I am migrating from Spring Boot 1.5 to 2.0. When providing a success handler to HttpSecurity, a ClassNotFoundException is thrown for org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter. Here's a simple way to reproduce:
@Configuration
@EnableOAuth2Sso
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Override
public void configure(HttpSecurity http) throws Exception {
http
.antMatcher("/**").authorizeRequests()
.antMatchers("/", "/login**", "/")
.permitAll()
.anyRequest()
.authenticated().and().oauth2Login().successHandler(new SecurityHandler());
}
}
and SecurityHandler:
@Component
public class SecurityHandler implements AuthenticationSuccessHandler {
@Override
public void onAuthenticationSuccess(HttpServletRequest var1, HttpServletResponse var2, Authentication var3) throws IOException, ServletException {
}
}
Everything works fine until you add the successHandler. At that point, Spring fails to boot due to the class not found:
Caused by: java.lang.ClassNotFoundException: org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter
at java.net.URLClassLoader.findClass(URLClassLoader.java:381) ~[na:1.8.0_121]
at java.lang.ClassLoader.loadClass(ClassLoader.java:424) ~[na:1.8.0_121]
at org.springframework.boot.loader.LaunchedURLClassLoader.loadClass(LaunchedURLClassLoader.java:94) ~[patriotic-web.jar:0.0.1-SNAPSHOT]
at java.lang.ClassLoader.loadClass(ClassLoader.java:357) ~[na:1.8.0_121]
... 56 common frames omitted
Comment From: philwebb
@willfitch Do you have the spring-security-oauth2-client jar on your classpath? See this section of the docs
Comment From: willfitch
Thanks @philwebb. I did add that dependency:
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-oauth2-client</artifactId>
<version>5.0.3.RELEASE</version>
</dependency>
Now, a completely unexpected issue has arisen:
***************************
APPLICATION FAILED TO START
***************************
Description:
Method springSecurityFilterChain in org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration required a bean of type 'org.springframework.security.oauth2.client.registration.ClientRegistrationRepository' that could not be found.
- Bean method 'clientRegistrationRepository' not loaded because OAuth2 Clients Configured Condition registered clients is not available
Action:
Consider revisiting the conditions above or defining a bean of type 'org.springframework.security.oauth2.client.registration.ClientRegistrationRepository' in your configuration.
A couple of questions: 1. Is the OAuth2 client requirement emitted from Spring Boot for a reason? 2. Following up on the above, there doesn't seem to be a decent migration plan for the above use case demonstrating existing OAuth2 integrations that simply require a "hook" once authentication is successful. Are you aware of any?
Comment From: philwebb
Is the OAuth2 client requirement emitted from Spring Boot for a reason?
Yeah, we didn't want to include it in the security starter because not everyone will need OAuth login support. Adding a dedicated starter with just one dependency also didn't seem sensible.
...demonstrating existing OAuth2 integrations that simply require a "hook" once authentication is successful
I'm not, @mbhave might know of one. Our sample doesn't use the successHandler hook.
Comment From: philwebb
For the failure you're seeing, you need to define some spring.security.oauth2.client properties like this. Check out the updated documentation for details.
Comment From: willfitch
Appreciate your help, @philwebb
Comment From: konstantin-doncov
@philwebb hi! I faced the same problem. OAuth2 worked fine, but when I added(from this answer):
http.oauth2Login().failureHandler(new CustomAuthenticationFailureHandler());
then I got ClassNotFoundException. After that I added spring-security-oauth2-client and got
Bean method 'clientRegistrationRepository' not loaded because OAuth2 Clients Configured Condition registered clients is not available
Do I need to add these properties, if I already have oauth_client_details table with my clients in my DB and all worked fine until failureHandler()?
Comment From: philwebb
@don-prog Please ask questions on stackoverflow.com