Skip to content

Enhanced configuration class fails to call package-visible superclass constructor on WebSphere #34950

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
bisvo01 opened this issue May 26, 2025 · 2 comments
Closed

Enhanced configuration class fails to call package-visible superclass constructor on WebSphere #34950

bisvo01 opened this issue May 26, 2025 · 2 comments
Assignees
@jhoeller
Labels
in: core Issues in core modules (aop, beans, core, context, expression) status: backported An issue that has been backported to maintenance branches type: regression A bug that is also a regression
Milestone
6.2.8

Comments

@bisvo01
Copy link

bisvo01 commented May 26, 2025
edited
Loading

Encountering exception during application context initialization in IBM WebSphere Liberty executing on IBM J9 VM after upgrade of Spring Boot and corresponding supported Spring Framework version.

Initially we encountered an exception when trying to upgrade from Spring Boot 3.3.5 to 3.3.11 and associated Spring Framework version from 6.1.14 to 6.1.19.

Last version where we are not able to reproduce is Spring Boot 3.3.8 and Spring Framework 6.1.16.
Minimal version where we are able to reproduce is Spring Boot 3.3.9 and Spring Framework 6.1.17.
Upgrading to Spring Framework 6.1.19 has not fixed the issue. Neither has 6.1.20.

Reproduction only happens on WebSphere Liberty Profile (Liberty Dev Use 24.0.0.9/wlp-1.0.93.cl241020240827-1743) on IBM J9 VM Java IBM Semeru Runtime Certified Edition for z/OS (build 17.0.12+7) IBM J9 VM (build z/OS-Release-17.0.12.1-b01, JRE 17 z/OS s390x-64-Bit Compressed References 20240904_69 (JIT enabled, AOT enabled). Does not happen with otherwise identical dependencies on Tomcat 10.1.31, also using the same IBM J9 VM.

This looks like a variant or continuation of #34684 (no affiliation with the original submitter).

(company-specific path/package/application names redacted and replaced with redacted placeholder, can provide additional information if relevant to the issue)

org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'swaggerConfiguration' defined in URL jar:file:/path/redacted/redacted.war!/WEB-INF/classes/com/redacted/SwaggerConfiguration.class: Failed to instantiate com.redacted.SwaggerConfiguration$$SpringCGLIB$$0: Constructor threw exception
 at org.springframework.beans.factory.support.ConstructorResolver.instantiate(ConstructorResolver.java:318) ~spring-beans-6.1.20.jar:6.1.20
 at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:306) ~spring-beans-6.1.20.jar:6.1.20
 at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireConstructor(AbstractAutowireCapableBeanFactory.java:1375) ~spring-beans-6.1.20.jar:6.1.20
 at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1212) ~spring-beans-6.1.20.jar:6.1.20
 at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:562) ~spring-beans-6.1.20.jar:6.1.20
 at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:522) ~spring-beans-6.1.20.jar:6.1.20
 at org.springframework.beans.factory.support.AbstractBeanFactory.lambda$doGetBean$0(AbstractBeanFactory.java:337) ~spring-beans-6.1.20.jar:6.1.20
 at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:234) ~spring-beans-6.1.20.jar:6.1.20
 at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:335) ~spring-beans-6.1.20.jar:6.1.20
 at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:200) ~spring-beans-6.1.20.jar:6.1.20
 at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:975) ~spring-beans-6.1.20.jar:6.1.20
 at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:971) ~spring-context-6.1.20.jar:6.1.20
 at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:625) ~spring-context-6.1.20.jar:6.1.20
 at org.springframework.web.servlet.FrameworkServlet.configureAndRefreshWebApplicationContext(FrameworkServlet.java:706) ~spring-webmvc-6.1.20.jar:6.1.20
 at org.springframework.web.servlet.FrameworkServlet.createWebApplicationContext(FrameworkServlet.java:672) ~spring-webmvc-6.1.20.jar:6.1.20
 at org.springframework.web.servlet.FrameworkServlet.createWebApplicationContext(FrameworkServlet.java:720) ~spring-webmvc-6.1.20.jar:6.1.20
 at org.springframework.web.servlet.FrameworkServlet.initWebApplicationContext(FrameworkServlet.java:595) ~spring-webmvc-6.1.20.jar:6.1.20
 at org.springframework.web.servlet.FrameworkServlet.initServletBean(FrameworkServlet.java:537) spring-webmvc-6.1.20.jar:6.1.20
 at org.springframework.web.servlet.HttpServletBean.init(HttpServletBean.java:169) spring-webmvc-6.1.20.jar:6.1.20
 at jakarta.servlet.GenericServlet.init(GenericServlet.java:178) io.openliberty.jakarta.servlet.6.0_1.0.93.jar:?
 at jakarta.servlet.http.HttpServlet.init(HttpServlet.java:107) io.openliberty.jakarta.servlet.6.0_1.0.93.jar:?
 at com.ibm.ws.webcontainer.servlet.ServletWrapper.init(ServletWrapper.java:307) com.ibm.ws.webcontainer.jakarta_1.1.93.jar:?
 at internal classes
 at com.ibm.ws.webcontainer.osgi.WebContainer.access$100(WebContainer.java:113) com.ibm.ws.webcontainer.jakarta_1.1.93.jar:?
 at com.ibm.ws.webcontainer.osgi.WebContainer$3.run(WebContainer.java:996) com.ibm.ws.webcontainer.jakarta_1.1.93.jar:?
 at internal classes
 at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:539) ?:?
 at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264) ?:?
 at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136) ?:?
 at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) ?:?
 at java.base/java.lang.Thread.run(Thread.java:857) ?:?
Caused by: org.springframework.beans.BeanInstantiationException: Failed to instantiate com.redacted.SwaggerConfiguration$$SpringCGLIB$$0: Constructor threw exception
 at org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:221) ~spring-beans-6.1.20.jar:6.1.20
 at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:117) ~spring-beans-6.1.20.jar:6.1.20
 at org.springframework.beans.factory.support.ConstructorResolver.instantiate(ConstructorResolver.java:315) ~spring-beans-6.1.20.jar:6.1.20
 ... 37 more
Caused by: java.lang.IllegalAccessError: Class com/redacted/SwaggerConfiguration$$SpringCGLIB$$0 illegally accessing "package private" member of class com/redacted/SwaggerConfiguration
 at com.redacted.SwaggerConfiguration$$SpringCGLIB$$0.<init>(<generated>) ~redacted.war:?
 at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) ~?:?
 at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:77) ~?:?
 at java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) ~?:?
 at java.base/java.lang.reflect.Constructor.newInstanceWithCaller(Constructor.java:500) ~?:?
 at java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:481) ~?:?
 at org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:208) ~spring-beans-6.1.20.jar:6.1.20
 at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:117) ~spring-beans-6.1.20.jar:6.1.20
 at org.springframework.beans.factory.support.ConstructorResolver.instantiate(ConstructorResolver.java:315) ~spring-beans-6.1.20.jar:6.1.20
 ... 37 more

So far unable to provide a minimal reproduction scenario as I can't identify what is the approximate cause of the issue, and the application is nontrivial. The main application servlet uses Spring Framework, but not Spring Boot. Spring Boot is only used as a dependency for Swagger UI, where we override 3.3.X patch version to avoid shipping versions with known CVEs (see above for exact tested versions), corresponding snippet from maven dependency tree:

[INFO] +- org.springdoc:springdoc-openapi-starter-webmvc-ui:jar:2.6.0:compile
[INFO] |  +- org.springdoc:springdoc-openapi-starter-webmvc-api:jar:2.6.0:compile
[INFO] |  |  \- org.springdoc:springdoc-openapi-starter-common:jar:2.6.0:compile
[INFO] |  |     \- org.springframework.boot:spring-boot-autoconfigure:jar:3.3.X:compile
[INFO] |  |        \- org.springframework.boot:spring-boot:jar:3.3.X:compile
[INFO] |  \- org.webjars:swagger-ui:jar:5.17.14:compile

Redacted outline of the configuration classes (can provide additional details privately if relevant to the issue).

@Configuration
@PropertySource("classpath:" + SwaggerConfiguration.SPRINGDOC_PROPERTY_FILE)
@Import({
    org.springdoc.core.configuration.SpringDocConfiguration.class,
    org.springdoc.webmvc.core.configuration.SpringDocWebMvcConfiguration.class,
    org.springdoc.webmvc.ui.SwaggerConfig.class,
    org.springdoc.core.properties.SwaggerUiConfigProperties.class,
    org.springdoc.core.properties.SwaggerUiOAuthProperties.class,
    org.springdoc.core.properties.SpringDocConfigProperties.class,
    org.springframework.boot.autoconfigure.jackson.JacksonAutoConfiguration.class,
    // customization
    com.redacted.SwaggerUiConfiguration.class
})
public class SwaggerConfiguration implements WebMvcConfigurer {

  SwaggerConfiguration(@Value("classpath:api-description.md") Resource descriptionResource) {
    <redacted>
  }

  @Bean
  public OpenAPI api() {
    return <redacted>
  }

  @Bean
  public ServerBaseUrlCustomizer serverBaseUrlCustomizer() {
    return <redacted>
  }

  @Override
  public void addResourceHandlers(ResourceHandlerRegistry registry) {
     <redacted>
  }

  @Bean
  public OpenApiCustomizer useExactTags() {
    <redacted>
  }

  @Bean
  public OpenApiCustomizer sortResponses() {
    <redacted>
  }

  @Bean
  public ModelResolver modelResolver(SpringDocConfigProperties configurationProperties) {
    <redacted>
  }
 
  <public static final constants and private methods redacted>
}

@Lazy(false)
@Configuration(proxyBeanMethods = false)
@ComponentScan(basePackages = "org.springdoc")
public class SwaggerUiConfiguration {

  @Bean
  @Primary
  @Lazy(false)
  SwaggerIndexTransformer indexPageTransformer(SwaggerUiConfigProperties swaggerUiConfig,
      SwaggerUiOAuthProperties swaggerUiOAuthProperties,
      SwaggerUiConfigParameters swaggerUiConfigParameters,
      SwaggerWelcomeCommon swaggerWelcomeCommon, ObjectMapperProvider objectMapperProvider) {
    return <redacted>
  }
}
@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged or decided on label May 26, 2025
@jhoeller
Copy link
Contributor

jhoeller commented May 26, 2025
edited
Loading

It looks like the problem is the package-visible constructor on SwaggerConfiguration in this case. Looks like we need to explicitly check for that as well (in our reliesOnPackageVisibility method), otherwise the generated class is going to fail on construction.

@jhoeller jhoeller changed the title $$SpringCGLIB$$0 illegally accessing "package private" member of class Enhanced configuration class fails to call package-visible superclass constructor on WebSphere May 26, 2025
@jhoeller jhoeller added type: regression A bug that is also a regression in: core Issues in core modules (aop, beans, core, context, expression) and removed status: waiting-for-triage An issue we've not yet triaged or decided on labels May 26, 2025
@jhoeller jhoeller self-assigned this May 26, 2025
@jhoeller jhoeller added this to the 6.2.8 milestone May 26, 2025
@jhoeller jhoeller added the for: backport-to-6.1.x Marks an issue as a candidate for backport to 6.1.x label May 26, 2025
@github-actions github-actions bot added status: backported An issue that has been backported to maintenance branches and removed for: backport-to-6.1.x Marks an issue as a candidate for backport to 6.1.x labels May 26, 2025
@github-actions github-actions bot mentioned this issue May 26, 2025
Closed
@bisvo01
Copy link
Author

bisvo01 commented May 26, 2025

Thanks, I can confirm that when I make SwaggerConfiguration constructor public, and use Spring Framework 6.1.20 and Spring Boot 3.3.11, the issue is no longer reproducible on WLP. So avoiding package-private constructors can be used as a workaround.

jhoeller added a commit that referenced this issue May 27, 2025
@jhoeller
Check for package-visible constructor in case of ClassLoader mismatch
3b6beca 
Closes gh-34950

(cherry picked from commit 15d1455)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jhoeller jhoeller

Labels
in: core Issues in core modules (aop, beans, core, context, expression) status: backported An issue that has been backported to maintenance branches type: regression A bug that is also a regression
Projects
None yet
Milestone
6.2.8
Development

No branches or pull requests
3 participants
@jhoeller @spring-projects-issues @bisvo01