After further research let me ask the question in a different way:
* Tomcat 10 is configured to do log4j2 logging.
* My log4j2 code works fine.
* Spring-cloud-azure-starter-active-directory seems to use logback and it
is incompatible with my Tomcat 10 setup.
Given the above… what do I need to add to Tomcat 10 to make it handle apps that
use logback for logging but still use my log4j2 Tomcat configuration for the
actual logging?
I would swear that Tomcat had slf4j and other logging translation libraries
built in… but perhaps Tomcat 10 no longer does for some and requires adding
some jars?
b.
From: Mark Thomas <ma...@apache.org>
Sent: Tuesday, April 11, 2023 2:41 PM
To: users@tomcat.apache.org
Subject: Re: Is Microsoft's spring-cloud-azure-starter-active-directory for
Spring Boot 3 / Spring 6 compatible with Tomcat 10?
On 11/04/2023 20: 28, BRUNO MELLONI wrote: > I was able to migrate applications
to Spring Boot 3 / Spring 6 (standalone or running on Tomcat 10) so long as
authentication was NOT through Azure AD. > > But when I tried to migrate
applications
ZjQcmQRYFpfptBannerStart
CAUTION: This Message Is From an External Source
This message originated outside the Chickasaw Nation. Do not click links or
open attachments unless you recognize the sender and know the content is safe!
Report Suspicious
<https://us-phishalarm-ewt.proofpoint.com/EWT/v1/IMeFMrRG1GeY!JdtUXLGR9ova4gOnS-0H1iEbkX_fwvLLfLoUe-WtR-fKP3iug2CA6Got_-7FykjdaEEVaYQaX_1JDstwjD_T9laTb_I1TVa4IKmJLM79$>
ZjQcmQRYFpfptBannerEnd
On 11/04/2023 20:28, BRUNO MELLONI wrote:
> I was able to migrate applications to Spring Boot 3 / Spring 6 (standalone or
> running on Tomcat 10) so long as authentication was NOT through Azure AD.
>
> But when I tried to migrate applications that used Microsoft's
> spring-cloud-azure-starter-active-directory for authentication of 2-step
> authenticated webapps (the preferred approach) I started to get this error
> during application deploy to Tomcat 10:
>
> Cannot cast ch.qos.logback.classic.servlet.LogbackServletContainerInitializer
> to jakarta.servlet.ServletContainerInitializer
>
>
> My suspicion is that Microsoft's latest implementation is not compatible with
> Tomcat's approach to support log4j logging (as far as I know the approach has
> been around since at least Tomcat 9). But of course I could be wrong. Has
> anybody had any success? Was there any trick to migrating to Spring Boot 3 /
> Spring 6 / Tomcat 10 with 2-step authentication and authorization using Azure
> AD?
>
>
>
> NOTE: I did succeed with 2-step auth with Azure AD when I dropped the
> Microsoft spring-cloud-azure-starter-active-directory dependency and instead
> used the raw OAuth2 approach to connect to Azure AD. The problem though is
> that roles defined in Azure are not coming through to the GrantedAuthorities
> of the SecurityContext or Principal. I know I could extract the UPN from the
> Principal and then define the AD Groups in the on-premises AD instead of
> Azure AD, but that would require code changes and what is worse it would make
> me hostage to the availability of sysadmins that manage our on-premises AD...
> meaning weeks of delay for new AD groups. It is a hack that I'd rather not
> use if Azure authorization can be made to work properly.
>
> Any other advice will be welcome too.
No idea but some questions that might help.
Some sort of Java EE / Jakarta EE conflict?
A JAR present in the WAR that contains some of the Servlet API JARs?
Which version of which JAR is that ServletContainerInitializer coming from?
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail:
users-unsubscr...@tomcat.apache.org<mailto:users-unsubscr...@tomcat.apache.org>
For additional commands, e-mail:
users-h...@tomcat.apache.org<mailto:users-h...@tomcat.apache.org>
