Describe the bug Referring to: #8882
When defining a custom NimbusJwtDecoder i am receiving a java.lang.StackOverflowError: null exception when processing the JWT token
To Reproduce Dependencies:
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>3.1.5</version>
</parent>
<dependencies>
....
<!-- Spring security -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-oauth2-resource-server</artifactId>
</dependency>
....
</dependencies>
Following security chain:
@Bean
protected SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http.cors(AbstractHttpConfigurer::disable)
.csrf(AbstractHttpConfigurer::disable)
.sessionManagement(sess -> sess.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
.authorizeHttpRequests(auth -> auth
//PUBLIC ACCESS
.requestMatchers(PUBLIC_URLS)
.permitAll()
//RESTRICTED ACCESS
.anyRequest()
.authenticated())
.oauth2ResourceServer(oauth2 -> oauth2
.jwt(withDefaults())
// Add HeaderBearerTokenResolver and set custom HTTP-HEADER as default
.bearerTokenResolver(new HeaderBearerTokenResolver(RequestUtils.HTTP_HEADER))
// Add the entry point here to respond with response
.authenticationEntryPoint(new AuthenticationEntryPoint(handlerExceptionResolver)));
return http.build();
}
When creating custom jwtDecoder (customized restTemplate)
@Bean
JwtDecoder jwtDecoder() {
return NimbusJwtDecoder.withJwkSetUri(jwkSetURI)
.restOperations(customRestTemplate)
.build();
}
Spring boot resource service is throwing:
java.lang.StackOverflowError: null
at java.base/java.lang.ReflectiveOperationException.<init>(ReflectiveOperationException.java:90)
at java.base/java.lang.reflect.InvocationTargetException.<init>(InvocationTargetException.java:67)
at jdk.internal.reflect.GeneratedMethodAccessor18.invoke(Unknown Source)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:568)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:343)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:237)
at jdk.proxy2/jdk.proxy2.$Proxy186.authenticate(Unknown Source)
at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:201)
at jdk.internal.reflect.GeneratedMethodAccessor18.invoke(Unknown Source)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:568)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:343)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:237)
at jdk.proxy2/jdk.proxy2.$Proxy186.authenticate(Unknown Source)
at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:201)
at jdk.internal.reflect.GeneratedMethodAccessor18.invoke(Unknown Source)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:568)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:343)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:237)
at jdk.proxy2/jdk.proxy2.$Proxy186.authenticate(Unknown Source)
at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:201)
at jdk.internal.reflect.GeneratedMethodAccessor18.invoke(Unknown Source)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:568)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:343)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:237)
at jdk.proxy2/jdk.proxy2.$Proxy186.authenticate(Unknown Source)
at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:201)
at jdk.internal.reflect.GeneratedMethodAccessor18.invoke(Unknown Source)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:568)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:343)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:237)
at jdk.proxy2/jdk.proxy2.$Proxy186.authenticate(Unknown Source)
Expected behavior JWT token should be validated as before defining custom JwtDecoder.
Disclaimer: When using the default JwtDecoder the java.lang.StackOverflowError: null does not occure
Comment From: jzheaux
Hi, @Christian-Schmidt-db, thanks for the report. Sadly, I'm not able to reproduce the issue with the given information.
Will you please include a minimal GitHub sample that reproduces the issue?
Comment From: spring-projects-issues
If you would like us to look at this issue, please provide the requested information. If the information is not provided within the next 7 days this issue will be closed.
Comment From: spring-projects-issues
Closing due to lack of requested feedback. If you would like us to look at this issue, please provide the requested information and we will re-open the issue.
Comment From: dtejares23
Hi, I have a problem in my Eclipse IDE during creation of "Spring Starter Project".
I always encounter this error:
StackOverflowError: null java.lang.reflect.InvocationTargetException
Comment From: jzheaux
@dtejares23, sorry you are having trouble. Please post this to Stack Overflow as we prefer to use GitHub for bugs and feature requests. If you wish, you can paste the StackOverflow link here and I and others can help from there.