Error Spring 2.2.2 com.nimbusds.jose.jwk.JWKSet.toJSONObject()Lnet/minidev/json/JSONObject

[vitor-ferreira-sousa]

Describe the bug
Hello, I have a Spring Boot 2.2.2 Release application with Spring Security Oauth2 2.3.7.RELEASE and nimbus-jose-jwt capturing the same version from oauth2-oidc-sdk.version. for my tests via Postman making a recording that requests the key generated by oauth2 works normally but when taking my application through Payara Server the same request in postman returns 401 and Payara returns the error:
java.lang.NoSuchMethodError: com.nimbusds.jose.jwk.JWKSet.toJSONObject()Lnet/minidev/json/JSONObject.

My pom.xml is:

4.0.0

org.springframework.boot
spring-boot-starter-parent
2.2.2.RELEASE

<groupId>com.ivitech</groupId>
<artifactId>sac-api</artifactId>
<version>0.0.1-SNAPSHOT</version>
<packaging>war</packaging>
<name>sac-api</name>
<description>API de Atendimento ao Cliente</description>

<properties>
	<java.version>11</java.version>
	<modelmapper.version>2.3.0</modelmapper.version>
	<squiggly.version>1.3.18</squiggly.version>
	<lombok.version>1.18.22</lombok.version>
	<jasperreports.version>6.16.0</jasperreports.version>
	<springfox.version>2.9.2</springfox.version>
	<spring-security-jwt.version>1.0.11.RELEASE</spring-security-jwt.version>
	<oauth2-oidc-sdk.version>9.10.1</oauth2-oidc-sdk.version>
	<spring-security-oauth2.version>2.3.7.RELEASE</spring-security-oauth2.version>
	<dockerfile-maven-version>1.4.13</dockerfile-maven-version>
</properties>

<dependencies>
	<dependency>
		<groupId>org.springframework.boot</groupId>
		<artifactId>spring-boot-starter-web</artifactId>
	</dependency>
	<dependency>
		<groupId>org.springframework.boot</groupId>
		<artifactId>spring-boot-starter-test</artifactId>
		<scope>test</scope>
	</dependency>
	<dependency>
		<groupId>org.springframework.boot</groupId>
		<artifactId>spring-boot-devtools</artifactId>
	</dependency>
	<dependency>
		<groupId>org.springframework.boot</groupId>
		<artifactId>spring-boot-configuration-processor</artifactId>
		<optional>true</optional>
	</dependency>
	<dependency>
		<groupId>org.springframework.boot</groupId>
		<artifactId>spring-boot-starter-data-jpa</artifactId>
	</dependency>
	<dependency>
		<groupId>mysql</groupId>
		<artifactId>mysql-connector-java</artifactId>
		<scope>runtime</scope>
	</dependency>
	<dependency>
		<groupId>org.projectlombok</groupId>
		<artifactId>lombok</artifactId>
		<version>${lombok.version}</version>
	</dependency>
	<dependency>
		<groupId>org.flywaydb</groupId>
		<artifactId>flyway-core</artifactId>
	</dependency>
	<dependency>
		<groupId>org.apache.commons</groupId>
		<artifactId>commons-lang3</artifactId>
	</dependency>
	<dependency>
		<groupId>io.rest-assured</groupId>
		<artifactId>rest-assured</artifactId>
		<scope>test</scope>
	</dependency>

	<dependency>
		<groupId>org.modelmapper</groupId>
		<artifactId>modelmapper</artifactId>
		<version>${modelmapper.version}</version>
	</dependency>

	<dependency>
		<groupId>com.github.bohnman</groupId>
		<artifactId>squiggly-filter-jackson</artifactId>
		<version>${squiggly.version}</version>
		<exclusions>
			<exclusion>
				<groupId>com.google.guava</groupId>
				<artifactId>guava</artifactId>
			</exclusion>
		</exclusions>
	</dependency>

	<dependency>
		<groupId>net.sf.jasperreports</groupId>
		<artifactId>jasperreports</artifactId>
		<version>${jasperreports.version}</version>
	</dependency>

	<dependency>
		<groupId>net.sf.jasperreports</groupId>
		<artifactId>jasperreports-functions</artifactId>
		<version>${jasperreports.version}</version>
	</dependency>

	<dependency>
		<groupId>org.springframework.boot</groupId>
		<artifactId>spring-boot-starter-mail</artifactId>
	</dependency>
	<dependency>
		<groupId>org.springframework.boot</groupId>
		<artifactId>spring-boot-starter-freemarker</artifactId>
	</dependency>
	<dependency>
		<groupId>io.springfox</groupId>
		<artifactId>springfox-swagger2</artifactId>
		<version>${springfox.version}</version>
		<exclusions>
			<exclusion>
				<groupId>org.springframework.plugin</groupId>
				<artifactId>spring-plugin-core</artifactId>
			</exclusion>
		</exclusions>
	</dependency>
	<dependency>
		<groupId>io.springfox</groupId>
		<artifactId>springfox-swagger-ui</artifactId>
		<version>${springfox.version}</version>
	</dependency>
	<dependency>
		<groupId>io.springfox</groupId>
		<artifactId>springfox-bean-validators</artifactId>
		<version>${springfox.version}</version>
		<exclusions>
			<exclusion>
				<groupId>org.springframework.plugin</groupId>
				<artifactId>spring-plugin-core</artifactId>
			</exclusion>
		</exclusions>
	</dependency>
	<dependency>
		<groupId>org.springframework.boot</groupId>
		<artifactId>spring-boot-starter-hateoas</artifactId>
	</dependency>
	<dependency>
		<groupId>org.springframework.boot</groupId>
		<artifactId>spring-boot-starter-security</artifactId>
	</dependency>
	<dependency>
		<groupId>org.springframework.boot</groupId>
		<artifactId>spring-boot-starter-oauth2-client</artifactId>
	</dependency>
	<dependency>
		<groupId>org.springframework.boot</groupId>
		<artifactId>spring-boot-starter-oauth2-resource-server</artifactId>
	</dependency>
	<dependency>
		<groupId>org.springframework.security</groupId>
		<artifactId>spring-security-jwt</artifactId>
		<version>${spring-security-jwt.version}</version>
	</dependency>
	<dependency>
		<groupId>com.nimbusds</groupId>
		<artifactId>oauth2-oidc-sdk</artifactId>
		<version>${oauth2-oidc-sdk.version}</version>
		<exclusions>
			<exclusion>
				<groupId>com.nimbusds</groupId>
				<artifactId>nimbus-jose-jwt</artifactId>
			</exclusion>
		</exclusions>
	</dependency>
	<dependency>
		<groupId>org.springframework.security.oauth</groupId>
		<artifactId>spring-security-oauth2</artifactId>
		<version>${spring-security-oauth2.version}</version>
	</dependency>
	<!-- Thymeleaf. -->
	<dependency>
		<groupId>org.springframework.boot</groupId>
		<artifactId>spring-boot-starter-thymeleaf</artifactId>
	</dependency>
	<dependency>
		<groupId>org.springframework.boot</groupId>
		<artifactId>spring-boot-starter-tomcat</artifactId>
		<scope>provided</scope>
	</dependency>		
</dependencies>
<build>
	<plugins>
		<plugin>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-maven-plugin</artifactId>
		</plugin>
		<plugin>
			<artifactId>maven-failsafe-plugin</artifactId>
		</plugin>
	</plugins>
</build>

<profiles>
	<profile>
		<id>docker</id>

		<build>
			<plugins>
				<plugin>
					<groupId>com.spotify</groupId>
					<artifactId>dockerfile-maven-plugin</artifactId>
					<version>${dockerfile-maven-version}</version>
					<executions>
						<execution>
							<id>default</id>
							<goals>
								<goal>build</goal>
								<goal>push</goal>
							</goals>
						</execution>
					</executions>
					<configuration>
						<repository>sac-api</repository>
						<buildArgs>
							<JAR_FILE>${project.build.finalName}.jar</JAR_FILE>
						</buildArgs>
					</configuration>
				</plugin>
			</plugins>
		</build>
	</profile>
</profiles>

This is the declaration point of the nimbus:

com.nimbusds
oauth2-oidc-sdk
${oauth2-oidc-sdk.version}


com.nimbusds
nimbus-jose-jwt

[vitor-ferreira-sousa]

This is my first issue so the final part that i put the dependence on nimbus missing the tags
<dependency> <groupId>com.nimbusds</groupId> <artifactId>oauth2-oidc-sdk</artifactId> <version>${oauth2-oidc-sdk.version}</version> <exclusions> <exclusion> <groupId>com.nimbusds</groupId> <artifactId>nimbus-jose-jwt</artifactId> </exclusion> </exclusions> </dependency>

[jgrandja]

@vitor-ferreira-sousa Spring Security OAuth 2.3.7 is no longer supported and this project will soon be deprecated. See announcement.

See related issues:
spring-projects/spring-security#8733
spring-projects/spring-security#8608

[vitor-ferreira-sousa]

i will change my dependencies. thanks!