Setting up okta oidc for use with Spring-boot 2.1

adbdkb · January 23, 2019, 12:22am

I am trying to set-up an application to use Okta-oidc with Spring-boot 2.1.

I followed the steps from Get Started with Spring Security 5.0 and OIDC | Okta Developer and created a project. Then as suggested by Matt, since I am using Spring 2.1, I added the maven dependency for okta-spring-boot-starter and then tried to add the controller from GitHub - okta/okta-spring-boot: Okta Spring Boot Starter

When I tried to start the application, I get the below error.

Thanks

org.springframework.beans.factory.BeanCreationException: Error creating bean with name ‘springSecurityFilterChain’ defined in class path resource [org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [javax.servlet.Filter]: Factory method ‘springSecurityFilterChain’ threw exception; nested exception is java.lang.NoClassDefFoundError: org/springframework/security/oauth2/server/resource/web/BearerTokenResolver
at org.springframework.beans.factory.support.ConstructorResolver.instantiate(ConstructorResolver.java:627) ~[spring-beans-5.1.4.RELEASE.jar:5.1.4.RELEASE]
at org.springframework.beans.factory.support.ConstructorResolver.instantiateUsingFactoryMethod(ConstructorResolver.java:456) ~[spring-beans-5.1.4.RELEASE.jar:5.1.4.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.instantiateUsingFactoryMethod(AbstractAutowireCapableBeanFactory.java:1288) ~[spring-beans-5.1.4.RELEASE.jar:5.1.4.RELEASE]

Caused by: org.springframework.beans.BeanInstantiationException: Failed to instantiate [javax.servlet.Filter]: Factory method ‘springSecurityFilterChain’ threw exception; nested exception is java.lang.NoClassDefFoundError: org/springframework/security/oauth2/server/resource/web/BearerTokenResolver
at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:185) ~[spring-beans-5.1.4.RELEASE.jar:5.1.4.RELEASE]
at org.springframework.beans.factory.support.ConstructorResolver.instantiate(ConstructorResolver.java:622) ~[spring-beans-5.1.4.RELEASE.jar:5.1.4.RELEASE]
… 21 common frames omitted
Caused by: java.lang.NoClassDefFoundError: org/springframework/security/oauth2/server/resource/web/BearerTokenResolver
at org.springframework.security.config.annotation.web.builders.HttpSecurity.oauth2ResourceServer(HttpSecurity.java:1018) ~[spring-security-config-5.1.3.RELEASE.jar:5.1.3.RELEASE]
at com.test.okta.mastersrx.testoidc.ExampleApplication$OktaOAuth2WebSecurityConfigurerAdapter.configure(ExampleApplication.java:34) ~[classes/:na]
at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter.getHttp(WebSecurityConfigurerAdapter.java:231) ~[spring-security-config-5.1.3.RELEASE.jar:5.1.3.RELEASE]
at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter.init(WebSecurityConfigurerAdapter.java:322) ~[spring-security-config-5.1.3.RELEASE.jar:5.1.3.RELEASE]
… 22 common frames omitted
Caused by: java.lang.ClassNotFoundException: org.springframework.security.oauth2.server.resource.web.BearerTokenResolver
at java.net.URLClassLoader.findClass(URLClassLoader.java:382) ~[na:1.8.0_191]
at java.lang.ClassLoader.loadClass(ClassLoader.java:424) ~[na:1.8.0_191]
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:349) ~[na:1.8.0_191]
at java.lang.ClassLoader.loadClass(ClassLoader.java:357) ~[na:1.8.0_191]
… 42 common frames omitted

Here is the pom.xml that is associated with the project

<?xml version="1.0" encoding="UTF-8"?>

4.0.0

org.springframework.boot
spring-boot-starter-parent
2.1.2.RELEASE

com.test.okta.mastersrx
test-okta-oidc
0.0.1-SNAPSHOT
test-okta-oidc
Demo project for Spring Boot

<properties>
	<java.version>1.8</java.version>
</properties>

<dependencies>
	<dependency>
		<groupId>org.springframework.boot</groupId>
		<artifactId>spring-boot-starter-security</artifactId>
	</dependency>
	<dependency>
		<groupId>org.springframework.boot</groupId>
		<artifactId>spring-boot-starter-thymeleaf</artifactId>
	</dependency>
	<dependency>
		<groupId>org.springframework.boot</groupId>
		<artifactId>spring-boot-starter-web</artifactId>
	</dependency>
	<dependency>
		<groupId>org.springframework.boot</groupId>
		<artifactId>spring-boot-starter-webflux</artifactId>
	</dependency>

	<dependency>
		<groupId>org.springframework.security</groupId>
		<artifactId>spring-security-config</artifactId>
	</dependency>
	<dependency>
		<groupId>org.springframework.security</groupId>
		<artifactId>spring-security-oauth2-client</artifactId>
	</dependency>
	<dependency>
		<groupId>org.springframework.security</groupId>
		<artifactId>spring-security-oauth2-jose</artifactId>
	</dependency>
	<dependency>
		<groupId>org.thymeleaf.extras</groupId>
		<artifactId>thymeleaf-extras-springsecurity5</artifactId>
	</dependency>

	<!-- https://mvnrepository.com/artifact/org.springframework.boot/spring-boot-starter-oauth2-client -->
	<!--<dependency>-->
		<!--<groupId>org.springframework.boot</groupId>-->
		<!--<artifactId>spring-boot-starter-oauth2-client</artifactId>-->
		<!--&lt;!&ndash;<version>2.1.2.RELEASE</version>&ndash;&gt;-->
	<!--</dependency>-->

	<!-- https://mvnrepository.com/artifact/com.okta.spring/okta-spring-boot-starter -->
	<dependency>
		<groupId>com.okta.spring</groupId>
		<artifactId>okta-spring-boot-starter</artifactId>
	</dependency>

	<dependency>
		<groupId>org.springframework.boot</groupId>
		<artifactId>spring-boot-starter-test</artifactId>
		<scope>test</scope>
	</dependency>
	<dependency>
		<groupId>io.projectreactor</groupId>
		<artifactId>reactor-test</artifactId>
		<scope>test</scope>
	</dependency>
	<dependency>
		<groupId>org.springframework.security</groupId>
		<artifactId>spring-security-test</artifactId>
		<scope>test</scope>
	</dependency>
</dependencies>

<build>
	<plugins>
		<plugin>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-maven-plugin</artifactId>
		</plugin>
	</plugins>
</build>

mraible · January 23, 2019, 12:58am

Can you try reformatting your post and using Markdown around the error and code? I’m especially interested in your pom.xml. Or maybe you can publish your project to GitHub and I can clone/reproduce.

Thanks!

adbdkb · January 23, 2019, 1:36am

Let me try to create a github account and add the project there.

adbdkb · January 23, 2019, 2:20am

@mraible - Added repo at https://github.com/adbdkb/oktaforum-okta-oidc-spring21

mraible · January 23, 2019, 4:08pm

Hello adbdkb,

I created a pull request that should fix things. The main issues I found were:

You didn’t have version 1.0.0 specified for the Okta Spring Boot Starter.
You didn’t have the correct Okta properties in your application.properties.

Hope this helps!

Matt

adbdkb · January 24, 2019, 3:47pm

Thanks Matt. It worked.

Aru

adbdkb · January 25, 2019, 3:42am

@mraible

Matt,

Do you have any examples / samples or know of any resources I can check out for using the Okta SDK or using the REST api from the above application ( java, Spring boot 2.1, spring security 5,1, oidc )?

I need to be able to get user info, reset password, create user, associate user with groups from the application?

Thanks,
Aru

mraible · January 25, 2019, 7:16am

No, I do not. @bdemers Do you have any sample apps for the Java SDK that show reset password, create user, etc.?

bdemers · January 25, 2019, 2:39pm

If the SDK jars are on your classpath you can just inject a Client, for the actual examples take a look at the SDK README:

Create a user: https://github.com/okta/okta-sdk-java#create-a-user
Associate User to a group: https://github.com/okta/okta-sdk-java#add-a-user-to-a-group
For reset password, you can just call user.resetPassword()

Does that help?

adbdkb · January 25, 2019, 3:13pm

Thanks, @bdemers.

I am new to oidc / okta. I had a look at the sdk documentation, but I still need help with setting up the client.

So, in my application, I will have a log-in page where after the user logs in using the okta oidc ( don’t know, if this is correct to say - using the okta oidc ), I need to perform these functions.

Also, the createUser, associating user to a group will need to be done as a background call, not associated with a logged in user.

In the example that creates client object, it is looking for the {apiToken} value.

I need help with getting that token value,

Client client = Clients.builder()
.setOrgUrl("{yourOktaDomain}")
.setClientCredentials(new TokenClientCredentials("{apiToken}"))
.build();

My questions are

Is the {apiToken} associated with

An Okta tenant ?
An application on a given tenant?
Every user that logs in?

In either case, can I retrieve this value programmatically at runtime? If so, how do I go about it?

Thanks again for your help.

Aru

bdemers · January 25, 2019, 3:40pm

In the Spring Boot world your best bet would be to set the properties:
okta.client.orgUrl and okta.client.token (with any Spring technique), and let the AutoConfiguration create the bean for you (and inject the Client object anywhere you need it).

But either way once you have the client, the operations are the same.

The apiToken is associated with your Okta tenant (and the user that created it)

adbdkb · January 25, 2019, 3:48pm

Thanks. Also, can the tokens be created programmatically onetime ( the token name being the key, so it would return it if it is already created ) for the tenant AND the user or do they have to be done from UI only?

Aru

bdemers · January 28, 2019, 2:17pm

Currently API tokens need to be created via the UI.

system · January 17, 2024, 7:35pm

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.