Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to use non-shaded client with AuthenticationToken #562

Closed
austek opened this issue Feb 3, 2024 · 5 comments
Closed

Unable to use non-shaded client with AuthenticationToken #562

austek opened this issue Feb 3, 2024 · 5 comments
Labels
type: bug A general bug type: spring-boot The fix is in Spring Boot
Milestone
1.0.3

Comments

@austek
Copy link

austek commented Feb 3, 2024

When using the non-shaded pulsar client enabling AuthenticationToken causes

An attempt was made to call a method that does not exist. The attempt was made from the following location:

    org.springframework.boot.autoconfigure.pulsar.PulsarPropertiesMapper.getAuthenticationParamsJson(PulsarPropertiesMapper.java:90)

The following method did not exist:

    'org.apache.pulsar.shade.com.fasterxml.jackson.databind.ObjectMapper org.apache.pulsar.common.util.ObjectMapperFactory.create()'

The calling method's class, org.springframework.boot.autoconfigure.pulsar.PulsarPropertiesMapper, was loaded from the following location:

A sample project with the problem
@onobc
Copy link
Collaborator

onobc commented Feb 3, 2024

Thanks for the report @austek ,

While the ObjectMapperFactory is not shaded, it does indeed look like the returned ObjectMapper is in fact a shaded variant.
This issue is actually in Spring Boot at this point but I will submit a PR to that project under this ticket.

@onobc
Copy link
Collaborator

onobc commented Feb 3, 2024

@austek we do recommend using the shaded pulsar client w/ Spring Boot as the Pulsar client uses earlier versions of 3rd party libs that are also used by Spring Boot. You may run into classpath version mismatches. Regardless, I am going to submit a fix for this issue.

onobc added a commit to onobc/spring-boot that referenced this issue Feb 3, 2024
@onobc
Remove use of Pulsar ObjectMapperFactory
d84d6f7 
This commit removes the use of the Pulsar ObjectMapperFactory when
converting the authentication config props map to a JSON string. The
Pulsar factory operates on a shaded returned value of Jackson
ObjectMapper which may not exist when users are using the
non-shaded version of the Pulsar client lib.

See spring-projects/spring-pulsar#562
@onobc onobc mentioned this issue Feb 3, 2024
Closed
@austek
Copy link
Author

austek commented Feb 4, 2024

@austek we do recommend using the shaded pulsar client w/ Spring Boot as the Pulsar client uses earlier versions of 3rd party libs that are also used by Spring Boot. You may run into classpath version mismatches. Regardless, I am going to submit a fix for this issue.

I understand the recommendation, however security scans picked up CVEs which needs to be addressed and with shaded dependencies that's not really easy

@onobc
Copy link
Collaborator

onobc commented Feb 4, 2024

I understand @austek , it sounds like you are using the unshaded so that you can override the vulnerable dependencies.

Did you file an issue w/ Pulsar on the affected libs? If not, please let me know which ones in particular and I will file an issue and get a fix into Pulsar.

Thanks

mhalbritter pushed a commit to spring-projects/spring-boot that referenced this issue Feb 6, 2024
@onobc @mhalbritter
Remove use of Pulsar ObjectMapperFactory
41ed4d6 
This commit removes the use of the Pulsar ObjectMapperFactory when
converting the authentication config props map to a JSON string. The
Pulsar factory operates on a shaded returned value of Jackson
ObjectMapper which may not exist when users are using the
non-shaded version of the Pulsar client lib.

See spring-projects/spring-pulsar#562

See gh-39389
@onobc
Copy link
Collaborator

onobc commented Feb 9, 2024

@austek the fix has been merged into Spring Boot 3.2.x branch and will be available in Spring Boot 3.2.3 on 2024-11-22.

@onobc onobc closed this as completed Feb 9, 2024
@onobc onobc added this to the 1.0.3 milestone Feb 9, 2024
@onobc onobc added type: bug A general bug type: spring-boot The fix is in Spring Boot labels Feb 9, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type: bug A general bug type: spring-boot The fix is in Spring Boot
Projects
None yet
Milestone
1.0.3
Development

No branches or pull requests
2 participants
@austek @onobc