i face a problem when i using spring cloud gateway

is if any dependency call spring-boot-starter-tomcat directly or recursively

it will not work because it will start the embedded tomcat server not the netty server that spring cloud gateway use

i started to solve this problem by excluding this dependency

        <exclusions>
            <exclusion>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-starter-tomcat</artifactId>
            </exclusion>
        </exclusions>

the spring cloud gateway worked successfully

but sometimes i want to use spring-cloud-starter-oauth2 to use @EnableOAuth2Sso

i start to use

    <dependency>
        <groupId>org.springframework.cloud</groupId>
        <artifactId>spring-cloud-starter-oauth2</artifactId>
        <exclusions>
            <exclusion>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-starter-tomcat</artifactId>
            </exclusion>
        </exclusions>
    </dependency>

at that time i face the big issue that throw exception saying

Caused by: java.lang.IllegalStateException: Failed to introspect annotated methods on class org.springframework.security.oauth2.config.annotation.web.configuration.OAuth2ClientConfiguration ......

Caused by: java.lang.NoClassDefFoundError: javax/servlet/Filter

As you've seen, the Spring cloud gateway uses the reactive model and is based on netty rather than tomcat. The reactive change is a major shift and currently isn't supported by Spring Security but work is in progress on it and you can track it at https://github.com/spring-cloud/spring-cloud-gateway/issues/179

spring boot 2.1 with spring security 5 have resolve this problem see this example

This example application (https://github.com/spring-cloud-samples/sample-gateway-oauth2login) provides a good reference for oauth2 integration and also includes a downstream micro service implementation for reactive model by using @EnableWebFluxSecurity. I can run it without issue. but how do we apply the same for non-reactive model?

I followed another microservice sample application (https://github.com/piomin/sample-spring-oauth2-microservices) which uses Zuul gateway instead. By adding @EnableResourceServer to the micro service, the actuator endpoints (/health) was blocked and was unable to register to consul.