown version string [4.0]. Default version will be used.
07-Sep-2020 16:28:12.890 INFO [localhost-startStop-1] org.apache.jasper.servlet.TldScanner.scanJars At least one JAR was scanned for TLDs yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs that were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning can improve startup time and JSP compilation time.
07-09-2020 16:28:21.057 [localhost-startStop-1] ERROR o.s.boot.SpringApplication.reportFailure - Application run failed
java.lang.NoSuchMethodError: com.nimbusds.jwt.JWTClaimsSet.toJSONObject()Lnet/minidev/json/JSONObject;
	at com.nimbusds.oauth2.sdk.auth.JWTAuthenticationClaimsSet.parse(JWTAuthenticationClaimsSet.java:166)
	at com.nimbusds.oauth2.sdk.auth.JWTAuthentication.<init>(JWTAuthentication.java:140)
	at com.nimbusds.oauth2.sdk.auth.PrivateKeyJWT.<init>(PrivateKeyJWT.java:248)
	at com.nimbusds.oauth2.sdk.auth.PrivateKeyJWT.parse(PrivateKeyJWT.java:283)
	at com.microsoft.aad.adal4j.AuthenticationContext.createClientAuthFromClientAssertion(AuthenticationContext.java:941)
	at com.microsoft.aad.adal4j.AuthenticationContext.acquireToken(AuthenticationContext.java:241)
	at com.microsoft.aad.adal4j.AuthenticationContext.acquireToken(AuthenticationContext.java:376)
	at com.microsoft.azure.keyvault.spring.KeyVaultCertificateCredential.doAuthenticate(KeyVaultCertificateCredential.java:63)
	at com.microsoft.azure.keyvault.authentication.KeyVaultCredentials.getAuthenticationCredentials(KeyVaultCredentials.java:113)
	at com.microsoft.azure.keyvault.authentication.KeyVaultCredentials.access$100(KeyVaultCredentials.java:27)
	at com.microsoft.azure.keyvault.authentication.KeyVaultCredentials$2.authenticate(KeyVaultCredentials.java:81)
	at okhttp3.internal.http.RetryAndFollowUpInterceptor.followUpRequest(RetryAndFollowUpInterceptor.java:230)
	at okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.java:119)
	at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:142)
	at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:117)
	at com.microsoft.rest.retry.RetryHandler.intercept(RetryHandler.java:75)
	at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:142)
	at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:117)
	at com.microsoft.rest.interceptors.CustomHeadersInterceptor.intercept(CustomHeadersInterceptor.java:140)
	at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:142)
	at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:117)
	at com.microsoft.rest.interceptors.BaseUrlHandler.intercept(BaseUrlHandler.java:43)
	at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:142)
	at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:117)
	at com.microsoft.rest.interceptors.RequestIdHeaderInterceptor.intercept(RequestIdHeaderInterceptor.java:29)
	at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:142)
	at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:117)
	at com.microsoft.rest.interceptors.UserAgentInterceptor.intercept(UserAgentInterceptor.java:83)
	at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:142)
	at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:117)
	at com.microsoft.azure.keyvault.authentication.KeyVaultCredentials$1.intercept(KeyVaultCredentials.java:59)
	at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:142)
	at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:117)
	at okhttp3.RealCall.getResponseWithInterceptorChain(RealCall.java:229)
	at okhttp3.RealCall.execute(RealCall.java:81)
	at retrofit2.OkHttpCall.execute(OkHttpCall.java:186)
	at retrofit2.adapter.rxjava.RxJavaCallAdapterFactory$RequestArbiter.request(RxJavaCallAdapterFactory.java:171)
	at rx.Subscriber.setProducer(Subscriber.java:211)
	at rx.internal.operators.OnSubscribeMap$MapSubscriber.setProducer(OnSubscribeMap.java:102)
	at retrofit2.adapter.rxjava.RxJavaCallAdapterFactory$CallOnSubscribe.call(RxJavaCallAdapterFactory.java:152)
	at retrofit2.adapter.rxjava.RxJavaCallAdapterFactory$CallOnSubscribe.call(RxJavaCallAdapterFactory.java:138)
	at rx.Observable.unsafeSubscribe(Observable.java:10327)
	at rx.internal.operators.OnSubscribeMap.call(OnSubscribeMap.java:48)
	at rx.internal.operators.OnSubscribeMap.call(OnSubscribeMap.java:33)
	at rx.internal.operators.OnSubscribeLift.call(OnSubscribeLift.java:48)
	at rx.internal.operators.OnSubscribeLift.call(OnSubscribeLift.java:30)
	at rx.internal.operators.OnSubscribeLift.call(OnSubscribeLift.java:48)
	at rx.internal.operators.OnSubscribeLift.call(OnSubscribeLift.java:30)
	at rx.Observable.subscribe(Observable.java:10423)
	at rx.Observable.subscribe(Observable.java:10390)
	at rx.observables.BlockingObservable.blockForSingle(BlockingObservable.java:443)
	at rx.observables.BlockingObservable.single(BlockingObservable.java:340)
	at com.microsoft.azure.keyvault.KeyVaultClientImpl.getSecrets(KeyVaultClientImpl.java:2951)
	at com.microsoft.azure.keyvault.KeyVaultClient.listSecrets(KeyVaultClient.java:911)
	at com.microsoft.azure.keyvault.spring.KeyVaultOperation.fillSecretsHashMap(KeyVaultOperation.java:111)
	at com.microsoft.azure.keyvault.spring.KeyVaultOperation.<init>(KeyVaultOperation.java:43)
	at com.microsoft.azure.keyvault.spring.KeyVaultEnvironmentPostProcessorHelper.addKeyVaultPropertySource(KeyVaultEnvironmentPostProcessorHelper.java:66)
	at com.microsoft.azure.keyvault.spring.KeyVaultEnvironmentPostProcessor.postProcessEnvironment(KeyVaultEnvironmentPostProcessor.java:26)
	at org.springframework.boot.context.config.ConfigFileApplicationListener.onApplicationEnvironmentPreparedEvent(ConfigFileApplicationListener.java:188)
	at org.springframework.boot.context.config.ConfigFileApplicationListener.onApplicationEvent(ConfigFileApplicationListener.java:176)
	at org.springframework.context.event.SimpleApplicationEventMulticaster.doInvokeListener(SimpleApplicationEventMulticaster.java:172)
	at org.springframework.context.event.SimpleApplicationEventMulticaster.invokeListener(SimpleApplicationEventMulticaster.java:165)
	at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:139)
	at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:127)
	at org.springframework.boot.context.event.EventPublishingRunListener.environmentPrepared(EventPublishingRunListener.java:76)
	at org.springframework.boot.SpringApplicationRunListeners.environmentPrepared(SpringApplicationRunListeners.java:53)
	at org.springframework.boot.SpringApplication.prepareEnvironment(SpringApplication.java:345)
	at org.springframework.boot.SpringApplication.run(SpringApplication.java:308)
	at org.springframework.boot.web.servlet.support.SpringBootServletInitializer.run(SpringBootServletInitializer.java:152)
	at org.springframework.boot.web.servlet.support.SpringBootServletInitializer.createRootApplicationContext(SpringBootServletInitializer.java:132)
	at org.springframework.boot.web.servlet.support.SpringBootServletInitializer.onStartup(SpringBootServletInitializer.java:92)
	at org.springframework.web.SpringServletContainerInitializer.onStartup(SpringServletContainerInitializer.java:172)
	at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5144)
	at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
	at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:743)
	at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:719)
	at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:705)
	at org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:1125)
	at org.apache.catalina.startup.HostConfig$DeployDirectory.run(HostConfig.java:1858)
	at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
	at java.lang.Thread.run(Thread.java:748)
07-Sep-2020 16:28:21.269 SEVERE [localhost-startStop-1] org.apache.catalina.core.ContainerBase.addChildInternal ContainerBase.addChild: start: 
	org.apache.catalina.LifecycleException: Failed to start component [StandardEngine[Catalina].StandardHost[localhost].StandardContext[]]
		at org.apache.catalina.util.LifecycleBase.handleSubClassException(LifecycleBase.java:440)
		at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:198)
		at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:743)
		at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:719)
		at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:705)
		at org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:1125)
		at org.apache.catalina.startup.HostConfig$DeployDirectory.run(HostConfig.java:1858)
		at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
		at java.util.concurrent.FutureTask.run(FutureTask.java:266)
		at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
		at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
		at java.lang.Thread.run(Thread.java:748)
	Caused by: java.lang.NoSuchMethodError: com.nimbusds.jwt.JWTClaimsSet.toJSONObject()Lnet/minidev/json/JSONObject;
		at com.nimbusds.oauth2.sdk.auth.JWTAuthenticationClaimsSet.parse(JWTAuthenticationClaimsSet.java:166)
		at com.nimbusds.oauth2.sdk.auth.JWTAuthentication.<init>(JWTAuthentication.java:140)
		at com.nimbusds.oauth2.sdk.auth.PrivateKeyJWT.<init>(PrivateKeyJWT.java:248)
		at com.nimbusds.oauth2.sdk.auth.PrivateKeyJWT.parse(PrivateKeyJWT.java:283)
		at com.microsoft.aad.adal4j.AuthenticationContext.createClientAuthFromClientAssertion(AuthenticationContext.java:941)
		at com.microsoft.aad.adal4j.AuthenticationContext.acquireToken(AuthenticationContext.java:241)
		at com.microsoft.aad.adal4j.AuthenticationContext.acquireToken(AuthenticationContext.java:376)
		at com.microsoft.azure.keyvault.spring.KeyVaultCertificateCredential.doAuthenticate(KeyVaultCertificateCredential.java:63)
		at com.microsoft.azure.keyvault.authentication.KeyVaultCredentials.getAuthenticationCredentials(KeyVaultCredentials.java:113)
		at com.microsoft.azure.keyvault.authentication.KeyVaultCredentials.access$100(KeyVaultCredentials.java:27)
		at com.microsoft.azure.keyvault.authentication.KeyVaultCredentials$2.authenticate(KeyVaultCredentials.java:81)
		at okhttp3.internal.http.RetryAndFollowUpInterceptor.followUpRequest(RetryAndFollowUpInterceptor.java:230)
		at okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.java:119)
		at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:142)
		at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:117)
		at com.microsoft.rest.retry.RetryHandler.intercept(RetryHandler.java:75)
		at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:142)
		at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:117)
		at com.microsoft.rest.interceptors.CustomHeadersInterceptor.intercept(CustomHeadersInterceptor.java:140)
		at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:142)
		at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:117)
		at com.microsoft.rest.interceptors.BaseUrlHandler.intercept(BaseUrlHandler.java:43)
		at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:142)
		at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:117)
		at com.microsoft.rest.interceptors.RequestIdHeaderInterceptor.intercept(RequestIdHeaderInterceptor.java:29)
		at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:142)
		at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:117)
		at com.microsoft.rest.interceptors.UserAgentInterceptor.intercept(UserAgentInterceptor.java:83)
		at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:142)
		at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:117)
		at com.microsoft.azure.keyvault.authentication.KeyVaultCredentials$1.intercept(KeyVaultCredentials.java:59)
		at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:142)
		at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:117)
		at okhttp3.RealCall.getResponseWithInterceptorChain(RealCall.java:229)
		at okhttp3.RealCall.execute(RealCall.java:81)
		at retrofit2.OkHttpCall.execute(OkHttpCall.java:186)
		at retrofit2.adapter.rxjava.RxJavaCallAdapterFactory$RequestArbiter.request(RxJavaCallAdapterFactory.java:171)
		at rx.Subscriber.setProducer(Subscriber.java:211)
		at rx.internal.operators.OnSubscribeMap$MapSubscriber.setProducer(OnSubscribeMap.java:102)
		at retrofit2.adapter.rxjava.RxJavaCallAdapterFactory$CallOnSubscribe.call(RxJavaCallAdapterFactory.java:152)
		at retrofit2.adapter.rxjava.RxJavaCallAdapterFactory$CallOnSubscribe.call(RxJavaCallAdapterFactory.java:138)
		at rx.Observable.unsafeSubscribe(Observable.java:10327)
		at rx.internal.operators.OnSubscribeMap.call(OnSubscribeMap.java:48)
		at rx.internal.operators.OnSubscribeMap.call(OnSubscribeMap.java:33)
		at rx.internal.operators.OnSubscribeLift.call(OnSubscribeLift.java:48)
		at rx.internal.operators.OnSubscribeLift.call(OnSubscribeLift.java:30)
		at rx.internal.operators.OnSubscribeLift.call(OnSubscribeLift.java:48)
		at rx.internal.operators.OnSubscribeLift.call(OnSubscribeLift.java:30)
		at rx.Observable.subscribe(Observable.java:10423)
		at rx.Observable.subscribe(Observable.java:10390)
		at rx.observables.BlockingObservable.blockForSingle(BlockingObservable.java:443)
		at rx.observables.BlockingObservable.single(BlockingObservable.java:340)
		at com.microsoft.azure.keyvault.KeyVaultClientImpl.getSecrets(KeyVaultClientImpl.java:2951)
		at com.microsoft.azure.keyvault.KeyVaultClient.listSecrets(KeyVaultClient.java:911)
		at com.microsoft.azure.keyvault.spring.KeyVaultOperation.fillSecretsHashMap(KeyVaultOperation.java:111)
		at com.microsoft.azure.keyvault.spring.KeyVaultOperation.<init>(KeyVaultOperation.java:43)
		at com.microsoft.azure.keyvault.spring.KeyVaultEnvironmentPostProcessorHelper.addKeyVaultPropertySource(KeyVaultEnvironmentPostProcessorHelper.java:66)
		at com.microsoft.azure.keyvault.spring.KeyVaultEnvironmentPostProcessor.postProcessEnvironment(KeyVaultEnvironmentPostProcessor.java:26)
		at org.springframework.boot.context.config.ConfigFileApplicationListener.onApplicationEnvironmentPreparedEvent(ConfigFileApplicationListener.java:188)
		at org.springframework.boot.context.config.ConfigFileApplicationListener.onApplicationEvent(ConfigFileApplicationListener.java:176)
		at org.springframework.context.event.SimpleApplicationEventMulticaster.doInvokeListener(SimpleApplicationEventMulticaster.java:172)
		at org.springframework.context.event.SimpleApplicationEventMulticaster.invokeListener(SimpleApplicationEventMulticaster.java:165)
		at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:139)
		at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:127)
		at org.springframework.boot.context.event.EventPublishingRunListener.environmentPrepared(EventPublishingRunListener.java:76)
		at org.springframework.boot.SpringApplicationRunListeners.environmentPrepared(SpringApplicationRunListeners.java:53)
		at org.springframework.boot.SpringApplication.prepareEnvironment(SpringApplication.java:345)
		at org.springframework.boot.SpringApplication.run(SpringApplication.java:308)
		at org.springframework.boot.web.servlet.support.SpringBootServletInitializer.run(SpringBootServletInitializer.java:152)
		at org.springframework.boot.web.servlet.support.SpringBootServletInitializer.createRootApplicationContext(SpringBootServletInitializer.java:132)
		at org.springframework.boot.web.servlet.support.SpringBootServletInitializer.onStartup(SpringBootServletInitializer.java:92)
		at org.springframework.web.SpringServletContainerInitializer.onStartup(SpringServletContainerInitializer.java:172)
		at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5144)
		at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
		... 10 more
{"message":"Application run failed","timestamp":1599496101057,"log.level":"ERROR","logger.name":"org.springframework.boot.SpringApplication","thread.name":"localhost-startStop-1","class.name":"org.apache.catalina.core.StandardContext","method.name":"startInternal","line.number":5144,"error.class":"java.lang.NoSuchMethodError","error.message":"com.nimbusds.jwt.JWTClaimsSet.toJSONObject()Lnet/minidev/json/JSONObject;","error.stack":"  at com.nimbusds.oauth2.sdk.auth.JWTAuthenticationClaimsSet.parse(JWTAuthenticationClaimsSet.java:166)\n  at com.nimbusds.oauth2.sdk.auth.JWTAuthentication.<init>(JWTAuthentication.java:140)\n  at com.nimbusds.oauth2.sdk.auth.PrivateKeyJWT.<init>(PrivateKeyJWT.java:248)\n  at com.nimbusds.oauth2.sdk.auth.PrivateKeyJWT.parse(PrivateKeyJWT.java:283)\n  at com.microsoft.aad.adal4j.AuthenticationContext.createClientAuthFromClientAssertion(AuthenticationContext.java:941)\n  at com.microsoft.aad.adal4j.AuthenticationContext.acquireToken(AuthenticationContext.java:241)\n  at com.microsoft.aad.adal4j.AuthenticationContext.acquireToken(AuthenticationContext.java:376)\n  at com.microsoft.azure.keyvault.spring.KeyVaultCertificateCredential.doAuthenticate(KeyVaultCertificateCredential.java:63)\n  at com.microsoft.azure.keyvault.authentication.KeyVaultCredentials.getAuthenticationCredentials(KeyVaultCredentials.java:113)\n  at com.microsoft.azure.keyvault.authentication.KeyVaultCredentials.access$100(KeyVaultCredentials.java:27)\n"}
07-Sep-2020 16:28:21.274 SEVERE [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Error deploying web application directory [/usr/local/tomcat/webapps/ROOT]
	java.lang.IllegalStateException: ContainerBase.addChild: start: org.apache.catalina.LifecycleException: Failed to start component [StandardEngine[Catalina].StandardHost[localhost].StandardContext[]]
		at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:747)
		at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:719)
		at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:705)
		at org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:1125)
		at org.apache.catalina.startup.HostConfig$DeployDirectory.run(HostConfig.java:1858)
		at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
		at java.util.concurrent.FutureTask.run(FutureTask.java:266)
		at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
		at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
		at java.lang.Thread.run(Thread.java:748)
07-Sep-2020 16:28:21.275 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory [/usr/local/tomcat/webapps/ROOT] has finished in [36,552] ms
07-Sep-2020 16:28:21.276 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Deploying web application directory [/usr/local/tomcat/webapps/telemetry]
07-Sep-2020 16:28:40.241 INFO [localhost-startStop-1] org.apache.jasper.servlet.TldScanner.scanJars At least one JAR was scanned for TLDs yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs that were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning can improve startup time and JSP compilation time.
07-Sep-2020 16:28:40.280 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory [/usr/local/tomcat/webapps/telemetry] has finished in [19,003] ms
07-Sep-2020 16:28:40.284 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["http-nio-8080"]
07-Sep-2020 16:28:40.305 INFO [main] org.apache.catalina.startup.Catalina.start Server startup in 55668 ms

Steps to reproduce

  1. have code that works

Expected behavior
I expect azure-keyvault-secrets client to continue to authenticate to keyvault, given no code changes, no azure-keyvault-secrets version is changed, and, presumably, no api changes with azure keyvault went live on September 6.

Setup (please complete the following information):

  • OS: linux/windows
  • IDE : command line
  • Version of the Library used: 2.1.7

Information Checklist
Kindly make sure that you have added all the following information above and checkoff the required fields otherwise we will treat the issuer as an incomplete report

  • Bug Description Added
  • Repro Steps Added
  • Setup information Added
@ghost ghost added needs-triage Workflow: This is a new issue that needs to be triaged to the appropriate team. customer-reported Issues that are reported by GitHub users external to the Azure organization. question The issue doesn't require a change to the product in order to be resolved. Most issues start as that labels Sep 8, 2020
@mercer
Copy link
Author

mercer commented Sep 8, 2020

A screenshot with the dependency tree
image

The new com.nimbusds:nimbus-jose-jwt:9.0 version
image

@mercer
Copy link
Author

mercer commented Sep 8, 2020
edited
Loading

This solved my problem, as a workaround. 8.20 is last version that worked for us

    <!-- we're stuck with 2.1.7 as 2.1.8 breaks the api -->
    <dependency>
      <groupId>com.microsoft.azure</groupId>
      <artifactId>azure-keyvault-secrets-spring-boot-starter</artifactId>
      <version>2.1.7</version>
    </dependency>
    <!-- put an upper boundary to 8.20, last known version to work -->
    <dependency>
      <groupId>com.nimbusds</groupId>
      <artifactId>nimbus-jose-jwt</artifactId>
      <version>[6.0.1,8.20]</version>
    </dependency>

@nlazouzi
Copy link

nlazouzi commented Sep 8, 2020

i just ran into the same issue. Your post helped. Thank you. For those using gradle, this worked for me >>

    compile "com.microsoft.azure:adal4j:1.6.4"
    constraints {

        implementation('com.nimbusds:nimbus-jose-jwt:8.20') {
            because 'state reason here.'
        }
    }

@GVerg
Copy link

GVerg commented Sep 8, 2020

Same for me, many thanks !

I had this exception: NoSuchMethodError: com.nimbusds.jose.Header.toJSONObject()Lnet/minidev/json/JSONObject
And adding this:

<dependency>
  <groupId>com.nimbusds</groupId>
  <artifactId>nimbus-jose-jwt</artifactId>
  <version>8.20</version>
</dependency>

to my pom.xml file, fixed the issue.

@joshfree joshfree added azure-spring-keyvault Spring keyvault related issues. Client This issue points to a problem in the data-plane of the library. KeyVault labels Sep 8, 2020
@ghost ghost removed the needs-triage Workflow: This is a new issue that needs to be triaged to the appropriate team. label Sep 8, 2020
@joshfree
Copy link
Member

joshfree commented Sep 8, 2020

Thanks for reporting this @mercer. @vcolin7 @jialindai can you please follow up?

@vcolin7
Copy link
Member

vcolin7 commented Sep 10, 2020

No problem, I'm looking into this.

@vcolin7
Copy link
Member

vcolin7 commented Sep 10, 2020
edited
Loading

Usually when we see a NoSuchMethodError it's due to a mismatch between what you have declared and what was actually compiled. Here's a StackOverflow post explaining in more detail. You can also find more info here.

I set up a small Key Vault Spring project and was able to run it without issue with version com.nimbusds:nimbus-jose-jwt:jar:9.0.

image

Can you try running mvn clean install at you POM file location and then run your app again? //cc @mercer @nlazouzi @GVerg @dev-usa

@mercer
Copy link
Author

mercer commented Sep 10, 2020
edited
Loading

  1. the issue for us started appearing on september 6
  2. same date nimbus-jose-jwt v9.0 is released
  3. it's either nimbus-jose-jwt, or azure keyvault's api changed on the same date, september 6
  4. for us, the part of system that failed in the pipeline, is legacy code, no changes to code, or pipeline, or dependencies (declared), or the keyvault it goes to fetch configuration in more than 6 months
  5. pipeline runs on code changes from other parts of system (dotnet), and rebuilds all artifacts
  6. the dependency of your dependency of your dependency (adal4j) is happy to get any future version [6.0.1,)
  7. this is dangerous for them (nimbusds), for them (adal4j), for you (keyvault client), and for all of us using this
  8. its a 💣 waiting to go boom
  9. it has to be a broken api with nimbus-jose-jwt, they even changed the major version!, while there is not even a patch version change for azure-keyvault-secrets-spring-boot-starter

Please pin down all your dependency versions, even if I'm wrong about the root cause, as safety for future transient dependency changes.

(for example all spring starters guarantee that all the jars you get work well together, they do extensive tests to prove this, so that we don't have to)

Good luck 👍

@joshfree joshfree added the tracking-external-issue The issue is caused by external problem (e.g. OS) - nothing we can do to fix it directly label Sep 10, 2020
@joshfree
Copy link
Member

joshfree commented Sep 10, 2020
edited
Loading

Let's do two things here; Let's open an external bug on adal4j to fix their unbounded dependencies; and let's also update spring to ensure we don't float versions. @vcolin7 can you open up the adal bug please?

@jialindai can you follow up on the sprint starter?

@vcolin7 vcolin7 added azure-spring All azure-spring related issues and removed KeyVault labels Sep 10, 2020
@vcolin7 vcolin7 mentioned this issue Sep 10, 2020
Closed
@vcolin7
Copy link
Member

vcolin7 commented Sep 10, 2020

Thanks for the feedback @mercer, we filed an issue with ADAL4J and will have the Spring team look into this.

@bganapa
Copy link
Member

bganapa commented Sep 10, 2020

The issue is being hit thru azurestack specific libraries as well
java.lang.NoSuchMethodError: 'net.minidev.json.JSONObject com.nimbusds.jwt.JWTClaimsSet.toJSONObject()'
..
at com.microsoft.aad.adal4j.AuthenticationContext.createClientAuthFromClientAssertion(AuthenticationContext.java:941)
at com.microsoft.aad.adal4j.AuthenticationContext.acquireToken(AuthenticationContext.java:241)
at com.microsoft.aad.adal4j.AuthenticationContext.acquireToken(AuthenticationContext.java:376)
...
at com.microsoft.azure.management.profile_2019_03_01_hybrid.Azure$AuthenticatedImpl.withDefaultSubscription(Azure.java:293)
at com.microsoft.azure.management.utility.Authenticate.authenticate(Authenticate.java:141)

@chenrujun chenrujun self-assigned this Sep 15, 2020
@chenrujun
Copy link

Conclusion:

Please add the following fragment in your pom to solve the problem.

<dependency>
  <groupId>com.nimbusds</groupId>
  <artifactId>nimbus-jose-jwt</artifactId>
  <version>8.20</version>
</dependency>

More details:

  • azure-keyvault-secrets-spring-boot-starter's dependency path to nimbus-jose-jwt (4.39.2)

image

  • azure-keyvault-secrets-spring-boot-sample's dependency path to nimbus-jose-jwt (9.0.1, latest version)

image

It's caused by oauth2-oidc-sdk-6.5.pom, it have content like this:

		<dependency>
			<groupId>com.nimbusds</groupId>
			<artifactId>nimbus-jose-jwt</artifactId>
			<version>[6.0.1,)</version>
		</dependency>

After adding the following fragment in azure-keyvault-secrets-spring-boot-sample's pom:

<dependency>
  <groupId>com.nimbusds</groupId>
  <artifactId>nimbus-jose-jwt</artifactId>
  <version>8.20</version>
</dependency>

The azure-keyvault-secrets-spring-boot-sample's dependency path to nimbus-jose-jwt will be like this: i.e. Use 8.2.0 instead of latest version (9.0.1)

image

Links:

@chenrujun chenrujun mentioned this issue Sep 15, 2020
Closed
3 tasks
@vcolin7
Copy link
Member

vcolin7 commented Sep 15, 2020
edited
Loading

@chenrujun I think we should keep this open until the offending dependency is pinned down either by Nimbus, ADAL4J or in the Spring Boot Starter for Key Vault. Even though the workaround is pretty useful, our libraries should work out of the box without requiring customers doing something like that.

@vcolin7 vcolin7 reopened this Sep 15, 2020
@chenrujun
Copy link

Hi, @vcolin7 .

Thank you for your check.

The root cause of this problem is oauth2-oidc-sdk used version ranges instead of explicit dependencies,
and the problem have been solved in oauth2-oidc-sdk-7.0.3.

The latest version of azure-keyvault-secrets-spring-boot-starter (2.3.5) already use oauth2-oidc-sdk-7.1.1:

image

So the problem does not exist if we use azure-keyvault-secrets-spring-boot-starter-2.3.5.

Maybe we can close the issue now?

@vcolin7
Copy link
Member

vcolin7 commented Sep 16, 2020
edited
Loading

@chenrujun The problem is that apparently the customer cannot use a newer version of the Spring Boot Starter because after 2.1.7 it uses the Track 2 Key Vault library instead of Track 1. I don't really know if everything that's available on said version can be done in newer ones without introducing breaking changes.

@mercer is it possible for you to try making the upgrade to the latest Spring Boot Key Vault Starter version to see if things can be built with it? All functionality from Track 1 Key Vault clients (com.microsoft.azure.keyvault.KeyVaultClient) is available in the form of new clients in Track 2, while also offering new and improved APIs:

  • com.azure.security.keyvault.certificates.CertificateClient
  • com.azure.security.keyvault.keys.KeyClient
  • com.azure.security.keyvault.secrets.SecretClient

The Spring Boot Key Vault Starter has leveraged these clients and, based on some tests I've run in a sample project, it seems you can go from version 2.1.7 to a newer one without making code changes.

@mercer
Copy link
Author

mercer commented Sep 16, 2020

I'm afraid I can't go higher than 2.1.7 without code changes because 2.1.8 brings some api changes.

@vcolin7
Copy link
Member

vcolin7 commented Sep 17, 2020

I see :( In that case I would recommend going with the workaround mentioned earlier in this thread.

A good thing to come out of this is that ADAL4J will make the switch to a newer version of com.nimbusds:oauth2-oidc-sdk where all dependencies are fixed or closed ranges. (Source).

//cc @chenrujun

@vcolin7 vcolin7 closed this as completed Sep 17, 2020
@chenrujun chenrujun changed the title [BUG] azure-keyvault-secrets-spring-boot-starter:2.1.7 stopped working on September 6 [BUG] Version problem of nimbus-jose-jwt in azure-keyvault-secrets-spring-boot-starter-2.1.7 Sep 25, 2020
@andxu andxu mentioned this issue Oct 30, 2020
Open
@BillyBolton BillyBolton mentioned this issue Apr 27, 2021
Closed
2 tasks
@antoineclaval antoineclaval mentioned this issue Feb 8, 2022
Closed
2 tasks
@github-actions github-actions bot locked and limited conversation to collaborators Apr 12, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@vcolin7 vcolin7

@chenrujun chenrujun

Labels
azure-spring All azure-spring related issues azure-spring-keyvault Spring keyvault related issues. Client This issue points to a problem in the data-plane of the library. customer-reported Issues that are reported by GitHub users external to the Azure organization. question The issue doesn't require a change to the product in order to be resolved. Most issues start as that tracking-external-issue The issue is caused by external problem (e.g. OS) - nothing we can do to fix it directly
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
8 participants
@mercer @joshfree @vcolin7 @bganapa @chenrujun @nlazouzi @GVerg @jialindai