0

I am trying to write modularized Java web application using Java 9 modules and Spring framework. I am using Spring Boot 2.0 for this task. Everything seems to be working really well until adding Spring Security to the project. When I add Spring Security I am starting to receive multiple exceptions with message: java.lang.UnsupportedOperationException: ResourceBundle.Control not supported in named modules. The error happens no matter if I define my one message source bean or leave everything on default.

I have placed the example source code that can replicate this error on GitHub: https://github.com/ankalag0n/SpringSecurityJ9Test

Do I do something wrong or maybe Spring Security does not yet support Java 9?

java.lang.UnsupportedOperationException: ResourceBundle.Control not supported in named modules
    at java.base/java.util.ResourceBundle.checkNamedModule(ResourceBundle.java:1537) ~[na:na]
    at java.base/java.util.ResourceBundle.getBundle(ResourceBundle.java:1498) ~[na:na]
    at spring.context@5.0.4.RELEASE/org.springframework.context.support.ResourceBundleMessageSource.doGetBundle(ResourceBundleMessageSource.java:223) ~[spring-context-5.0.4.RELEASE.jar:na]
    at spring.context@5.0.4.RELEASE/org.springframework.context.support.ResourceBundleMessageSource.getResourceBundle(ResourceBundleMessageSource.java:189) ~[spring-context-5.0.4.RELEASE.jar:na]
    at spring.context@5.0.4.RELEASE/org.springframework.context.support.ResourceBundleMessageSource.resolveCodeWithoutArguments(ResourceBundleMessageSource.java:132) ~[spring-context-5.0.4.RELEASE.jar:na]
    at spring.context@5.0.4.RELEASE/org.springframework.context.support.AbstractMessageSource.getMessageInternal(AbstractMessageSource.java:212) ~[spring-context-5.0.4.RELEASE.jar:na]
    at spring.context@5.0.4.RELEASE/org.springframework.context.support.AbstractMessageSource.getMessage(AbstractMessageSource.java:141) ~[spring-context-5.0.4.RELEASE.jar:na]
    at spring.context@5.0.4.RELEASE/org.springframework.context.support.MessageSourceAccessor.getMessage(MessageSourceAccessor.java:87) ~[spring-context-5.0.4.RELEASE.jar:na]
    at spring.security.web@5.0.3.RELEASE/org.springframework.security.web.access.ExceptionTranslationFilter.handleSpringSecurityException(ExceptionTranslationFilter.java:187) ~[spring-security-web-5.0.3.RELEASE.jar:na]
    at spring.security.web@5.0.3.RELEASE/org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:138) ~[spring-security-web-5.0.3.RELEASE.jar:na]
    at spring.security.web@5.0.3.RELEASE/org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) ~[spring-security-web-5.0.3.RELEASE.jar:na]
    at spring.security.web@5.0.3.RELEASE/org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:137) ~[spring-security-web-5.0.3.RELEASE.jar:na]
    at spring.security.web@5.0.3.RELEASE/org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) ~[spring-security-web-5.0.3.RELEASE.jar:na]
    at spring.security.web@5.0.3.RELEASE/org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:111) ~[spring-security-web-5.0.3.RELEASE.jar:na]
    at spring.security.web@5.0.3.RELEASE/org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) ~[spring-security-web-5.0.3.RELEASE.jar:na]
    at spring.security.web@5.0.3.RELEASE/org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:170) ~[spring-security-web-5.0.3.RELEASE.jar:na]
    at spring.security.web@5.0.3.RELEASE/org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) ~[spring-security-web-5.0.3.RELEASE.jar:na]
    at spring.security.web@5.0.3.RELEASE/org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63) ~[spring-security-web-5.0.3.RELEASE.jar:na]
    at spring.security.web@5.0.3.RELEASE/org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) ~[spring-security-web-5.0.3.RELEASE.jar:na]
    at spring.security.web@5.0.3.RELEASE/org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilterInternal(BasicAuthenticationFilter.java:158) ~[spring-security-web-5.0.3.RELEASE.jar:na]
    at spring.web@5.0.4.RELEASE/org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-5.0.4.RELEASE.jar:na]
    at spring.security.web@5.0.3.RELEASE/org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) ~[spring-security-web-5.0.3.RELEASE.jar:na]
    at spring.security.web@5.0.3.RELEASE/org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:200) ~[spring-security-web-5.0.3.RELEASE.jar:na]
    at spring.security.web@5.0.3.RELEASE/org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) ~[spring-security-web-5.0.3.RELEASE.jar:na]
    at spring.security.web@5.0.3.RELEASE/org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116) ~[spring-security-web-5.0.3.RELEASE.jar:na]
    at spring.security.web@5.0.3.RELEASE/org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) ~[spring-security-web-5.0.3.RELEASE.jar:na]
    at spring.security.web@5.0.3.RELEASE/org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:100) ~[spring-security-web-5.0.3.RELEASE.jar:na]
    at spring.web@5.0.4.RELEASE/org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-5.0.4.RELEASE.jar:na]
    at spring.security.web@5.0.3.RELEASE/org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) ~[spring-security-web-5.0.3.RELEASE.jar:na]
    at spring.security.web@5.0.3.RELEASE/org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:66) ~[spring-security-web-5.0.3.RELEASE.jar:na]
    at spring.web@5.0.4.RELEASE/org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-5.0.4.RELEASE.jar:na]
    at spring.security.web@5.0.3.RELEASE/org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) ~[spring-security-web-5.0.3.RELEASE.jar:na]
    at spring.security.web@5.0.3.RELEASE/org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105) ~[spring-security-web-5.0.3.RELEASE.jar:na]
    at spring.security.web@5.0.3.RELEASE/org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) ~[spring-security-web-5.0.3.RELEASE.jar:na]
    at spring.security.web@5.0.3.RELEASE/org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56) ~[spring-security-web-5.0.3.RELEASE.jar:na]
    at spring.web@5.0.4.RELEASE/org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-5.0.4.RELEASE.jar:na]
    at spring.security.web@5.0.3.RELEASE/org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) ~[spring-security-web-5.0.3.RELEASE.jar:na]
    at spring.security.web@5.0.3.RELEASE/org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:215) ~[spring-security-web-5.0.3.RELEASE.jar:na]
    at spring.security.web@5.0.3.RELEASE/org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:178) ~[spring-security-web-5.0.3.RELEASE.jar:na]
    at spring.web@5.0.4.RELEASE/org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:357) ~[spring-web-5.0.4.RELEASE.jar:na]
    at spring.web@5.0.4.RELEASE/org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:270) ~[spring-web-5.0.4.RELEASE.jar:na]
    at tomcat.embed.core@8.5.28/org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-8.5.28.jar:na]
    at tomcat.embed.core@8.5.28/org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-8.5.28.jar:na]
    at spring.web@5.0.4.RELEASE/org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99) ~[spring-web-5.0.4.RELEASE.jar:na]
    at spring.web@5.0.4.RELEASE/org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-5.0.4.RELEASE.jar:na]
    at tomcat.embed.core@8.5.28/org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-8.5.28.jar:na]
    at tomcat.embed.core@8.5.28/org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-8.5.28.jar:na]
    at spring.web@5.0.4.RELEASE/org.springframework.web.filter.HttpPutFormContentFilter.doFilterInternal(HttpPutFormContentFilter.java:109) ~[spring-web-5.0.4.RELEASE.jar:na]
    at spring.web@5.0.4.RELEASE/org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-5.0.4.RELEASE.jar:na]
    at tomcat.embed.core@8.5.28/org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-8.5.28.jar:na]
    at tomcat.embed.core@8.5.28/org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-8.5.28.jar:na]
    at spring.web@5.0.4.RELEASE/org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:81) ~[spring-web-5.0.4.RELEASE.jar:na]
    at spring.web@5.0.4.RELEASE/org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-5.0.4.RELEASE.jar:na]
    at tomcat.embed.core@8.5.28/org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-8.5.28.jar:na]
    at tomcat.embed.core@8.5.28/org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-8.5.28.jar:na]
    at spring.web@5.0.4.RELEASE/org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:200) ~[spring-web-5.0.4.RELEASE.jar:na]
    at spring.web@5.0.4.RELEASE/org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-5.0.4.RELEASE.jar:na]
    at tomcat.embed.core@8.5.28/org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-8.5.28.jar:na]
    at tomcat.embed.core@8.5.28/org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-8.5.28.jar:na]
    at tomcat.embed.core@8.5.28/org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199) ~[tomcat-embed-core-8.5.28.jar:na]
    at tomcat.embed.core@8.5.28/org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96) [tomcat-embed-core-8.5.28.jar:na]
    at tomcat.embed.core@8.5.28/org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:496) [tomcat-embed-core-8.5.28.jar:na]
    at tomcat.embed.core@8.5.28/org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140) [tomcat-embed-core-8.5.28.jar:na]
    at tomcat.embed.core@8.5.28/org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81) [tomcat-embed-core-8.5.28.jar:na]
    at tomcat.embed.core@8.5.28/org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87) [tomcat-embed-core-8.5.28.jar:na]
    at tomcat.embed.core@8.5.28/org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342) [tomcat-embed-core-8.5.28.jar:na]
    at tomcat.embed.core@8.5.28/org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:803) [tomcat-embed-core-8.5.28.jar:na]
    at tomcat.embed.core@8.5.28/org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) [tomcat-embed-core-8.5.28.jar:na]
    at tomcat.embed.core@8.5.28/org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:790) [tomcat-embed-core-8.5.28.jar:na]
    at tomcat.embed.core@8.5.28/org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1459) [tomcat-embed-core-8.5.28.jar:na]
    at tomcat.embed.core@8.5.28/org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) [tomcat-embed-core-8.5.28.jar:na]
    at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167) [na:na]
    at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:641) [na:na]
    at tomcat.embed.core@8.5.28/org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-embed-core-8.5.28.jar:na]
    at java.base/java.lang.Thread.run(Thread.java:844) [na:na]
Grzegorz B.
  • 346
  • 5
  • 10
  • I don't know anything about Spring Security but one thing to point out is that code in modules can't use the ResourceBundle.Control API. If you call getBundle with a Control object then it fails as you are seeing. All the details are in the ResourceBundle javadoc. – Alan Bateman Mar 24 '18 at 14:30
  • The thing is that it's not my code that is calling ResourceBundle.Control API. The Spring's class `org.springframework.context.support.ResourceBundleMessageSource` is doing it invoked by Spring Security. I was thinking about creating my own class that extends it and overrides the problematic method by I don't see the way to force spring security to use something else than it's one message source class. – Grzegorz B. Mar 24 '18 at 14:44
  • If Spring Security supports being deployed as a module then it will need to move away from the RB.Control. I don't know if their issue tracker has anything on this. – Alan Bateman Mar 24 '18 at 15:05
  • The relevant javadoc: https://docs.oracle.com/javase/9/docs/api/java/util/ResourceBundle.html#bundleprovider – jzheaux Mar 26 '18 at 14:26
  • Spring Security currently has an issue that you can track https://github.com/spring-projects/spring-security/issues/5069 – jzheaux Mar 26 '18 at 14:42

0 Answers0