Setting up okta oidc for use with Spring-boot 2.1

I am trying to set-up an application to use Okta-oidc with Spring-boot 2.1.

I followed the steps from https://developer.okta.com/blog/2017/12/18/spring-security-5-oidc and created a project. Then as suggested by Matt, since I am using Spring 2.1, I added the maven dependency for okta-spring-boot-starter and then tried to add the controller from https://github.com/okta/okta-spring-boot#supporting-client-side-applications---oauth-implicit-flow

When I tried to start the application, I get the below error.

Thanks

org.springframework.beans.factory.BeanCreationException: Error creating bean with name ā€˜springSecurityFilterChainā€™ defined in class path resource [org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [javax.servlet.Filter]: Factory method ā€˜springSecurityFilterChainā€™ threw exception; nested exception is java.lang.NoClassDefFoundError: org/springframework/security/oauth2/server/resource/web/BearerTokenResolver
at org.springframework.beans.factory.support.ConstructorResolver.instantiate(ConstructorResolver.java:627) ~[spring-beans-5.1.4.RELEASE.jar:5.1.4.RELEASE]
at org.springframework.beans.factory.support.ConstructorResolver.instantiateUsingFactoryMethod(ConstructorResolver.java:456) ~[spring-beans-5.1.4.RELEASE.jar:5.1.4.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.instantiateUsingFactoryMethod(AbstractAutowireCapableBeanFactory.java:1288) ~[spring-beans-5.1.4.RELEASE.jar:5.1.4.RELEASE]

Caused by: org.springframework.beans.BeanInstantiationException: Failed to instantiate [javax.servlet.Filter]: Factory method ā€˜springSecurityFilterChainā€™ threw exception; nested exception is java.lang.NoClassDefFoundError: org/springframework/security/oauth2/server/resource/web/BearerTokenResolver
at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:185) ~[spring-beans-5.1.4.RELEASE.jar:5.1.4.RELEASE]
at org.springframework.beans.factory.support.ConstructorResolver.instantiate(ConstructorResolver.java:622) ~[spring-beans-5.1.4.RELEASE.jar:5.1.4.RELEASE]
ā€¦ 21 common frames omitted
Caused by: java.lang.NoClassDefFoundError: org/springframework/security/oauth2/server/resource/web/BearerTokenResolver
at org.springframework.security.config.annotation.web.builders.HttpSecurity.oauth2ResourceServer(HttpSecurity.java:1018) ~[spring-security-config-5.1.3.RELEASE.jar:5.1.3.RELEASE]
at com.test.okta.mastersrx.testoidc.ExampleApplication$OktaOAuth2WebSecurityConfigurerAdapter.configure(ExampleApplication.java:34) ~[classes/:na]
at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter.getHttp(WebSecurityConfigurerAdapter.java:231) ~[spring-security-config-5.1.3.RELEASE.jar:5.1.3.RELEASE]
at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter.init(WebSecurityConfigurerAdapter.java:322) ~[spring-security-config-5.1.3.RELEASE.jar:5.1.3.RELEASE]
ā€¦ 22 common frames omitted
Caused by: java.lang.ClassNotFoundException: org.springframework.security.oauth2.server.resource.web.BearerTokenResolver
at java.net.URLClassLoader.findClass(URLClassLoader.java:382) ~[na:1.8.0_191]
at java.lang.ClassLoader.loadClass(ClassLoader.java:424) ~[na:1.8.0_191]
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:349) ~[na:1.8.0_191]
at java.lang.ClassLoader.loadClass(ClassLoader.java:357) ~[na:1.8.0_191]
ā€¦ 42 common frames omitted

Here is the pom.xml that is associated with the project

<?xml version="1.0" encoding="UTF-8"?>


4.0.0

org.springframework.boot
spring-boot-starter-parent
2.1.2.RELEASE



com.test.okta.mastersrx
test-okta-oidc
0.0.1-SNAPSHOT
test-okta-oidc
Demo project for Spring Boot

<properties>
	<java.version>1.8</java.version>
</properties>

<dependencies>
	<dependency>
		<groupId>org.springframework.boot</groupId>
		<artifactId>spring-boot-starter-security</artifactId>
	</dependency>
	<dependency>
		<groupId>org.springframework.boot</groupId>
		<artifactId>spring-boot-starter-thymeleaf</artifactId>
	</dependency>
	<dependency>
		<groupId>org.springframework.boot</groupId>
		<artifactId>spring-boot-starter-web</artifactId>
	</dependency>
	<dependency>
		<groupId>org.springframework.boot</groupId>
		<artifactId>spring-boot-starter-webflux</artifactId>
	</dependency>

	<dependency>
		<groupId>org.springframework.security</groupId>
		<artifactId>spring-security-config</artifactId>
	</dependency>
	<dependency>
		<groupId>org.springframework.security</groupId>
		<artifactId>spring-security-oauth2-client</artifactId>
	</dependency>
	<dependency>
		<groupId>org.springframework.security</groupId>
		<artifactId>spring-security-oauth2-jose</artifactId>
	</dependency>
	<dependency>
		<groupId>org.thymeleaf.extras</groupId>
		<artifactId>thymeleaf-extras-springsecurity5</artifactId>
	</dependency>

	<!-- https://mvnrepository.com/artifact/org.springframework.boot/spring-boot-starter-oauth2-client -->
	<!--<dependency>-->
		<!--<groupId>org.springframework.boot</groupId>-->
		<!--<artifactId>spring-boot-starter-oauth2-client</artifactId>-->
		<!--&lt;!&ndash;<version>2.1.2.RELEASE</version>&ndash;&gt;-->
	<!--</dependency>-->

	<!-- https://mvnrepository.com/artifact/com.okta.spring/okta-spring-boot-starter -->
	<dependency>
		<groupId>com.okta.spring</groupId>
		<artifactId>okta-spring-boot-starter</artifactId>
	</dependency>

	<dependency>
		<groupId>org.springframework.boot</groupId>
		<artifactId>spring-boot-starter-test</artifactId>
		<scope>test</scope>
	</dependency>
	<dependency>
		<groupId>io.projectreactor</groupId>
		<artifactId>reactor-test</artifactId>
		<scope>test</scope>
	</dependency>
	<dependency>
		<groupId>org.springframework.security</groupId>
		<artifactId>spring-security-test</artifactId>
		<scope>test</scope>
	</dependency>
</dependencies>

<build>
	<plugins>
		<plugin>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-maven-plugin</artifactId>
		</plugin>
	</plugins>
</build>

Can you try reformatting your post and using Markdown around the error and code? Iā€™m especially interested in your pom.xml. Or maybe you can publish your project to GitHub and I can clone/reproduce.

Thanks!

Let me try to create a github account and add the project there.

@mraible - Added repo at https://github.com/adbdkb/oktaforum-okta-oidc-spring21

Hello adbdkb,

I created a pull request that should fix things. The main issues I found were:

  1. You didnā€™t have version 1.0.0 specified for the Okta Spring Boot Starter.
  2. You didnā€™t have the correct Okta properties in your application.properties.

Hope this helps!

Matt

Thanks Matt. It worked.

Aru

1 Like

@mraible

Matt,

Do you have any examples / samples or know of any resources I can check out for using the Okta SDK or using the REST api from the above application ( java, Spring boot 2.1, spring security 5,1, oidc )?

I need to be able to get user info, reset password, create user, associate user with groups from the application?

Thanks,
Aru

No, I do not. @bdemers Do you have any sample apps for the Java SDK that show reset password, create user, etc.?

If the SDK jars are on your classpath you can just inject a Client, for the actual examples take a look at the SDK README:

Does that help?

Thanks, @bdemers.

I am new to oidc / okta. I had a look at the sdk documentation, but I still need help with setting up the client.

So, in my application, I will have a log-in page where after the user logs in using the okta oidc ( donā€™t know, if this is correct to say - using the okta oidc ), I need to perform these functions.

Also, the createUser, associating user to a group will need to be done as a background call, not associated with a logged in user.

In the example that creates client object, it is looking for the {apiToken} value.

I need help with getting that token value,

Client client = Clients.builder()
.setOrgUrl("{yourOktaDomain}")
.setClientCredentials(new TokenClientCredentials("{apiToken}"))
.build();

My questions are

Is the {apiToken} associated with

  1. An Okta tenant ?
  2. An application on a given tenant?
  3. Every user that logs in?

In either case, can I retrieve this value programmatically at runtime? If so, how do I go about it?

Thanks again for your help.

Aru

In the Spring Boot world your best bet would be to set the properties:
okta.client.orgUrl and okta.client.token (with any Spring technique), and let the AutoConfiguration create the bean for you (and inject the Client object anywhere you need it).

But either way once you have the client, the operations are the same.

The apiToken is associated with your Okta tenant (and the user that created it)

Thanks. Also, can the tokens be created programmatically onetime ( the token name being the key, so it would return it if it is already created ) for the tenant AND the user or do they have to be done from UI only?

Aru

Currently API tokens need to be created via the UI.