That is the curious bit. Nothing was needed in the previous version, and I
found nothing mentioned for the latest version.
For my own logging (not needed before and presumably not now for the Azure
stuff) I would use:
<dependency>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-api</artifactId>
<version>${log4j2.version}</version>
</dependency>
<dependency>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-core</artifactId>
<version>${log4j2.version}</version>
</dependency>
<dependency>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-slf4j-impl</artifactId>
<version>${log4j2.version}</version>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
<version>${slf4j.version}</version>
</dependency>
But it must have been a bug on spring-cloud-azure-starter-active-directory
after all. That is what was causing the logback exception, the problem would
not happen without that dependency. Interestingly… that particular problem
went away this morning. I noticed that when I did a clean build today (did not
happen before during previous clean builds) a number of dependencies got
downloaded/updated, and now the exception is not being thrown.
The particular problem is now solved, with no action from my part. There are
new issues but those I can handle.
From: Mark Thomas <ma...@apache.org>
Sent: Friday, April 14, 2023 9:13 AM
To: users@tomcat.apache.org
Subject: Re: Is Microsoft's spring-cloud-azure-starter-active-directory for
Spring Boot 3 / Spring 6 compatible with Tomcat 10?
On 13/04/2023 22: 48, BRUNO MELLONI wrote: > After further research let me ask
the question in a different way: > > > * Tomcat 10 is configured to do log4j2
logging. > * My log4j2 code works fine. > *
Spring-cloud-azure-starter-active-directory
ZjQcmQRYFpfptBannerStart
CAUTION: This Message Is From an External Source
This message originated outside the Chickasaw Nation. Do not click links or
open attachments unless you recognize the sender and know the content is safe!
Report Suspicious
<https://us-phishalarm-ewt.proofpoint.com/EWT/v1/IMeFMrRG1GeY!Jdtf_fv6_IHaYkOnqg0ntq7dHeM9BSmziea9b8WlFE6he1r79dw1kOFTAVUsrWKem_rpgDasu8Ac-LODZyrxoDgpRNpV9mHSNwH9ASQz$>
ZjQcmQRYFpfptBannerEnd
On 13/04/2023 22:48, BRUNO MELLONI wrote:
> After further research let me ask the question in a different way:
>
>
> * Tomcat 10 is configured to do log4j2 logging.
> * My log4j2 code works fine.
> * Spring-cloud-azure-starter-active-directory seems to use logback and
> it is incompatible with my Tomcat 10 setup.
>
> Given the above… what do I need to add to Tomcat 10 to make it handle apps
> that use logback for logging but still use my log4j2 Tomcat configuration for
> the actual logging?
Whatever the logback documentation says you need to add to route logging
to log4j2.
> I would swear that Tomcat had slf4j and other logging translation libraries
> built in…
Nope. That has never been the case.
> but perhaps Tomcat 10 no longer does for some and requires adding some jars?
Tomcat's internal logging routes to java.util.logging - you can re-route
that if required. Follow the directions to do that provided with your
logging framework of choice.
Assuming you are still seeing the:
"Cannot cast
ch.qos.logback.classic.servlet.LogbackServletContainerInitializer to
jakarta.servlet.ServletContainerInitializer" error, I'll repeat my
previous question:
Which version of which JAR is that ServletContainerInitializer coming from?
Mark
>
> b.
>
> From: Mark Thomas <ma...@apache.org<mailto:ma...@apache.org>>
> Sent: Tuesday, April 11, 2023 2:41 PM
> To: users@tomcat.apache.org<mailto:users@tomcat.apache.org>
> Subject: Re: Is Microsoft's spring-cloud-azure-starter-active-directory for
> Spring Boot 3 / Spring 6 compatible with Tomcat 10?
>
> On 11/04/2023 20: 28, BRUNO MELLONI wrote: > I was able to migrate
> applications to Spring Boot 3 / Spring 6 (standalone or running on Tomcat 10)
> so long as authentication was NOT through Azure AD. > > But when I tried to
> migrate applications
> ZjQcmQRYFpfptBannerStart
> CAUTION: This Message Is From an External Source
> This message originated outside the Chickasaw Nation. Do not click links or
> open attachments unless you recognize the sender and know the content is safe!
> Report Suspicious
> <https://us-phishalarm-ewt.proofpoint.com/EWT/v1/IMeFMrRG1GeY!JdtUXLGR9ova4gOnS-0H1iEbkX_fwvLLfLoUe-WtR-fKP3iug2CA6Got_-7FykjdaEEVaYQaX_1JDstwjD_T9laTb_I1TVa4IKmJLM79$>
>
> ZjQcmQRYFpfptBannerEnd
>
> On 11/04/2023 20:28, BRUNO MELLONI wrote:
>
>> I was able to migrate applications to Spring Boot 3 / Spring 6 (standalone
>> or running on Tomcat 10) so long as authentication was NOT through Azure AD.
>
>>
>
>> But when I tried to migrate applications that used Microsoft's
>> spring-cloud-azure-starter-active-directory for authentication of 2-step
>> authenticated webapps (the preferred approach) I started to get this error
>> during application deploy to Tomcat 10:
>
>>
>
>> Cannot cast
>> ch.qos.logback.classic.servlet.LogbackServletContainerInitializer to
>> jakarta.servlet.ServletContainerInitializer
>
>>
>
>>
>
>> My suspicion is that Microsoft's latest implementation is not compatible
>> with Tomcat's approach to support log4j logging (as far as I know the
>> approach has been around since at least Tomcat 9). But of course I could be
>> wrong. Has anybody had any success? Was there any trick to migrating to
>> Spring Boot 3 / Spring 6 / Tomcat 10 with 2-step authentication and
>> authorization using Azure AD?
>
>>
>
>>
>
>>
>
>> NOTE: I did succeed with 2-step auth with Azure AD when I dropped the
>> Microsoft spring-cloud-azure-starter-active-directory dependency and instead
>> used the raw OAuth2 approach to connect to Azure AD. The problem though is
>> that roles defined in Azure are not coming through to the GrantedAuthorities
>> of the SecurityContext or Principal. I know I could extract the UPN from
>> the Principal and then define the AD Groups in the on-premises AD instead of
>> Azure AD, but that would require code changes and what is worse it would
>> make me hostage to the availability of sysadmins that manage our on-premises
>> AD... meaning weeks of delay for new AD groups. It is a hack that I'd
>> rather not use if Azure authorization can be made to work properly.
>
>>
>
>> Any other advice will be welcome too.
>
>
>
> No idea but some questions that might help.
>
>
>
> Some sort of Java EE / Jakarta EE conflict?
>
>
>
> A JAR present in the WAR that contains some of the Servlet API JARs?
>
>
>
> Which version of which JAR is that ServletContainerInitializer coming from?
>
>
>
> Mark
>
>
>
> ---------------------------------------------------------------------
>
> To unsubscribe, e-mail:
> users-unsubscr...@tomcat.apache.org<mailto:users-unsubscr...@tomcat.apache.org<mailto:users-unsubscr...@tomcat.apache.org%3cmailto:users-unsubscr...@tomcat.apache.org>>
>
> For additional commands, e-mail:
> users-h...@tomcat.apache.org<mailto:users-h...@tomcat.apache.org<mailto:users-h...@tomcat.apache.org%3cmailto:users-h...@tomcat.apache.org>>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail:
users-unsubscr...@tomcat.apache.org<mailto:users-unsubscr...@tomcat.apache.org>
For additional commands, e-mail:
users-h...@tomcat.apache.org<mailto:users-h...@tomcat.apache.org>
