Error creating bean with name 'springSecurityFilterChain' defined in class path resource 3

Question

As I'm new to Spring and Spring Security and following some YouTube tutorial I coded exactly same and getting above error.

Error

org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'springSecurityFilterChain' defined in class path resource [org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [javax.servlet.Filter]: Factory method 'springSecurityFilterChain' threw exception; nested exception is java.lang.IllegalArgumentException: Cannot pass a null GrantedAuthority collection
at org.springframework.beans.factory.support.ConstructorResolver.instantiate(ConstructorResolver.java:625) ~[spring-beans-5.1.0.RELEASE.jar:5.1.0.RELEASE]
at org.springframework.beans.factory.support.ConstructorResolver.instantiateUsingFactoryMethod(ConstructorResolver.java:456) ~[spring-beans-5.1.0.RELEASE.jar:5.1.0.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.instantiateUsingFactoryMethod(AbstractAutowireCapableBeanFactory.java:1287) ~[spring-beans-5.1.0.RELEASE.jar:5.1.0.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1126) ~[spring-beans-5.1.0.RELEASE.jar:5.1.0.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:538) ~[spring-beans-5.1.0.RELEASE.jar:5.1.0.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:498) ~[spring-beans-5.1.0.RELEASE.jar:5.1.0.RELEASE]
at org.springframework.beans.factory.support.AbstractBeanFactory.lambda$doGetBean$0(AbstractBeanFactory.java:320) ~[spring-beans-5.1.0.RELEASE.jar:5.1.0.RELEASE]
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222) ~[spring-beans-5.1.0.RELEASE.jar:5.1.0.RELEASE]
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:318) ~[spring-beans-5.1.0.RELEASE.jar:5.1.0.RELEASE]
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:199) ~[spring-beans-5.1.0.RELEASE.jar:5.1.0.RELEASE]
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:307) ~[spring-beans-5.1.0.RELEASE.jar:5.1.0.RELEASE]
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:199) ~[spring-beans-5.1.0.RELEASE.jar:5.1.0.RELEASE]
at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:848) ~[spring-beans-5.1.0.RELEASE.jar:5.1.0.RELEASE]
at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:865) ~[spring-context-5.1.0.RELEASE.jar:5.1.0.RELEASE]
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:548) ~[spring-context-5.1.0.RELEASE.jar:5.1.0.RELEASE]
at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.refresh(ServletWebServerApplicationContext.java:140) ~[spring-boot-2.1.0.BUILD-SNAPSHOT.jar:2.1.0.BUILD-SNAPSHOT]
at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:797) [spring-boot-2.1.0.BUILD-SNAPSHOT.jar:2.1.0.BUILD-SNAPSHOT]
at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:421) [spring-boot-2.1.0.BUILD-SNAPSHOT.jar:2.1.0.BUILD-SNAPSHOT]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:340) [spring-boot-2.1.0.BUILD-SNAPSHOT.jar:2.1.0.BUILD-SNAPSHOT]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1291) [spring-boot-2.1.0.BUILD-SNAPSHOT.jar:2.1.0.BUILD-SNAPSHOT]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1279) [spring-boot-2.1.0.BUILD-SNAPSHOT.jar:2.1.0.BUILD-SNAPSHOT]
at com.spring.security.SpringsecurityApplication.main(SpringsecurityApplication.java:12) [classes/:na]
Caused by: org.springframework.beans.BeanInstantiationException: Failed to instantiate [javax.servlet.Filter]: Factory method 'springSecurityFilterChain' threw exception; nested exception is java.lang.IllegalArgumentException: Cannot pass a null GrantedAuthority collection
at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:185) ~[spring-beans-5.1.0.RELEASE.jar:5.1.0.RELEASE]
at org.springframework.beans.factory.support.ConstructorResolver.instantiate(ConstructorResolver.java:620) ~[spring-beans-5.1.0.RELEASE.jar:5.1.0.RELEASE]
... 21 common frames omitted
Caused by: java.lang.IllegalArgumentException: Cannot pass a null GrantedAuthority collection
at org.springframework.util.Assert.notNull(Assert.java:198) ~[spring-core-5.1.0.RELEASE.jar:5.1.0.RELEASE]
at org.springframework.security.core.userdetails.User.sortAuthorities(User.java:163) ~[spring-security-core-5.1.0.RELEASE.jar:5.1.0.RELEASE]
at org.springframework.security.core.userdetails.User.<init>(User.java:123) ~[spring-security-core-5.1.0.RELEASE.jar:5.1.0.RELEASE]
at org.springframework.security.core.userdetails.User$UserBuilder.build(User.java:535) ~[spring-security-core-5.1.0.RELEASE.jar:5.1.0.RELEASE]
at org.springframework.security.config.annotation.authentication.configurers.provisioning.UserDetailsManagerConfigurer$UserDetailsBuilder.build(UserDetailsManagerConfigurer.java:279) ~[spring-security-config-5.1.0.RELEASE.jar:5.1.0.RELEASE]
at org.springframework.security.config.annotation.authentication.configurers.provisioning.UserDetailsManagerConfigurer.initUserDetailsService(UserDetailsManagerConfigurer.java:60) ~[spring-security-config-5.1.0.RELEASE.jar:5.1.0.RELEASE]
at org.springframework.security.config.annotation.authentication.configurers.userdetails.UserDetailsServiceConfigurer.configure(UserDetailsServiceConfigurer.java:47) ~[spring-security-config-5.1.0.RELEASE.jar:5.1.0.RELEASE]
at org.springframework.security.config.annotation.authentication.configurers.userdetails.UserDetailsServiceConfigurer.configure(UserDetailsServiceConfigurer.java:34) ~[spring-security-config-5.1.0.RELEASE.jar:5.1.0.RELEASE]
at org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder.configure(AbstractConfiguredSecurityBuilder.java:384) ~[spring-security-config-5.1.0.RELEASE.jar:5.1.0.RELEASE]
at org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder.doBuild(AbstractConfiguredSecurityBuilder.java:330) ~[spring-security-config-5.1.0.RELEASE.jar:5.1.0.RELEASE]
at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter.getHttp(WebSecurityConfigurerAdapter.java:201) ~[spring-security-config-5.1.0.RELEASE.jar:5.1.0.RELEASE]
at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter.init(WebSecurityConfigurerAdapter.java:321) ~[spring-security-config-5.1.0.RELEASE.jar:5.1.0.RELEASE]
at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter.init(WebSecurityConfigurerAdapter.java:92) ~[spring-security-config-5.1.0.RELEASE.jar:5.1.0.RELEASE]
at com.spring.security.config.SecurityConfiguration$$EnhancerBySpringCGLIB$$1d8d4c86.init(<generated>) ~[classes/:na]
at org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder.init(AbstractConfiguredSecurityBuilder.java:371) ~[spring-security-config-5.1.0.RELEASE.jar:5.1.0.RELEASE]
at org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder.doBuild(AbstractConfiguredSecurityBuilder.java:325) ~[spring-security-config-5.1.0.RELEASE.jar:5.1.0.RELEASE]
at org.springframework.security.config.annotation.AbstractSecurityBuilder.build(AbstractSecurityBuilder.java:41) ~[spring-security-config-5.1.0.RELEASE.jar:5.1.0.RELEASE]
at org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration.springSecurityFilterChain(WebSecurityConfiguration.java:104) ~[spring-security-config-5.1.0.RELEASE.jar:5.1.0.RELEASE]
at org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration$$EnhancerBySpringCGLIB$$efe529b0.CGLIB$springSecurityFilterChain$1(<generated>) ~[spring-security-config-5.1.0.RELEASE.jar:5.1.0.RELEASE]
at org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration$$EnhancerBySpringCGLIB$$efe529b0$$FastClassBySpringCGLIB$$8d960911.invoke(<generated>) ~[spring-security-config-5.1.0.RELEASE.jar:5.1.0.RELEASE]
at org.springframework.cglib.proxy.MethodProxy.invokeSuper(MethodProxy.java:244) ~[spring-core-5.1.0.RELEASE.jar:5.1.0.RELEASE]

Security Config File

@EnableWebSecurity
@Configuration
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
    auth.inMemoryAuthentication()
    .withUser("abhi").password("test").and()
    .withUser("kumar").password("test2");
}
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
    httpSecurity.authorizeRequests()
    .anyRequest()
    .fullyAuthenticated()
    .and().httpBasic();
    httpSecurity.csrf().disable();

}}

I referred to similar questions also but none solve my error. This is my first program using Spring Security.

Answer 1

remove from class "extends WebSecurityConfigurerAdapter" and @override and program will compile :)

Answer 2

When you override the configure(AuthenticationManagerBuilder auth) method by using auth.inMemoryAuthentication().withUser, you are essentially creating a new User (of type org.springframework.security.core.userdetails.User).

Whenever a new User object needs to be created and added to the spring security ecosystem, it needs 3 Non-nullable arguments. They are

• String username
• String password
• Collection<? extends GrantedAuthority> authorities

So when you provide username and password using withUser(String username) and password(String password), you must also provide the authority to the user by using either roles(String... roles),authorities(GrantedAuthority... authorities),authorities(List<? extends GrantedAuthority> authorities) or authorities(String... authorities). The easiest for you would be to use the roles(String... roles) method and provide the role that you want, like role("USER") or in case you don't want to provide any role, just use role("") and that would pass an empty collection to the Collection<? extends GrantedAuthority> authorities attribute of the User object. So essentially, you need to modify the configure method as below :

@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
    auth.inMemoryAuthentication()
     .withUser("abhi").password("test").roles("") //or .roles("USER")
     .and()
     .withUser("kumar").password("test2").roles(""); //or .roles("USER")
}

The below is from the documentation of org.springframework.security.core.userdetails.User

@throws IllegalArgumentException if a null value was passed either as a parameter or as an element in the GrantedAuthority collection

Answer 3

If you would like to allow for all user roles, use below but roles has to pass as blank. Change it and you should be good.

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.inMemoryAuthentication()
                .withUser("abhi").password("test").roles("")
                 .and()
                .withUser("kumar").password("test2").roles("");
    }

Answer 4

To avoid Cannot pass a null GrantedAuthority collection you must assign user roles to each user as .roles("USER").

@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
    auth.inMemoryAuthentication()
    .withUser("abhi").password("test").roles("USER")
    .and()
    .withUser("kumar").password("test2").roles("USER");
}