0

I switched Spring Boot version from 2.5.2 to 3.0.2 and did some refactors. But stuck in this problem. HttpSecurity addFilter() method requires javax.servlet.Filter, but Spring Boot 3.0 uses jakarta. How to solve this? The codes are from a Youtube tutorial, but for Spring Boot 2.5.2

Maven dependencies:

    <dependencies>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-data-jpa</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-security</artifactId>
        </dependency>
        <dependency>
            <groupId>org.yaml</groupId>
            <artifactId>snakeyaml</artifactId>
            <version>2.0</version>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-devtools</artifactId>
            <scope>runtime</scope>
            <optional>true</optional>
        </dependency>
        <dependency>
            <groupId>com.mysql</groupId>
            <artifactId>mysql-connector-j</artifactId>
            <version>8.0.31</version>
            <scope>runtime</scope>
        </dependency>
        <dependency>
            <groupId>org.projectlombok</groupId>
            <artifactId>lombok</artifactId>
            <optional>true</optional>
        </dependency>
        <dependency>
            <groupId>com.auth0</groupId>
            <artifactId>java-jwt</artifactId>
            <version>4.2.1</version>
        </dependency>
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-config</artifactId>
            <version>5.7.5</version>
        </dependency>
    </dependencies>

Due to transitive dependency vulnerability, snakeyaml version changed to 2.0

Screenshot added Screenshot added

Müseyib Ələkbər
  • 81
  • 1
  • 7

1 Answers1

0

If you intend to use Spring Boot3.x, then you can use the latest spring-cloud bom to manage the dependencies, like the following pom.xml, it will fix the conflict of javax.xxx between jakarta.xxx.

<parent>
        <groupId>org.springframework.cloud</groupId>
        <artifactId>spring-cloud-starter-parent</artifactId>
        <!-- latest spring cloud version which supports spring boot3.x-->
        <version>2022.0.1</version>
    </parent>
    <groupId>your-groupId</groupId>
    <artifactId>your-artifactId</artifactId>
    <version>0.0.1-SNAPSHOT</version>

    <dependencies>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-security</artifactId>
        </dependency>

        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-config</artifactId>
        </dependency>

        <!-- other dependencies go below -->
    </dependencies>

but now you may have to deal with the code compatibility problem of spring-security, since you upgraded spring-security version to spring-security6.x, see spring-security6.x migration doc,there are many changes.

If you don't want to deal with the spring-security code compatibility problem, then you should downgrade the spring boot back to 2.x.

localhost-er
  • 113
  • 3
  • 10
  • I dealed with the code compatibilities, but the problem is that HttpSecurity class uses javax.xxx package again after switching to spring-cloud bom – Müseyib Ələkbər Mar 12 '23 at 08:15
  • You forgot your *spring-security-config* dependency is still in version 5.7.5. I have updated my answer, remove that version number then it should have no javax namespace problem anymore – localhost-er Mar 14 '23 at 02:27