[jira] [Commented] (CAMEL-19969) camel-spring-boot-starter brings incompatible dependencies with spring security

Mon, 09 Oct 2023 09:08:06 -0700 


    [ 
https://issues.apache.org/jira/browse/CAMEL-19969?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17773396#comment-17773396
 ] 

Andrea Cosentino commented on CAMEL-19969:
------------------------------------------

Like showed in the camel-spring-boot-examples in the dependencyManagement 
you'll need to set:


{code:xml}
    <dependencyManagement>
        <dependencies>
            <dependency>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-dependencies</artifactId>
                <version>2.7.16</version>
                <type>pom</type>
                <scope>import</scope>
            </dependency>
            <dependency>
                <groupId>org.apache.camel.springboot</groupId>
                <artifactId>camel-spring-boot-bom</artifactId>
                <version>3.21.1</version>
                <type>pom</type>
                <scope>import</scope>
            </dependency>
        </dependencies>
  </dependencyManagement>
{code}

Like for example: 
https://github.com/apache/camel-spring-boot-examples/blob/camel-spring-boot-examples-3.20.4/aws-secrets-manager/pom.xml

If you run a mvn dependency:tree on your project the occurrence of 
spring-security are all at 5.7.11


{code:java}
mvn dependency:tree | grep spring-security
[INFO] |  +- 
org.springframework.security:spring-security-config:jar:5.7.11:compile
[INFO] |  |  +- 
org.springframework.security:spring-security-core:jar:5.7.11:compile
[INFO] |  |  |  \- 
org.springframework.security:spring-security-crypto:jar:5.7.11:compile
[INFO] |  \- org.springframework.security:spring-security-web:jar:5.7.11:compile
{code}




> camel-spring-boot-starter brings incompatible dependencies with spring 
> security
> -------------------------------------------------------------------------------
>
>                 Key: CAMEL-19969
>                 URL: https://issues.apache.org/jira/browse/CAMEL-19969
>             Project: Camel
>          Issue Type: Bug
>    Affects Versions: 3.21.1
>            Reporter: Ruslan Hryn
>            Priority: Critical
>
> camel-spring-boot-starter brings incompatible dependencies with spring boot 
> and spring security.
> The camel starter is compatible with Spring Boot 2.7.16 according to the 
> documentation.
> But the starter contains spring-security-config v 5.8.7 which is not 
> compatible with Spring Boot 2.7.16 bom because this version of Spring Boot 
> uses spring-security-config v 5.7.11
> This incompatibility of dependencies are causing crash during the start of 
> apps when using spring security
> Here is the reproducer [https://github.com/RuslanHryn/camel-deps-issue]
> Run AppTest
> Here is crash log
> {code:java}
> Caused by: org.springframework.beans.factory.BeanCreationException: Error 
> creating bean with name 
> 'org.springframework.security.config.annotation.web.configuration.HttpSecurityConfiguration.httpSecurity'
>  defined in class path resource 
> [org/springframework/security/config/annotation/web/configuration/HttpSecurityConfiguration.class]:
>  Bean instantiation via factory method failed; nested exception is 
> org.springframework.beans.BeanInstantiationException: Failed to instantiate 
> [org.springframework.security.config.annotation.web.builders.HttpSecurity]: 
> Factory method 'httpSecurity' threw exception; nested exception is 
> java.lang.NoSuchMethodError: 'void 
> org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.setSecurityContextHolderStrategy(org.springframework.security.core.context.SecurityContextHolderStrategy)'
>     at 
> org.springframework.beans.factory.support.ConstructorResolver.instantiate(ConstructorResolver.java:653)
>     at 
> org.springframework.beans.factory.support.ConstructorResolver.instantiateUsingFactoryMethod(ConstructorResolver.java:481)
>     at 
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.instantiateUsingFactoryMethod(AbstractAutowireCapableBeanFactory.java:1352)
>     at 
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1195)
>     at 
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:582)
>     at 
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:542)
>     at 
> org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:353)
>     at 
> org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:208)
>     at 
> org.springframework.beans.factory.config.DependencyDescriptor.resolveCandidate(DependencyDescriptor.java:276)
>     at 
> org.springframework.beans.factory.support.DefaultListableBeanFactory.doResolveDependency(DefaultListableBeanFactory.java:1391)
>     at 
> org.springframework.beans.factory.support.DefaultListableBeanFactory.resolveDependency(DefaultListableBeanFactory.java:1311)
>     at 
> org.springframework.beans.factory.support.ConstructorResolver.resolveAutowiredArgument(ConstructorResolver.java:911)
>     at 
> org.springframework.beans.factory.support.ConstructorResolver.createArgumentArray(ConstructorResolver.java:788)
>     ... 107 more
> Caused by: org.springframework.beans.BeanInstantiationException: Failed to 
> instantiate 
> [org.springframework.security.config.annotation.web.builders.HttpSecurity]: 
> Factory method 'httpSecurity' threw exception; nested exception is 
> java.lang.NoSuchMethodError: 'void 
> org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.setSecurityContextHolderStrategy(org.springframework.security.core.context.SecurityContextHolderStrategy)'
>     at 
> org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:185)
>     at 
> org.springframework.beans.factory.support.ConstructorResolver.instantiate(ConstructorResolver.java:648)
>     ... 119 more
> Caused by: java.lang.NoSuchMethodError: 'void 
> org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.setSecurityContextHolderStrategy(org.springframework.security.core.context.SecurityContextHolderStrategy)'
>     at 
> org.springframework.security.config.annotation.web.configuration.HttpSecurityConfiguration.httpSecurity(HttpSecurityConfiguration.java:112)
>     at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native 
> Method)
>     at 
> java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
>     at 
> java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>     at java.base/java.lang.reflect.Method.invoke(Method.java:568)
>     at 
> org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:154)
>     ... 120 more {code}
> Please downgrade the version of spring-security-config from 5.8.7 to 5.7.11 
> to be compatible with Spring Boot Spring Boot 2.7.16 
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to