KeyCloak Server Caused by: java.lang.ClassNotFoundException: java.security.acl.Group

Asked 21/5, 2020 at 10:15 Answered 6/10, 2023 at 5:19

spring-boot keycloak classnotfoundexception java-11 java-14

I'm running a KeyCloak server to authenticate users who would like to gain access to a Spring Boot/Spring Web REST API. However, an error occurs while trying to authenticate.

The following works:

When I access http://localhost:8080/path/to/restapi
I get presented with a login screen as expected: -- KeyCloak Login Screen
When I click login the following error occurs on the redirect from within my browser:

Whitelabel Error Page This application has no explicit mapping for /error, so you are seeing this as a fallback.

This is the error that's printed to the Spring Boot console:

Caused by: java.lang.ClassNotFoundException: java.security.acl.Group
  at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:602) ~[na:na]
  at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:178) ~[na:na]
  at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:522) ~[na:na]
  ... 33 common frames omitted

The KeyCloak server shows that the session is active for the user to the application. However, the authenication process is never completed due to the above missing class.

Jus answered 21/5, 2020 at 10:15 Comment(1)

I got the same issue but upgrading to JDK 11 did not fix it. I also downgraded to JDK 8 and that also didn't work. I also experience this issue when deploying this to a docker swarm service. Locally my Springboot service works fine. Any fix for this? – Aposematic 29/6, 2020 at 21:9

After some research I found the answer to my problem.

The problem is that java.security.acl.Group is being deprecated since JRE 9 and marked for removal in future versions.

java.security.acl.Group is being replaced by java.security.Policy

I was running my Spring-Boot application on JRE 14 in which this class appeared to be no longer available.

So once I changed my Spring-boot application (which hosts the REST-API) to use JRE 11 the error went away.

Note: The pom.xml Java version attibute <java.version>11</java.version> needed to change as well as the JDK in the build path in Eclipse (which is the IDE I'm using) JDK Buildpath

Jus answered 21/5, 2020 at 10:44 Comment(5)

Good research. 👍🏾 Small note in case you haven't tried it yet, see whether you can update Spring Boot. On new Java versions, having up-to-date dependencies often fixes a problem. – Kittenish 23/5, 2020 at 6:56

Could there be another solution instead of downgrading Java? – Melessa 4/10, 2020 at 9:28

I had the same issue trying to run apicurio-studio on JDK 15. Downgrading to 11 worked. – Prescott 4/2, 2021 at 16:42

I had the same issue and after I installed java 11, issue resolved. – Joyce 3/4, 2021 at 19:31

Using keycloak 12.0.4 which is the latest version and the facing this issue.On java 11,8. Any idea whats going wrong? – Stav 29/4, 2021 at 10:21

Ran into the same issue.

By the way, it's reported in the keycloak issue tracker here: https://issues.redhat.com/browse/KEYCLOAK-13690

Should be fixed in keycloak 11.

Octopod answered 24/5, 2020 at 9:18 Comment(4)

I was very pleased to see that Keycloak 11 was just released. Unfortunately they switched the FIX Version for this issue to Keycloak 12. – Athlete 14/8, 2020 at 6:12

Update, they switched to fix it to Keycloak 13 github.com/keycloak/keycloak/pull/7533 – Ferrule 20/12, 2020 at 18:42

Keycloak 13 is out, I will try it out this week. We switched to Jetty for running under Java 15, hope that Tomcat will be working again with the new version. – Perfectionist 10/5, 2021 at 13:5

Seems to be fixed in Java client artifacts of version 13.0.0. It's now working under Tomcat and Java 15. – Perfectionist 21/5, 2021 at 12:43

I was able to get rid of this problem by keeping JDK 14 but switching from Tomcat to Jetty with Spring Boot. Jetty removed usage of this deprecated class java.security.acl.Group starting from 9.4.x. See here: https://github.com/eclipse/jetty.project/issues/3394. You have to be careful about choosing the right library version for spring-boot-starter-jetty to see if it is already using Jetty 9.4+ underneath.

This is how you switch from embedded Tomcat to Jetty:

    <dependency>
      <groupId>org.springframework.boot</groupId>
      <artifactId>spring-boot-starter-web</artifactId>
      <exclusions>
        <!-- Exclude the Tomcat dependency -->
        <exclusion>
          <groupId>org.springframework.boot</groupId>
          <artifactId>spring-boot-starter-tomcat</artifactId>
        </exclusion>
      </exclusions>
    </dependency>
    <!-- Add Jetty as a replacement -->
    <dependency>
      <groupId>org.springframework.boot</groupId>
      <artifactId>spring-boot-starter-jetty</artifactId>
    </dependency>

Mu answered 20/2, 2021 at 22:27 Comment(3)

Thanks for the answer. I tried it, but the app is now failing with

org.springframework.context.ApplicationContextException: Unable to start web server; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'securityConfiguration': Unsatisfied dependency expressed through field 'keycloakConfigResolver'; nested exception is org.springframework.beans.factory.BeanCurrentlyInCreationException: Error creating bean with name 'keycloakConfigResolver': Requested bean is currently in creation: Is there an unresolvable circular reference?

– Perfectionist 9/3, 2021 at 15:43

Circular dependency is with my class public class SecurityConfiguration extends KeycloakWebSecurityConfigurerAdapter { – Perfectionist 9/3, 2021 at 15:59

FYI: I resolved the circular dependency by changing @ComponentScan(basePackageClasses = KeycloakSecurityComponents.class) to @ComponentScan(basePackageClasses = KeycloakSpringBootConfigResolver.class) on my public class SecurityConfiguration extends KeycloakWebSecurityConfigurerAdapter. – Perfectionist 15/3, 2021 at 12:58

Check out latest adapter versions. This should be fixed with version >= 13.0

Issue tracker: KEYCLOAK-13633
PR on GitHub

Jorum answered 16/7, 2021 at 13:40 Comment(1)

I am getting the same error in Java 15 with Keycloak 15.0.2 – Inferential 28/11, 2021 at 7:59

Just switch to jdk 1.8 for keycloak:legacy and it should work perfectly

Puckett answered 19/3, 2022 at 12:57 Comment(1)

even though this doesn't solve the problem. this is a temporary solution. this worked for me. now no errors. keycloak works as expected – Marleen 15/5, 2023 at 8:29

In my case SpringBoot Application was using java 17 , 2023-10-05 19:06:13.526 INFO 14332 --- [ restartedMain] com.souqh.SouqhbeApplication : Starting SouqhbeApplication using Java 17.0.3 on ENCDAPPUNLT0210 with PID 14332 (F:\souqh\souqhbe\bin\main started by Ajinkya.Patil in F:\souqh\souqhbe)

I changed my installed JRE from 17 to 11 and it worked for me You can follow below link to change installed JRE in eclipse https://simply-how.com/getting-started-with-java-11#section-3

Phosphorescence answered 6/10, 2023 at 5:19 Comment(0)

Recommended topics

Hot tags