'KeyCloak Server Caused by: java.lang.ClassNotFoundException: java.security.acl.Group
I'm running a KeyCloak server to authenticate users who would like to gain access to a Spring Boot/Spring Web REST API. However, an error occurs while trying to authenticate.
The following works:
- When I access
http://localhost:8080/path/to/restapi - I get presented with a login screen as expected: -- KeyCloak Login Screen
- When I click login the following error occurs on the redirect from within my browser:
Whitelabel Error Page This application has no explicit mapping for /error, so you are seeing this as a fallback.
This is the error that's printed to the Spring Boot console:
Caused by: java.lang.ClassNotFoundException: java.security.acl.Group
at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:602) ~[na:na]
at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:178) ~[na:na]
at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:522) ~[na:na]
... 33 common frames omitted
The KeyCloak server shows that the session is active for the user to the application. However, the authenication process is never completed due to the above missing class.
Solution 1:[1]
After some research I found the answer to my problem.
The problem is that java.security.acl.Group is being deprecated since JRE 9 and marked for removal in future versions.
java.security.acl.Group is being replaced by java.security.Policy
I was running my Spring-Boot application on JRE 14 in which this class appeared to be no longer available.
So once I changed my Spring-boot application (which hosts the REST-API) to use JRE 11 the error went away.
Note: The pom.xml Java version attibute
<java.version>11</java.version>needed to change as well as the JDK in the build path in Eclipse (which is the IDE I'm using) JDK Buildpath
Solution 2:[2]
Ran into the same issue.
By the way, it's reported in the keycloak issue tracker here: https://issues.redhat.com/browse/KEYCLOAK-13690
Should be fixed in keycloak 11.
Solution 3:[3]
I was able to get rid of this problem by keeping JDK 14 but switching from Tomcat to Jetty with Spring Boot. Jetty removed usage of this deprecated class java.security.acl.Group starting from 9.4.x. See here: https://github.com/eclipse/jetty.project/issues/3394. You have to be careful about choosing the right library version for spring-boot-starter-jetty to see if it is already using Jetty 9.4+ underneath.
This is how you switch from embedded Tomcat to Jetty:
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
<exclusions>
<!-- Exclude the Tomcat dependency -->
<exclusion>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-tomcat</artifactId>
</exclusion>
</exclusions>
</dependency>
<!-- Add Jetty as a replacement -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-jetty</artifactId>
</dependency>
Solution 4:[4]
Check out latest adapter versions. This should be fixed with version >= 13.0
- Issue tracker: KEYCLOAK-13633
- PR on GitHub
Solution 5:[5]
Just switch to jdk 1.8 for keycloak:legacy and it should work perfectly
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | Reinhard Behrens |
| Solution 2 | Stéphane |
| Solution 3 | A M |
| Solution 4 | sventorben |
| Solution 5 | Alexandre Jacob |