I am trying to implement OAuth2 AuthorizationServer as described in this article but I keep getting the error below. For a spring security config:
import org.springframework.beans.factory.annotation.Value; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.core.annotation.Order; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; @Configuration @Order(1) class SecurityConfig extends WebSecurityConfigurerAdapter { @Value("${user.oauth.user.username}") private String username; @Value("${user.oauth.user.password}") private String password; @Override protected void configure(HttpSecurity http) throws Exception { http.requestMatchers() .antMatchers("/login", "/oauth/authorize") .and() .authorizeRequests() .anyRequest().authenticated() .and() .formLogin().permitAll(); } @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { auth.inMemoryAuthentication() .withUser(username) .password(passwordEncoder().encode(password)) .roles("USER"); } @Bean public BCryptPasswordEncoder passwordEncoder() { return new BCryptPasswordEncoder(); } } I keep getting this error:
[ERROR] Failed to execute goal org.apache.maven.plugins:maven-compiler-plugin:3.8.0:compile (default-compile) on project auth-service: Compilation failure [ERROR] /home/mcs/auth-service/src/main/java/com/example/authservice/config/SecurityConfig.java:[14,1] cannot access javax.servlet.Filter [ERROR] class file for javax.servlet.Filter not found What does it mean and what seems to be wrong?
My pom.xml generated form start.spring.io using the latest M2 release for Spring Boot:
<?xml version="1.0" encoding="UTF-8"?> <project xmlns="" xmlns:xsi="" xsi:schemaLocation=" "> <modelVersion>4.0.0</modelVersion> <parent> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-parent</artifactId> <version>2.2.0.M2</version> <relativePath/> <!-- lookup parent from repository --> </parent> <groupId>com.example</groupId> <artifactId>auth-service</artifactId> <version>0.0.1-SNAPSHOT</version> <name>auth-service</name> <description>Authorization service</description> <properties> <java.version>11</java.version> </properties> <dependencies> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-security</artifactId> </dependency> <dependency> <groupId>com.okta.spring</groupId> <artifactId>okta-spring-boot-starter</artifactId> <version>1.1.0</version> </dependency> <dependency> <groupId>org.springframework.security.oauth</groupId> <artifactId>spring-security-oauth2</artifactId> <version>2.3.5.RELEASE</version> </dependency> <dependency> <groupId>org.projectlombok</groupId> <artifactId>lombok</artifactId> <version>2.6.7</version> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-test</artifactId> <scope>test</scope> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-test</artifactId> <scope>test</scope> </dependency> </dependencies> <build> <plugins> <plugin> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-maven-plugin</artifactId> </plugin> </plugins> </build> <repositories> <repository> <id>spring-snapshots</id> <name>Spring Snapshots</name> <url> <snapshots> <enabled>true</enabled> </snapshots> </repository> <repository> <id>spring-milestones</id> <name>Spring Milestones</name> <url> </repository> </repositories> <pluginRepositories> <pluginRepository> <id>spring-snapshots</id> <name>Spring Snapshots</name> <url> <snapshots> <enabled>true</enabled> </snapshots> </pluginRepository> <pluginRepository> <id>spring-milestones</id> <name>Spring Milestones</name> <url> </pluginRepository> </pluginRepositories> </project> 7 Answers
The article which you have shared asks you to add web dependency which i dont see in your pom.xml file. Add the below dependency which should solve the javax.servlet error
<dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-web</artifactId> </dependency> If you check within the spring-boot-starter-web pom file you will see a dependency to javax.servlet-api - 3.1.0.
I faced the same issue but fixed after adding dependency spring-boot-starter-web
<dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-web</artifactId> <version>2.4.2</version> </dependency> 1Look at the version of the servlet api that spring is dependent on then in Gradle include:
compileOnly("javax.servlet:javax.servlet-api:X") Where X is the version of servlet-api spring is dependent on.
The error message you are seeing (cannot access javax.servlet.Filter) suggests that there is a problem with the classpath and that the Servlet API is missing.
<dependency> <groupId>javax.servlet</groupId> <artifactId>javax.servlet-api</artifactId> <version>4.0.1</version> <scope>provided</scope> </dependency> Once you have added the Servlet API to your classpath, you should be able to compile your code successfully.
For those using gradle just add and you are good to go
implementation 'org.springframework.boot:spring-boot-starter-web' Check your dependency hierarchy tree. Does it contain javax servlet api. If not, choose a relevant version from here and add it to your pom.xml
While this is a different problem, it has the same error message so if you get here and were trying to get WebFlux to work and you see this error
public class PreAuthorizeSecurityConfigAdapter extends WebSecurityConfigurerAdapter { ^ class file for javax.servlet.Filter not found It's probably that WebFlux does not support your usecase. I was trying to get @PreAuthorize(hasPermission(...)) but after much googling found WebFlux doesn't support it and that you should just use your own bean like this instead:
@PreAuthorize("@somePermissionEvaluatorBean.hasPermission(authentication, ...")