NoMethodError when calling JJWT from Kotlin

Question

I'm working on a small Spring Boot application in Kotlin and now I want to secure it using JJWT. Roughly speaking, I am translating this tutorial to my use case: https://jakublesko.com/spring-security-with-jwt/

In the project I have this AuthenticationFilter:

class JwtAuthenticationFilter(val authManager: AuthenticationManager) : UsernamePasswordAuthenticationFilter() {

    // other stuff omitted for brevity

    override fun successfulAuthentication(request: HttpServletRequest?, response: HttpServletResponse?, chain: FilterChain?, authResult: Authentication?) {
        val user = authResult?.principal as User

        val roles = user.authorities
                .stream()
                .map(GrantedAuthority::getAuthority)

        val signingKey = JWT_SECRET.toByteArray()

        val token = Jwts.builder()
                .signWith(SignatureAlgorithm.HS512, Keys.hmacShaKeyFor(signingKey))
                .setHeaderParam("typ", TOKEN_TYPE) // validate that "typ" does not actually mean "type"
                .setIssuer(TOKEN_ISSUER)
                .setAudience(TOKEN_AUDIENCE)
                .setSubject(user.username)
                .setExpiration(Date(System.currentTimeMillis() + 864000000))
                .claim("rol", roles)
                .compact()

        response?.addHeader(TOKEN_HEADER, TOKEN_PREFIX + token)
    }
}

When I post to the authentication URL that is supposed to issue a token though, I receive:

java.lang.NoSuchMethodError: io.jsonwebtoken.SignatureAlgorithm.getMinKeyLength()I at io.jsonwebtoken.security.Keys.hmacShaKeyFor(Keys.java:69) ~[jjwt-api-0.10.7.jar:na]

I can debug into the successfulAuthentication method and see that it is called with reasonable parameters. What catches my eye is the "I" after the parenthesis at the end of the getMinKeyLength()I. My googling skills apparently do not suffice to find a reason why it is there, but I strongly suspect it is related to reflection & calling Java libs from Kotlin code.

Is anyone around who can tell me how to fix this? I have run out of guesses.

JJWT 0.10.7's Keys.java line 69 is just a standard (non-reflective) Java method call: https://github.com/jwtk/jjwt/blob/0.10.7/api/src/main/java/io/jsonwebtoken/security/Keys.java. I've no idea why Kotlin would have a problem with it - I wish I knew myself :/ — Les Hazlewood, Aug 22 '19 at 21:04
I wonder what it could be - it's a normal Java call, no reflection. :/ — Les Hazlewood, Oct 05 '19 at 17:26
This looks like a dependency version issue. Notice that your 'signwith()' has a different parameter order than your example. Try it again using the same versions in that example - '0.10.5'. — Greg, Jul 25 '21 at 16:15

Kris-Gerhard Aabrams · Answer 1 · 2020-07-31T13:42:35.793

3

I stumbled upon the same issue. The reason for this is most probably a dependency conflict. Check if you have any other dependency using jjwt. For us it was com.twilio.sdk.

You can do it using

mvn dependency:tree -Dverbose

After you've identified the conflicting dependency you can either match your jjwt version or exclude it from the dependency.

edited Jul 31 '20 at 13:42

answered Jul 31 '20 at 13:35

Kris-Gerhard Aabrams

61
5

score 0 · Answer 2 · answered Oct 22 '21 at 18:43

0

to run java code from Kotlin, please put the java sources under the folder

main/java

Also, your kotlin sources are located under main/kotlin

answered Oct 22 '21 at 18:43

justCurious

720
7
13

NoMethodError when calling JJWT from Kotlin

2 Answers2