Issue 31716 no class def found error for com.nimbusds.jose.shaded.json.json array (Azure#31743)

rujche · web-flow · commit 91aa36c2b002 · 2022-10-28T09:51:51.000+08:00
diff --git a/sdk/spring/CHANGELOG.md b/sdk/spring/CHANGELOG.md
@@ -3,13 +3,17 @@
 ## 4.5.0-beta.2 (Unreleased)
 Upgrade Spring Boot dependencies version to 2.7.4 and Spring Cloud dependencies version to 2021.0.4
 
+### Spring Cloud Azure Autoconfigure
+This section includes changes in `spring-cloud-azure-autoconfigure` module.
+
 #### Bugs Fixed
 - Fix bug: Put a value into Collections.emptyMap(). [#31190](https://github.com/Azure/azure-sdk-for-java/issues/31190).
 - Fix bug: RestTemplate used to get access token should only contain 2 converters. [#31482](https://github.com/Azure/azure-sdk-for-java/issues/31482).
 - Fix bug: RestOperations is not well configured when jwkResolver is null. [#31218](https://github.com/Azure/azure-sdk-for-java/issues/31218).
 - Fix bug: Duplicated "scope" parameter. [#31191](https://github.com/Azure/azure-sdk-for-java/issues/31191).
 - Fix bug: NimbusJwtDecoder still uses `RestTemplate()` instead `RestTemplateBuilder` [#31233](https://github.com/Azure/azure-sdk-for-java/issues/31233)
-- Fix bug: Proxy setting not work in Azure AD B2C web application [31593](https://github.com/Azure/azure-sdk-for-java/issues/31593)
+- Fix bug: Proxy setting not work in Azure AD B2C web application. [31593](https://github.com/Azure/azure-sdk-for-java/issues/31593)
+- Fix Bug: NoClassDefFoundError for JSONArray. [31716](https://github.com/Azure/azure-sdk-for-java/issues/31716)
 
 ## 4.4.0 (2022-09-26)
 Upgrade Spring Boot dependencies version to 2.7.3 and Spring Cloud dependencies version to 2021.0.3
@@ -477,7 +481,7 @@ This section includes changes in the `spring-cloud-azure-autoconfigure` module.
   * Property name "spring.cloud.azure.active-directory.graph-base-uri" changed to "spring.cloud.azure.active-directory.profile.environment.microsoft-graph-endpoint".
   * Property name "spring.cloud.azure.active-directory.graph-membership-uri" changed to "spring.cloud.azure.active-directory.profile.environment.microsoft-graph-endpoint" and "spring.cloud.azure.active-directory.user-group.use-transitive-members".
 - Change AAD B2C configuration properties to use the namespace for credential and environment properties [#25799](https://github.com/Azure/azure-sdk-for-java/pull/25799).
-- Change Event Hubs processor configuration properties `spring.cloud.azure.eventhbs.processor.partition-ownership-expiration-interval` to `spring.cloud.azure.eventhbs.processor.load-balancing.partition-ownership-expiration-interval` [#25851](https://github.com/Azure/azure-sdk-for-java/pull/25851).
+- Change Event Hubs processor configuration properties `spring.cloud.azure.eventhubs.processor.partition-ownership-expiration-interval` to `spring.cloud.azure.eventhubs.processor.load-balancing.partition-ownership-expiration-interval` [#25851](https://github.com/Azure/azure-sdk-for-java/pull/25851).
 - Change Event Hubs configuration properties `spring.cloud.azure.eventhubs.fqdn` to `spring.cloud.azure.eventhubs.fully-qualified-namespace` [#25851](https://github.com/Azure/azure-sdk-for-java/pull/25851).
 - Rename all `*CP` classes to `*ConfigurationProperties` [#26209](https://github.com/Azure/azure-sdk-for-java/pull/26209).
 
diff --git a/sdk/spring/spring-cloud-azure-autoconfigure/src/main/java/com/azure/spring/cloud/autoconfigure/aad/filter/UserPrincipalManager.java b/sdk/spring/spring-cloud-azure-autoconfigure/src/main/java/com/azure/spring/cloud/autoconfigure/aad/filter/UserPrincipalManager.java
@@ -16,7 +16,6 @@
 import com.nimbusds.jose.proc.JWSKeySelector;
 import com.nimbusds.jose.proc.JWSVerificationKeySelector;
 import com.nimbusds.jose.proc.SecurityContext;
-import com.nimbusds.jose.shaded.json.JSONArray;
 import com.nimbusds.jose.util.ResourceRetriever;
 import com.nimbusds.jwt.JWT;
 import com.nimbusds.jwt.JWTClaimsSet;
@@ -149,17 +148,20 @@ public UserPrincipal buildUserPrincipal(String aadIssuedBearerToken) throws Pars
         final JWTClaimsSet jwtClaimsSet = validator.process(aadIssuedBearerToken, null);
         validator.getJWTClaimsSetVerifier().verify(jwtClaimsSet, null);
         UserPrincipal userPrincipal = new UserPrincipal(aadIssuedBearerToken, jwsObject, jwtClaimsSet);
-        Set<String> roles = Optional.of(userPrincipal)
-                                    .map(p -> p.getClaim(AadJwtClaimNames.ROLES))
-                                    .map(JSONArray.class::cast)
-                                    .map(Collection<Object>::stream)
-                                    .orElseGet(Stream::empty)
-                                    .map(Object::toString)
-                                    .collect(Collectors.toSet());
-        userPrincipal.setRoles(roles);
+        userPrincipal.setRoles(getRoles(jwtClaimsSet));
         return userPrincipal;
     }
 
+    Set<String> getRoles(JWTClaimsSet set) {
+        return Optional.of(set)
+                .map(p -> p.getClaim(AadJwtClaimNames.ROLES))
+                .map(Collection.class::cast)
+                .map(Collection<Object>::stream)
+                .orElseGet(Stream::empty)
+                .map(Object::toString)
+                .collect(Collectors.toSet());
+    }
+
     /**
      * Whether the token was issued by AAD.
      *
diff --git a/sdk/spring/spring-cloud-azure-autoconfigure/src/test/java/com/azure/spring/cloud/autoconfigure/aad/filter/UserPrincipalManagerTests.java b/sdk/spring/spring-cloud-azure-autoconfigure/src/test/java/com/azure/spring/cloud/autoconfigure/aad/filter/UserPrincipalManagerTests.java
@@ -7,6 +7,7 @@
 import com.nimbusds.jose.jwk.JWKSet;
 import com.nimbusds.jose.jwk.source.ImmutableJWKSet;
 import com.nimbusds.jose.proc.SecurityContext;
+import com.nimbusds.jwt.JWTClaimsSet;
 import com.nimbusds.jwt.proc.BadJWTException;
 import org.junit.jupiter.api.BeforeAll;
 import org.junit.jupiter.api.Test;
@@ -19,10 +20,14 @@
 import java.nio.file.Paths;
 import java.security.cert.CertificateFactory;
 import java.security.cert.X509Certificate;
+import java.util.Arrays;
+import java.util.Set;
 import java.util.stream.Stream;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatCode;
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertTrue;
 
 
 class UserPrincipalManagerTests {
@@ -33,8 +38,7 @@ class UserPrincipalManagerTests {
     static void setupClass() throws Exception {
         final X509Certificate cert = (X509Certificate) CertificateFactory.getInstance("X.509")
                                                                          .generateCertificate(Files.newInputStream(Paths.get("src/test/resources/aad/test-public-key.txt")));
-        immutableJWKSet = new ImmutableJWKSet<>(new JWKSet(JWK.parse(
-            cert)));
+        immutableJWKSet = new ImmutableJWKSet<>(new JWKSet(JWK.parse(cert)));
     }
 
     private UserPrincipalManager userPrincipalManager;
@@ -44,8 +48,7 @@ static void setupClass() throws Exception {
     void testAlgIsTakenFromJWT() throws Exception {
         userPrincipalManager = new UserPrincipalManager(immutableJWKSet);
         final UserPrincipal userPrincipal = userPrincipalManager.buildUserPrincipal(
-            new String(Files.readAllBytes(
-                Paths.get("src/test/resources/aad/jwt-signed.txt")), StandardCharsets.UTF_8));
+            readFileToString("src/test/resources/aad/jwt-signed.txt"));
         assertThat(userPrincipal).isNotNull().extracting(UserPrincipal::getIssuer, UserPrincipal::getSubject)
                                  .containsExactly("https://sts.windows.net/test", "test@example.com");
     }
@@ -73,14 +76,31 @@ void nullIssuer() {
             .isInstanceOf(BadJWTException.class);
     }
 
-    private String readJwtValidIssuerTxt() throws IOException {
-        return new String(Files.readAllBytes(
-            Paths.get("src/test/resources/aad/jwt-null-issuer.txt")), StandardCharsets.UTF_8);
+    @Test
+    void testRolesExtracted() {
+        JWTClaimsSet set = new JWTClaimsSet.Builder()
+                .claim("roles", Arrays.asList("role1", "role2"))
+                .build();
+        Set<String> result = new UserPrincipalManager(null).getRoles(set);
+        assertEquals(2, result.size());
+        assertTrue(result.contains("role1"));
+        assertTrue(result.contains("role2"));
+    }
+
+    private String readJwtValidIssuerTxt() {
+        return readFileToString("src/test/resources/aad/jwt-null-issuer.txt");
+    }
+
+    private static Stream<String> readJwtValidIssuerTxtStream() {
+        return Stream.of(readFileToString("src/test/resources/aad/jwt-valid-issuer.txt"));
     }
 
-    private static Stream<String> readJwtValidIssuerTxtStream() throws IOException {
-        return Stream.of(new String(Files.readAllBytes(
-            Paths.get("src/test/resources/aad/jwt-valid-issuer.txt")), StandardCharsets.UTF_8));
+    private static String readFileToString(String path) {
+        try {
+            return new String(Files.readAllBytes(Paths.get(path)), StandardCharsets.UTF_8);
+        } catch (IOException e) {
+            throw new IllegalStateException(e);
+        }
     }
 
 }
