Spring Boot app fails with [APP/PROC/WEB/0] [ERR] Caused by: java.lang.IllegalArgumentException: Could not resolve placeholder '<EXAMPLE>.clientSecret' in value "${<EXAMPLE>.clientSecret}"
search cancel

Spring Boot app fails with [APP/PROC/WEB/0] [ERR] Caused by: java.lang.IllegalArgumentException: Could not resolve placeholder '<EXAMPLE>.clientSecret' in value "${<EXAMPLE>.clientSecret}"

book

Article ID: 383286

calendar_today

Updated On:

Products

Operations Manager VMware Spring Runtime VMware Tanzu Application Service for VMs

Issue/Introduction

Users may face the following application error from failing Spring Boot Application deployed with/on TAS:

[APP/PROC/WEB/0] [ERR] Caused by: java.lang.IllegalArgumentException: Could not resolve placeholder '<EXAMPLE>.clientSecret' in value "${<EXAMPLE>.clientSecret}"

Users may also see similar/corresponding errors below:

  • From: Application logs
[APP/PROC/WEB/6] [OUT] Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.BeanCreationException: Error creating bean with name '<EXAMPLE-CONFIG>': Injection of autowired dependencies failed; nested exception is java.lang. IllegalArgumentException: Could not resolve placeholder '<EXAMPLE>.clientSecret' in value

# and/or:

org-springframework.boot.loader.JarLauncher-main(JarLauncher.java:65)InCaused by: Org.springframework-web.client.HttpClientErrorException$BadRequesty 400 Bad Request: \"(\"errors)": [\"Error requesting apps: Get ||\"https://API.EXAMPLE-
depth=211\": oauth2: 11\"invalid_token||\" ||\"Could not verify token signature
  • From: opsmanager/uaa.err.log
ERROR -- : [55ba3b96-0162-4a0e-a7b7-464c19cea6f9] (cloudfoundry) error response: {"error"=>"access_denied", "error_description"=>"Invalid token does not contain resource id (openid)"}
  • From: Spring Config Server
oauth2: \"invalid_token\" \"Could not verify token signature.\"\n\tat org.springframework.vault.authentication.VaultLoginException.create(VaultLoginException.java:61)\n\tat org.springframework.vault.authentication.PcfAuthentication.login(PcfAuthentication.java:119)\n\tat org.springframework.vault.authentication.LifecycleAwareSessionManager.doGetSessionToken(LifecycleAwareSessionManager.java:292)\n\tat

Cause

This issue occurs when a Spring application that is deployed on TAS uses Spring Vault or a third party Vault tool/engine to embed secrets into an application, but then the Vaults authentication process fails to validate the apps identity/token.  Therefore, crashing the app that utilizes the Vaults tooling/engine.

Resolution

Restarting/reloading of auth engine config in Vault can potentially resolve the issue. 

If restarting/reloading of auth engine config in Vault does not resolve the issue, then is recommended to create new ticket with the users actual Vault vendor (ie: Consul, HashiCorp Vault, Spring) will need to be created that mentions the missing/incorrect secret in the exception.  For this scenario, said secret would be: '<EXAMPLE>' as seen in the app log exception below:

[APP/PROC/WEB/6] [OUT] Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.BeanCreationException: Error creating bean with name '<EXAMPLE>.Config': Injection of autowired dependencies failed; nested exception is java.lang. IllegalArgumentException: Could not resolve placeholder '<EXAMPLE>' in value

Additional Information