Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

NoClassDefFoundError when using service account credentials #1045

Open
sebphil opened this issue Dec 9, 2024 · 7 comments
Open

NoClassDefFoundError when using service account credentials #1045

sebphil opened this issue Dec 9, 2024 · 7 comments
Assignees

Comments

@sebphil
Copy link

sebphil commented Dec 9, 2024

I'm using the following code to initialize the firebase admin sdk:

GoogleCredentials credentials = GoogleCredentials.fromStream(credentialsStream, () -> transport)
                .createScoped(myProperties.getScopes());
FirebaseOptions options = FirebaseOptions.builder()
                .setCredentials(credentials)
                .setHttpTransport(transport)
                .build();

The credentialsStream I'm injecting is read from a service account file.
This code, which worked fine in 9.4.1, now fails in 9.4.2 with the followin error:
java.lang.NoClassDefFoundError: com/google/auth/CredentialTypeForMetrics

As far as I can tell, this issue is caused by a dependency conflict between the following libs:

  • google-api-client:2.7.0
    • google-auth-library-credentials:1.23.0
  • google-auth-library-oauth2-http:1.29.0
    • google-auth-library-credentials:1.29.0

maven selects google-auth-library-credentials:1.23.0 which causes the ServiceAccountCredentials class to fail to load due to the CredentialTypeForMetrics class only existing since google-auth-library-credentials version 1.28.0.

Adding an explicit dependency to google-auth-library-credentials:1.29.0 in my maven project seems to workaround the issue.

@google-oss-bot
Copy link

I couldn't figure out how to label this issue, so I've labeled it for a human to triage. Hang tight.

@janverhoeckx
Copy link

We have the same problem.

@ashwin-nath-m
Copy link

Same problem. downgrading to 9.4.1 helped

@lqiu96
Copy link

lqiu96 commented Dec 10, 2024

Could we see your pom.xml/ build.gradle files to help with troubleshooting and narrowing down the issue?

Pulling down v9.4.1 of Firebase, I see this from running mvn dependency:tree:

[INFO] --- maven-dependency-plugin:2.8:tree (default-cli) @ firebase-admin ---
[INFO] com.google.firebase:firebase-admin:jar:9.4.1
[INFO] +- com.google.api-client:google-api-client:jar:2.7.0:compile
[INFO] |  +- commons-codec:commons-codec:jar:1.17.0:compile
[INFO] |  +- com.google.oauth-client:google-oauth-client:jar:1.36.0:compile
[INFO] |  +- com.google.auth:google-auth-library-credentials:jar:1.27.0:compile <- Managed by Libraries-Bom
[INFO] |  +- com.google.http-client:google-http-client-gson:jar:1.45.0:compile
[INFO] |  +- com.google.http-client:google-http-client-apache-v2:jar:1.45.0:compile
[INFO] |  +- org.apache.httpcomponents:httpcore:jar:4.4.16:compile
[INFO] |  \- org.apache.httpcomponents:httpclient:jar:4.5.14:compile
[INFO] +- com.google.api-client:google-api-client-gson:jar:2.7.0:compile
[INFO] +- com.google.http-client:google-http-client:jar:1.45.0:compile
[INFO] |  +- com.google.code.findbugs:jsr305:jar:3.0.2:compile
[INFO] |  +- com.google.errorprone:error_prone_annotations:jar:2.30.0:compile
[INFO] |  +- com.google.j2objc:j2objc-annotations:jar:3.0.0:compile
[INFO] |  +- io.grpc:grpc-context:jar:1.68.0:compile
[INFO] |  +- io.opencensus:opencensus-api:jar:0.31.1:compile
[INFO] |  \- io.opencensus:opencensus-contrib-http-util:jar:0.31.1:compile
[INFO] +- com.google.api:api-common:jar:2.37.1:compile
[INFO] |  +- com.google.auto.value:auto-value-annotations:jar:1.11.0:compile
[INFO] |  \- javax.annotation:javax.annotation-api:jar:1.3.2:compile
[INFO] +- com.google.auth:google-auth-library-oauth2-http:jar:1.27.0:compile <- Managed by Libraries-Bom

My suspicion is that something is overriding these versions. If so, then I think we may need to explicitly declare the auth credentials module.

v9.4.2 brings in Auth-Http >= 1.28.0 and that would cause issues with Auth-Credentials < 1.28.0 (which may be explicitly managed/ set by something else).

@ashwin-nath-m
Copy link

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
	<modelVersion>4.0.0</modelVersion>
	<parent>
		<groupId>org.springframework.boot</groupId>
		<artifactId>spring-boot-starter-parent</artifactId>
		<version>3.4.0</version>
		<relativePath/> <!-- lookup parent from repository -->
	</parent>
	<groupId>to.my-app</groupId>
	<artifactId>Backend</artifactId>
	<version>0.0.1-SNAPSHOT</version>
	<name>my-app</name>
	<description>my-app</description>
	<url/>
	<licenses>
		<license/>
	</licenses>
	<developers>
		<developer/>
	</developers>
	<scm>
		<connection/>
		<developerConnection/>
		<tag/>
		<url/>
	</scm>
	<properties>
		<java.version>17</java.version>
	</properties>
	<dependencyManagement>
		<dependencies>
			<dependency>
				<groupId>software.amazon.awssdk</groupId>
				<artifactId>bom</artifactId>
				<version>2.29.29</version>
				<type>pom</type>
				<scope>import</scope>
			</dependency>
		</dependencies>
	</dependencyManagement>
	<dependencies>
		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-test</artifactId>
			<scope>test</scope>
		</dependency>
		<dependency>
			<groupId>com.tngtech.archunit</groupId>
			<artifactId>archunit-junit5</artifactId>
			<version>1.3.0</version>
			<scope>test</scope>
		</dependency>
		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-data-jpa</artifactId>
		</dependency>
		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-web</artifactId>
		</dependency>

		<dependency>
			<groupId>com.mysql</groupId>
			<artifactId>mysql-connector-j</artifactId>
			<scope>runtime</scope>
		</dependency>
		<dependency>
			<groupId>org.projectlombok</groupId>
			<artifactId>lombok</artifactId>
			<optional>true</optional>
		</dependency>
		<dependency>
			<groupId>software.amazon.awssdk</groupId>
			<artifactId>sqs</artifactId>
			<version>2.29.23</version>
		</dependency>
		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-security</artifactId>
		</dependency>
		<dependency>
			<groupId>org.mapstruct</groupId>
			<artifactId>mapstruct</artifactId>
			<version>1.6.2</version>
		</dependency>
		<dependency>
			<groupId>org.mapstruct</groupId>
			<artifactId>mapstruct-processor</artifactId>
			<version>1.6.2</version>
			<scope>provided</scope>
		</dependency>
		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-validation</artifactId>
		</dependency>
		<dependency>
			<groupId>io.livekit</groupId>
			<artifactId>livekit-server</artifactId>
			<version>0.8.3</version>
		</dependency>
		<dependency>
			<groupId>com.pusher</groupId>
			<artifactId>pusher-http-java</artifactId>
			<version>1.3.3</version>
		</dependency>
		<dependency>
			<groupId>software.amazon.awssdk</groupId>
			<artifactId>s3</artifactId>
		</dependency>
		<dependency>
			<groupId>com.google.firebase</groupId>
			<artifactId>firebase-admin</artifactId>
			<version>9.4.1</version>
		</dependency>
		<dependency>
			<groupId>io.sentry</groupId>
			<artifactId>sentry-spring-boot-starter-jakarta</artifactId>
			<version>7.18.1</version>
		</dependency>
		<dependency>
			<groupId>com.eatthepath</groupId>
			<artifactId>pushy</artifactId>
			<version>0.15.4</version>
		</dependency>
		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-mail</artifactId>
		</dependency>
		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-thymeleaf</artifactId>
		</dependency>
		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-devtools</artifactId>
			<scope>runtime</scope>
			<optional>true</optional>
		</dependency>
	</dependencies>

	<build>
		<plugins>
			<plugin>
				<groupId>org.springframework.boot</groupId>
				<artifactId>spring-boot-maven-plugin</artifactId>
				<configuration>
					<excludes>
						<exclude>
							<groupId>org.projectlombok</groupId>
							<artifactId>lombok</artifactId>
						</exclude>
					</excludes>
				</configuration>
			</plugin>

		</plugins>
	</build>

</project>

@lahirumaramba
Copy link
Member

Thanks for sharing the build files. Could you also run mvn dependency:tree and share the logs with us?

@lqiu96
Copy link

lqiu96 commented Dec 10, 2024

Ah, thanks for that. I am able to repro the issue locally. Interestingly, I would have assumed that the Libraries-Bom in the dependencyManagement section of Firebase would have declared the Auth-Credentials dep pulled in by java-client-client to be v1.27.0, but that doesn't seem to be the case as it pulls in v1.23.0.

My Maven knowledge is a bit lacking here and I'm not entirely sure why it doesn't. I'm assuming for it to pull down the version, it would require your project to declare Libraries-Bom in your dependencyManagement section. There doesn't seem to be any reason for that given that you don't have any Google Java Client Libraries. Maven's dep resolution strategy ends up using the first declaration of google-auth-credentials from java-api-client as it sees that dep first (this is when transitive dependencies have the same depth).

I think I will need to bump the google-auth version in google-api-client and cut a new release for that as part of the Libraries-Bom (~2 weeks). In the meantime, I think the workaround for this is to temporarily declare the Auth-Credential version to be >1.28.0 or downgrade Firebase to v9.4.1.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

7 participants