Expected Behavior
One should be able to use the native build features of Spring Boot out of the box with .spring-boot-starter-oauth2-client.
I'm just doing the most naive login thru Google use case.
Current Behavior
Doesn't work out of the box. One need to resort to using the native-image-agent to collect the necessary introspection data.
Workaround
A RuntimeHintsRegistrar should be easy add.
Adding the following to META-INF/native-image/serialization-config.json fixes the issue:
{
"types":[
{
"name":"java.lang.Boolean"
},
{
"name":"java.lang.String"
},
{
"name":"java.net.URL"
},
{
"name":"java.time.Instant"
},
{
"name":"java.time.Ser"
},
{
"name":"java.util.ArrayList"
},
{
"name":"java.util.Collections$UnmodifiableCollection"
},
{
"name":"java.util.Collections$UnmodifiableList"
},
{
"name":"java.util.Collections$UnmodifiableMap"
},
{
"name":"java.util.Collections$UnmodifiableRandomAccessList"
},
{
"name":"java.util.Collections$UnmodifiableSet"
},
{
"name":"java.util.HashMap"
},
{
"name":"java.util.HashSet"
},
{
"name":"java.util.LinkedHashMap"
},
{
"name":"java.util.LinkedHashSet"
},
{
"name":"org.springframework.security.authentication.AbstractAuthenticationToken"
},
{
"name":"org.springframework.security.core.authority.SimpleGrantedAuthority"
},
{
"name":"org.springframework.security.core.context.SecurityContextImpl"
},
{
"name":"org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken"
},
{
"name":"org.springframework.security.oauth2.core.AbstractOAuth2Token"
},
{
"name":"org.springframework.security.oauth2.core.AuthorizationGrantType"
},
{
"name":"org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest"
},
{
"name":"org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponseType"
},
{
"name":"org.springframework.security.oauth2.core.oidc.OidcIdToken"
},
{
"name":"org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser"
},
{
"name":"org.springframework.security.oauth2.core.oidc.user.OidcUserAuthority"
},
{
"name":"org.springframework.security.oauth2.core.user.DefaultOAuth2User"
},
{
"name":"org.springframework.security.oauth2.core.user.OAuth2UserAuthority"
},
{
"name":"org.springframework.security.web.authentication.WebAuthenticationDetails"
}
],
"lambdaCapturingTypes":[
],
"proxies":[
]
}
Comment From: marcusdacoregio
Hi @rcomblen. Thanks for the report.
Can you provide more details about your application? Ideally, a minimal, reproducible sample would be great. I tried myself using the oauth2-login sample and it worked out of the box. I just had to tweak the Thymeleaf template (not related to Spring Security tho).
Comment From: spring-projects-issues
If you would like us to look at this issue, please provide the requested information. If the information is not provided within the next 7 days this issue will be closed.
Comment From: spring-projects-issues
Closing due to lack of requested feedback. If you would like us to look at this issue, please provide the requested information and we will re-open the issue.
Comment From: rcomblen
Hey @marcusdacoregio
Here is the kind of exception I get:
Caused by: com.oracle.svm.core.jdk.UnsupportedFeatureError: SerializationConstructorAccessor class not found for declaringClass: org.springframework.security.oauth2.core.OAuth2AuthorizationException (targetConstructorClass: java.lang.Object). Usually adding org.springframework.security.oauth2.core.OAuth2AuthorizationException to serialization-config.json fixes the problem.
It's pretty painful to work with, as native compilation takes a while, so feedback cycle is very long.
Where is the instrumentation performed in the source code of Spring Security ? Maybe I have something that prevents it from being loaded properly.