On 11/04/2023 20:28, BRUNO MELLONI wrote:
I was able to migrate applications to Spring Boot 3 / Spring 6 (standalone or
running on Tomcat 10) so long as authentication was NOT through Azure AD.
But when I tried to migrate applications that used Microsoft's
spring-cloud-azure-starter-active-directory for authentication of 2-step
authenticated webapps (the preferred approach) I started to get this error
during application deploy to Tomcat 10:
Cannot cast ch.qos.logback.classic.servlet.LogbackServletContainerInitializer
to jakarta.servlet.ServletContainerInitializer
My suspicion is that Microsoft's latest implementation is not compatible with
Tomcat's approach to support log4j logging (as far as I know the approach has
been around since at least Tomcat 9). But of course I could be wrong. Has
anybody had any success? Was there any trick to migrating to Spring Boot 3 /
Spring 6 / Tomcat 10 with 2-step authentication and authorization using Azure
AD?
NOTE: I did succeed with 2-step auth with Azure AD when I dropped the
Microsoft spring-cloud-azure-starter-active-directory dependency and instead
used the raw OAuth2 approach to connect to Azure AD. The problem though is
that roles defined in Azure are not coming through to the GrantedAuthorities of
the SecurityContext or Principal. I know I could extract the UPN from the
Principal and then define the AD Groups in the on-premises AD instead of Azure
AD, but that would require code changes and what is worse it would make me
hostage to the availability of sysadmins that manage our on-premises AD...
meaning weeks of delay for new AD groups. It is a hack that I'd rather not use
if Azure authorization can be made to work properly.
Any other advice will be welcome too.
No idea but some questions that might help.
Some sort of Java EE / Jakarta EE conflict?
A JAR present in the WAR that contains some of the Servlet API JARs?
Which version of which JAR is that ServletContainerInitializer coming from?
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
