Reputation: 1344
Spring boot 2.6.0 Error creating bean with name 'webSecurityConfig'
I am unable to update my spring boot app to 2.6.0 from 2.5.7. It throws the following error.
2021-12-07T08:40:22,311 ERROR [restartedMain] o.s.b.SpringApplication.reportFailure:819|| Application run failed org.springframework.beans.factory.BeanCurrentlyInCreationException: Error creating bean with name 'webSecurityConfig':
The requested bean is currently in creation: Is there an unresolvable circular reference?
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.beforeSingletonCreation(DefaultSingletonBeanRegistry.java:355)
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:227)
From the spring-boot 2.6.0 release notes, it is clear that circular references are disabled. And it can be enabled back with the property spring.main.allow-circular-references = true. But I would like to fix the circular reference in the first place. Can anyone help me troubleshoot this issue? Please find the WebSecurityConfig class below,
@Configuration
@EnableWebSecurity
@SuppressWarnings({"PMD.SignatureDeclareThrowsException"})
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
private final UserDetailsService userDetailsService;
public WebSecurityConfig(final UserDetailsService userDetailsService) {
this.userDetailsService = userDetailsService;
}
@Bean
public BCryptPasswordEncoder bcryptPasswordEncoder() {
return new BCryptPasswordEncoder();
}
@Override
protected void configure(final HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/resources/**", "/registration", "/css/**", "/js/**", "/h2-console/*").permitAll()
.anyRequest().authenticated().and()
.formLogin()
.loginPage("/login").permitAll().and()
.headers()
.frameOptions().sameOrigin().and()
.logout()
.permitAll().and()
.requiresChannel()
.requestMatchers(r -> r.getHeader("X-Forwarded-Proto") != null)
.requiresSecure();
}
@Autowired
public void configureGlobal(final AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(bcryptPasswordEncoder());
}
}
My code is open-sourced and can be found at https://github.com/surajcm/Poseidon, I will try to troubleshoot on my own and will share the updates if I am able to resolve this issue
Upvotes: 8
Views: 7807
Answers (3)
Reputation: 3468
I got a similar error and the cause was that both spring-security-config version 5 and 4 were on the classpath. Check/refresh/correct your dependencies.
Upvotes: 0
Reputation: 1344
Since I got a comment saying I am doing custom security config, which is a bad practice, I tried to fix it on my own. Tried to remove the configureGlobal and added authenticationProvider bean instead. Please find the sample code below
@Configuration
@EnableWebSecurity
@SuppressWarnings({"PMD.SignatureDeclareThrowsException"})
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
private final UserDetailsService userDetailsService;
public WebSecurityConfig(final UserDetailsService userDetailsService) {
this.userDetailsService = userDetailsService;
}
@Bean
public BCryptPasswordEncoder bcryptPasswordEncoder() {
return new BCryptPasswordEncoder();
}
@Override
protected void configure(final HttpSecurity http) throws Exception {
//http.headers().frameOptions().disable();
http.csrf().disable();
http
.authorizeRequests()
.antMatchers("/resources/**",
"/registration",
"/css/**", "/js/**", "/img/**",
"/h2-console/**",
"/console/**").permitAll()
.and().headers().frameOptions().sameOrigin();
http
.authorizeRequests()
.anyRequest().authenticated().and()
.formLogin()
.loginPage("/login").permitAll().and()
.headers()
.frameOptions().sameOrigin().and()
.logout()
.permitAll().and()
.requiresChannel()
.requestMatchers(r -> r.getHeader("X-Forwarded-Proto") != null)
.requiresSecure();
}
@Bean
public AuthenticationProvider authenticationProvider() {
var provider = new DaoAuthenticationProvider();
provider.setUserDetailsService(userDetailsService);
provider.setPasswordEncoder(bcryptPasswordEncoder());
return provider;
}
}
Upvotes: 0
Reputation: 3889
The problem is the password encoder. It is required to build the auto-configured UserDetailsService that you inject in the contructor of the class.
You can break the cycle by making the bean factory method static:
@Bean
public static BCryptPasswordEncoder bcryptPasswordEncoder() {
return new BCryptPasswordEncoder();
}
You can also move the factory method to different configuration class. But in my opinion, your WebSecurityConfig is the canonical place for the method.
Upvotes: 19
Related Questions
- Error creating bean with name 'securityConfig': Requested bean is currently in creation:
- BeanCurrentlyInCreationException after upgrading Boot to 2.6
- Spring MVC Security: Error creating bean with name 'springSecurityFilterChain'
- I am reciving a bean creation error with my security config class for spring security
- Error creating bean with name 'webSecurityConfig': Unsatisfied dependency expressed through field 'userSevice';
- SPRING Problem Error creating bean with name 'webSecurityConfig': Unsatisfied dependency
- Spring boot with spring security: Error creating bean with name 'securityConfiguration'
- Bean Creation Exception with org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration
- Error creating bean with name 'springSecurityFilterChain' defined in WebSecurityConfiguration
- spring boot with spring security : Error creating bean with name 'securityFilterChainRegistration'