26

I'm running a KeyCloak server to authenticate users who would like to gain access to a Spring Boot/Spring Web REST API. However, an error occurs while trying to authenticate.

The following works:

  • When I access http://localhost:8080/path/to/restapi
  • I get presented with a login screen as expected: -- KeyCloak Login Screen
  • When I click login the following error occurs on the redirect from within my browser:

Whitelabel Error Page This application has no explicit mapping for /error, so you are seeing this as a fallback.

This is the error that's printed to the Spring Boot console:

Caused by: java.lang.ClassNotFoundException: java.security.acl.Group
  at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:602) ~[na:na]
  at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:178) ~[na:na]
  at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:522) ~[na:na]
  ... 33 common frames omitted

The KeyCloak server shows that the session is active for the user to the application. However, the authenication process is never completed due to the above missing class.

deduper
  • 1,944
  • 9
  • 22
Reinhard Behrens
  • 748
  • 1
  • 6
  • 13
  • I got the same issue but upgrading to JDK 11 did not fix it. I also downgraded to JDK 8 and that also didn't work. I also experience this issue when deploying this to a docker swarm service. Locally my Springboot service works fine. Any fix for this? – spoilerd do Jun 29 '20 at 21:09

5 Answers5

37

After some research I found the answer to my problem.

The problem is that java.security.acl.Group is being deprecated since JRE 9 and marked for removal in future versions.

java.security.acl.Group is being replaced by java.security.Policy

I was running my Spring-Boot application on JRE 14 in which this class appeared to be no longer available.

So once I changed my Spring-boot application (which hosts the REST-API) to use JRE 11 the error went away.

Note: The pom.xml Java version attibute <java.version>11</java.version> needed to change as well as the JDK in the build path in Eclipse (which is the IDE I'm using) JDK Buildpath

Reinhard Behrens
  • 748
  • 1
  • 6
  • 13
17

Ran into the same issue.

By the way, it's reported in the keycloak issue tracker here: https://issues.redhat.com/browse/KEYCLOAK-13690

Should be fixed in keycloak 11.

Stéphane
  • 514
  • 5
  • 16
  • 10
    I was very pleased to see that Keycloak 11 was just released. Unfortunately they switched the FIX Version for this issue to Keycloak 12. – Lars Aug 14 '20 at 06:12
  • 5
    Update, they switched to fix it to Keycloak 13 https://github.com/keycloak/keycloak/pull/7533 – Giovane Dec 20 '20 at 18:42
  • Keycloak 13 is out, I will try it out this week. We switched to Jetty for running under Java 15, hope that Tomcat will be working again with the new version. – Dmitriy Popov May 10 '21 at 13:05
  • Seems to be fixed in Java client artifacts of version `13.0.0`. It's now working under Tomcat and Java 15. – Dmitriy Popov May 21 '21 at 12:43
8

I was able to get rid of this problem by keeping JDK 14 but switching from Tomcat to Jetty with Spring Boot. Jetty removed usage of this deprecated class java.security.acl.Group starting from 9.4.x. See here: https://github.com/eclipse/jetty.project/issues/3394. You have to be careful about choosing the right library version for spring-boot-starter-jetty to see if it is already using Jetty 9.4+ underneath.

This is how you switch from embedded Tomcat to Jetty:

    <dependency>
      <groupId>org.springframework.boot</groupId>
      <artifactId>spring-boot-starter-web</artifactId>
      <exclusions>
        <!-- Exclude the Tomcat dependency -->
        <exclusion>
          <groupId>org.springframework.boot</groupId>
          <artifactId>spring-boot-starter-tomcat</artifactId>
        </exclusion>
      </exclusions>
    </dependency>
    <!-- Add Jetty as a replacement -->
    <dependency>
      <groupId>org.springframework.boot</groupId>
      <artifactId>spring-boot-starter-jetty</artifactId>
    </dependency>
A M
  • 448
  • 5
  • 11
  • 1
    Thanks for the answer. I tried it, but the app is now failing with `org.springframework.context.ApplicationContextException: Unable to start web server; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'securityConfiguration': Unsatisfied dependency expressed through field 'keycloakConfigResolver'; nested exception is org.springframework.beans.factory.BeanCurrentlyInCreationException: Error creating bean with name 'keycloakConfigResolver': Requested bean is currently in creation: Is there an unresolvable circular reference?` – Dmitriy Popov Mar 09 '21 at 15:43
  • Circular dependency is with my class `public class SecurityConfiguration extends KeycloakWebSecurityConfigurerAdapter {` – Dmitriy Popov Mar 09 '21 at 15:59
  • 2
    FYI: I resolved the circular dependency by changing `@ComponentScan(basePackageClasses = KeycloakSecurityComponents.class)` to `@ComponentScan(basePackageClasses = KeycloakSpringBootConfigResolver.class)` on my `public class SecurityConfiguration extends KeycloakWebSecurityConfigurerAdapter`. – Dmitriy Popov Mar 15 '21 at 12:58
2

Check out latest adapter versions. This should be fixed with version >= 13.0

sventorben
  • 1,597
  • 4
  • 17
0

Just switch to jdk 1.8 for keycloak:legacy and it should work perfectly

Alexandre Jacob
  • 2,993
  • 3
  • 26
  • 36
Jallouli Med Ahmed
  • 56
  • 2
  • even though this doesn't solve the problem. this is a temporary solution. this worked for me. now no errors. keycloak works as expected – Seyon Seyon May 15 '23 at 08:29