ANTLR ATN version conflict

[Lucas Theisen]

I just attempted to upgrade from 6.5 to 7.2 because of a bug preventing the change password workflow from working after adding MFA (this bug appears to have a fix in 7.2: https://github.com/apereo/cas/commit/3010b6c2caf99d3f6f5888cb1aada3576eddc580).

 

But there appears to be a version conflict in ANTLR dependencies that I can’t seem to work around.  It stems from the fact that hibernate (as of 6) updated to ANTLR 4.10 (https://github.com/hibernate/hibernate-orm/discussions/4975) which uses ATN version 4, but  cqengine has not yet done so (https://github.com/npgall/cqengine/issues/307) so it is still using ATN version 3.   When I look at my dependency tree I see:

[INFO] +- org.apereo.cas:cas-server-support-audit-jdbc:jar:7.2.0-RC3:runtime

[INFO] |  \- org.apereo.cas:cas-server-support-jpa-hibernate:jar:7.2.0-RC3:runtime

[INFO] |     \- org.hibernate.orm:hibernate-core:jar:6.6.3.Final:runtime

[INFO] |        \- org.antlr:antlr4-runtime:jar:4.13.0:runtime

[INFO] \- org.apereo.cas:cas-server-support-json-service-registry:jar:7.2.0-RC3:runtime

[INFO]    \- org.apereo.cas:cas-server-core-services-registry:jar:7.2.0-RC3:runtime

[INFO]       \- com.googlecode.cqengine:cqengine:jar:3.6.0:runtime

[INFO]          \- (org.antlr:antlr4-runtime:jar:4.7.2:runtime - omitted for conflict with 4.13.0)

 

 

And when I run CAS with both dependencies, the moment my browsers transitions to the MFA (cas-server-support-gauth-jpa) screen, I see this error in my logs:


java.lang.RuntimeException: jakarta.servlet.ServletException: Request processing failed: org.springframework.webflow.execution.ActionExecutionException: Exception thrown executing org.apereo.cas.gauth.web.flow.GoogleAuthenticatorPrepareLoginAction@45784074 in state 'initializeLoginForm' of flow 'mfa-gauth' -- action execution attributes were 'map[[empty]]'

        at org.apereo.cas.web.support.filters.AbstractSecurityFilter.throwException(AbstractSecurityFilter.java:42) ~[cas-server-core-web-api-7.2.0-RC3.jar!/:7.2.0-RC3]

        at org.apereo.cas.web.support.filters.ResponseHeadersEnforcementFilter.doFilter(ResponseHeadersEnforcementFilter.java:198) ~[cas-server-core-web-api-7.2.0-RC3.jar!/:7.2.0-RC3]

        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:164) ~[tomcat-embed-core-10.1.33.jar!/:?]

        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:140) ~[tomcat-embed-core-10.1.33.jar!/:?]

...

Caused by: java.io.InvalidClassException: org.antlr.v4.runtime.atn.ATN; Could not deserialize ATN with version 4 (expected 3).

 

 

I am unsure how to proceed here.  I am not against attempting to contribute, but what would the proper contribution be?  Would we try to downgrade to a version of hibernate before 6?  Remove cqengine because the update to ATN 4 does not appear to be forthcoming?  Try to workaround the cqengine by using their shaded jar (https://github.com/npgall/cqengine/issues/307#issuecomment-1437226922)?

Lucas

[Lucas Theisen]

Well, i put in a pull request:

https://github.com/apereo/cas/pull/6290

using the workaround supplied by the upstream (cqengine) maintainer.  It seemed like the most appropriate fix for this situation.

[Pablo Vidaurri]

Running intho this ATN version conflict while using OAuth2 with CAS7.

What is the workaround? adding the equivalent of this to gradle build?

<dependency>
    <!-- Add a dependency on CQEngine's shaded jar instead of regular jar, and exclude all of CQEngine's transitive dependencies -->
    <groupId>com.googlecode.cqengine</groupId>
    <artifactId>cqengine</artifactId>
    <version>x.x.x</version>
    <classifier>all</classifier>
    <exclusions>
        <exclusion>
            <groupId>*</groupId>
            <artifactId>*</artifactId>
        </exclusion>
    </exclusions>
</dependency>

[Lucas Theisen]

I tried to push a PR with the workaround, but it was not accepted because i couldn't rig up a test (i couldn't come up with a simple enough mock scenario to repro).  My PR is here:  https://github.com/apereo/cas/pull/6290, and shows the very minimal modification needed and the discussion outlines its impact.  Boils down to:


$ git diff HEAD^
diff --git a/gradle/dependencies.gradle b/gradle/dependencies.gradle
index 6e7ada35daf..044c32d82d2 100644
--- a/gradle/dependencies.gradle
+++ b/gradle/dependencies.gradle
@@ -562,9 +562,8 @@ ext.libraries = [
             exclude(group: "log4j", module: "log4j")
         },
         cqengine                   : [
-                dependencies.create("com.googlecode.cqengine:cqengine:$cqEngineVersion") {
-                    exclude(group: 'org.xerial', module: "sqlite-jdbc")
-                    exclude(group: "org.javassist", module: "javassist")
+                dependencies.create("com.googlecode.cqengine:cqengine:$cqEngineVersion:all") {
+                    transitive = false
                 }
         ],
         maxmind                    : [

Which stems from this upstream bug report: https://github.com/npgall/cqengine/issues/307#issuecomment-1437226922

I have been able to build cas local after making that change, then use that cas as the base for my downstream and it just works.

Hope that helps

Lucas

[Pablo Vidaurri]

Thanks for the response.

I'm using cas-overlay project.

So I guess I need to checkout CAS project, apply the workaround then build CAS to use in my overlay.

-psv

[Pablo Vidaurri]

even more boggling, no issues when running local using embedded tomcat. Only run into the issue when deploying to a server with wildfly 34.

Only differences is jdk:

• opendjk 21 on local vs java-21-amazon-corretto on server
• embedded tomcat on local vs wildfly 34 on server

I'm connecting to same postgres db.