@EnableOAuth2Sso breaks Google App Engine.

[alexmitic]

Summary

I have added OAuth2 support to my application by following this tutorial https://spring.io/guides/tutorials/spring-boot-oauth2/, that uses spring-boot-starter-security and spring-security-oauth2. With the help of the @EnableOAuth2Sso annotation I get the app to authenticate with gmail. When I run this app locally it works without any problems but when I deploy to Google App Engine I get Server Error 500. If I remove the authentication the app works when deployed. I've tried authenticating both with Facebook and Google, both give a server error when deployed.

Actual Behavior

On the server I get the following stack trace

o.s.core.annotation.AnnotationUtils      : Failed to introspect annotations on [class org.springframework.boot.autoconfigure.security.oauth2.resource.ResourceServerTokenServicesConfiguration$RemoteTokenServicesConfiguration$SocialTokenServicesConfiguration]: java.lang.IllegalStateException: Could not obtain annotation attribute value for public abstract java.lang.Class[] org.springframework.boot.autoconfigure.condition.ConditionalOnClass.value()

o.s.boot.SpringApplication               : Application startup failed

java.lang.IllegalStateException: Error processing condition on org.springframework.boot.autoconfigure.security.oauth2.resource.ResourceServerTokenServicesConfiguration$RemoteTokenServicesConfiguration$SocialTokenServicesConfiguration.socialTokenServices
    at org.springframework.boot.autoconfigure.condition.SpringBootCondition.matches(SpringBootCondition.java:64) ~[spring-boot-autoconfigure-1.5.4.RELEASE.jar:1.5.4.RELEASE]
    at org.springframework.context.annotation.ConditionEvaluator.shouldSkip(ConditionEvaluator.java:102) ~[spring-context-4.3.10.RELEASE.jar:4.3.10.RELEASE]
    at org.springframework.context.annotation.ConfigurationClassBeanDefinitionReader.loadBeanDefinitionsForBeanMethod(ConfigurationClassBeanDefinitionReader.java:178) ~[spring-context-4.3.10.RELEASE.jar:4.3.10.RELEASE]
    at org.springframework.context.annotation.ConfigurationClassBeanDefinitionReader.loadBeanDefinitionsForConfigurationClass(ConfigurationClassBeanDefinitionReader.java:140) ~[spring-context-4.3.10.RELEASE.jar:4.3.10.RELEASE]
    at org.springframework.context.annotation.ConfigurationClassBeanDefinitionReader.loadBeanDefinitions(ConfigurationClassBeanDefinitionReader.java:116) ~[spring-context-4.3.10.RELEASE.jar:4.3.10.RELEASE]
    at org.springframework.context.annotation.ConfigurationClassPostProcessor.processConfigBeanDefinitions(ConfigurationClassPostProcessor.java:320) ~[spring-context-4.3.10.RELEASE.jar:4.3.10.RELEASE]
    at org.springframework.context.annotation.ConfigurationClassPostProcessor.postProcessBeanDefinitionRegistry(ConfigurationClassPostProcessor.java:228) ~[spring-context-4.3.10.RELEASE.jar:4.3.10.RELEASE]
    at org.springframework.context.support.PostProcessorRegistrationDelegate.invokeBeanDefinitionRegistryPostProcessors(PostProcessorRegistrationDelegate.java:270) ~[spring-context-4.3.10.RELEASE.jar:4.3.10.RELEASE]
    at org.springframework.context.support.PostProcessorRegistrationDelegate.invokeBeanFactoryPostProcessors(PostProcessorRegistrationDelegate.java:93) ~[spring-context-4.3.10.RELEASE.jar:4.3.10.RELEASE]
    at org.springframework.context.support.AbstractApplicationContext.invokeBeanFactoryPostProcessors(AbstractApplicationContext.java:687) ~[spring-context-4.3.10.RELEASE.jar:4.3.10.RELEASE]
    at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:525) ~[spring-context-4.3.10.RELEASE.jar:4.3.10.RELEASE]
    at org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.refresh(EmbeddedWebApplicationContext.java:122) ~[spring-boot-1.5.4.RELEASE.jar:1.5.4.RELEASE]
    at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:693) ~[spring-boot-1.5.4.RELEASE.jar:1.5.4.RELEASE]
    at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:360) ~[spring-boot-1.5.4.RELEASE.jar:1.5.4.RELEASE]
    at org.springframework.boot.SpringApplication.run(SpringApplication.java:303) ~[spring-boot-1.5.4.RELEASE.jar:1.5.4.RELEASE]
    at org.springframework.boot.web.support.SpringBootServletInitializer.run(SpringBootServletInitializer.java:151) [spring-boot-1.5.4.RELEASE.jar:1.5.4.RELEASE]
    at org.springframework.boot.web.support.SpringBootServletInitializer.createRootApplicationContext(SpringBootServletInitializer.java:131) [spring-boot-1.5.4.RELEASE.jar:1.5.4.RELEASE]
    at org.springframework.boot.web.support.SpringBootServletInitializer.onStartup(SpringBootServletInitializer.java:86) [spring-boot-1.5.4.RELEASE.jar:1.5.4.RELEASE]
    at org.springframework.web.SpringServletContainerInitializer.onStartup(SpringServletContainerInitializer.java:169) [spring-web-4.3.10.RELEASE.jar:4.3.10.RELEASE]
    at org.eclipse.jetty.plus.annotation.ContainerInitializer.callStartup(ContainerInitializer.java:140) [runtime-impl-third-party.jar:na]
    at org.eclipse.jetty.annotations.ServletContainerInitializersStarter.doStart(ServletContainerInitializersStarter.java:63) [runtime-impl-third-party.jar:na]
    at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68) [runtime-impl-third-party.jar:na]
    at org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:330) [runtime-impl-third-party.jar:na]
    at org.eclipse.jetty.webapp.WebAppContext.startWebapp(WebAppContext.java:1406) [runtime-impl-third-party.jar:na]
    at org.eclipse.jetty.webapp.WebAppContext.startContext(WebAppContext.java:1368) [runtime-impl-third-party.jar:na]
    at org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:778) [runtime-impl-third-party.jar:na]
    at org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:262) [runtime-impl-third-party.jar:na]
    at org.eclipse.jetty.webapp.WebAppContext.doStart(WebAppContext.java:522) [runtime-impl-third-party.jar:na]
    at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68) [runtime-impl-third-party.jar:na]
    at com.google.apphosting.runtime.jetty9.AppVersionHandlerMap.createHandler(AppVersionHandlerMap.java:244) [runtime-impl.jar:na]
    at com.google.apphosting.runtime.jetty9.AppVersionHandlerMap.getHandler(AppVersionHandlerMap.java:182) [runtime-impl.jar:na]
    at com.google.apphosting.runtime.jetty9.JettyServletEngineAdapter.serviceRequest(JettyServletEngineAdapter.java:97) [runtime-impl.jar:na]
    at com.google.apphosting.runtime.JavaRuntime$RequestRunnable.dispatchServletRequest(JavaRuntime.java:650) [runtime-impl.jar:na]
    at com.google.apphosting.runtime.JavaRuntime$RequestRunnable.dispatchRequest(JavaRuntime.java:612) [runtime-impl.jar:na]
    at com.google.apphosting.runtime.JavaRuntime$RequestRunnable.run(JavaRuntime.java:582) [runtime-impl.jar:na]
    at com.google.apphosting.runtime.JavaRuntime$NullSandboxRequestRunnable.run(JavaRuntime.java:776) [runtime-impl.jar:na]
    at com.google.apphosting.runtime.ThreadGroupPool$PoolEntry.run(ThreadGroupPool.java:263) [runtime-impl.jar:na]
    at java.lang.Thread.run(Thread.java:745) [na:1.8.0_112-google-v7]

Caused by: java.lang.NullPointerException: null
    at org.springframework.boot.autoconfigure.condition.OnBeanCondition$BeanSearchSpec.collect(OnBeanCondition.java:329) ~[spring-boot-autoconfigure-1.5.4.RELEASE.jar:1.5.4.RELEASE]
    at org.springframework.boot.autoconfigure.condition.OnBeanCondition$BeanSearchSpec.<init>(OnBeanCondition.java:282) ~[spring-boot-autoconfigure-1.5.4.RELEASE.jar:1.5.4.RELEASE]
    at org.springframework.boot.autoconfigure.condition.OnBeanCondition.getMatchOutcome(OnBeanCondition.java:76) ~[spring-boot-autoconfigure-1.5.4.RELEASE.jar:1.5.4.RELEASE]
    at org.springframework.boot.autoconfigure.condition.SpringBootCondition.matches(SpringBootCondition.java:47) ~[spring-boot-autoconfigure-1.5.4.RELEASE.jar:1.5.4.RELEASE]
    ... 37 common frames omitted 

Expected Behavior

When a user reaches a part of the domain, they should be guided to a google sign-in form. This happens locally but not when deployed to server.

Configuration

In my application properties I have

security:
  oauth2:
    client:
      clientId: My ID
      clientSecret: My secret
      accessTokenUri: https://www.googleapis.com/oauth2/v4/token
      userAuthorizationUri: https://accounts.google.com/o/oauth2/v2/auth
      clientAuthenticationScheme: form
      scope:
        - openid
        - email
        - profile
    resource:
      userInfoUri: https://www.googleapis.com/oauth2/v3/userinfo
      preferTokenInfo: true

And I configure the authentication

@Override
protected void configure(HttpSecurity http) throws Exception {
      http.csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
      .and()
          .authorizeRequests()
              .antMatchers("/") // Start page
                  .permitAll()
              .anyRequest() // Everything that is not start-page is authenticated
                  .authenticated();
 }

Version

spring-boot 1.5.6.RELEASE

spring-boot-starter-security 1.5.6.RELEASE

spring-security-oauth2 2.1.1.RELEASE

appengine-api-1.0-sdk 1.9.54

Here is my whole pom.xml if it adds some clarity

<dependencies>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-web</artifactId>
        <!-- Exclude Tomcat so that it doesn't conflict w/ Jetty server -->
        <exclusions>
            <exclusion>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-starter-tomcat</artifactId>
            </exclusion>
        </exclusions>

    </dependency>

    <dependency>
        <groupId>com.google.appengine</groupId>
        <artifactId>appengine-api-1.0-sdk</artifactId>
        <version>1.9.54</version>
    </dependency>

    <dependency>                        <!-- Google Core Libraries for Java -->
        <groupId>com.google.guava</groupId>
        <artifactId>guava</artifactId>  <!-- https://github.com/google/guava/wiki -->
        <!-- Guava v21.0 doesn't support Java7 -->
        <version>20.0</version>
        <scope>compile</scope>
    </dependency>

    <dependency>                        <!-- Google Cloud Client Library for Java -->
        <groupId>com.google.cloud</groupId>
        <artifactId>google-cloud-storage</artifactId>
        <version>1.3.1</version>
    </dependency>

    <!-- Exclude any jul-to-slf4j -->
    <dependency>
        <groupId>org.slf4j</groupId>
        <artifactId>jul-to-slf4j</artifactId>
        <scope>provided</scope>
    </dependency>

    <!-- Include Servlet API -->
    <dependency>
        <groupId>javax.servlet</groupId>
        <artifactId>javax.servlet-api</artifactId>
        <version>3.1.0</version>
        <scope>provided</scope>
    </dependency>

    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-test</artifactId>
        <scope>test</scope>
    </dependency>


    <dependency>
        <groupId>com.google.cloud</groupId>
        <artifactId>google-cloud-datastore</artifactId>
        <version>1.4.0</version>
    </dependency>

    <dependency>
        <groupId>com.google.code.gson</groupId>
        <artifactId>gson</artifactId>
        <version>2.8.1</version>
     </dependency>

    <dependency>
    	<groupId>org.springframework.boot</groupId>
    	<artifactId>spring-boot-starter-security</artifactId>
        <version>1.5.6.RELEASE</version>
    </dependency>

    <dependency>
    	<groupId>org.springframework.security.oauth</groupId>
    	<artifactId>spring-security-oauth2</artifactId>
        <version>2.1.1.RELEASE</version>
    </dependency>
</dependencies>

[jgrandja]

Hi @alexmitic. Can you please log this issue with Boot. Looking at your report this definitely seems it's Boot-related.
Thanks.

[bskarthick]

alexmitic, got fix for this issue?

[alexmitic]

@bskarthick Take a look here. It should be fixed but there is a work-around if needed.