Reputation: 49
Caused by: java.lang.IllegalStateException: Found WebSecurityConfigurerAdapter as well as SecurityFilterChain. Please select just one
I am upgrading spring boot 2.5.12 to Spring boot 2.7.2 in gradle kotlin. As per the link given <https://spring.io/blog/2022/02/21/spring-security-without-the-websecurityconfigureradapter > . When I have removed deprecated websecurityconfigureradapter getting exception. Code snippet is given below
@Configuration
@EnableWebSecurity
@Order(1)
public class BasicAuthC {
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http
.requestMatchers().antMatchers("/api/anything"")
.and()
.authorizeRequests(requests -> requests.anyRequest().fullyAuthenticated())
.httpBasic()
return http.build();
}
@Bean
public InMemoryUserDetailsManager memoryUserDetailsManager() {
PasswordEncoder encoder = PasswordEncoderFactories.createDelegatingPasswordEncoder();
return new InMemoryUserDetailsManager (User.withUsername("testUserName").password(encoder.encode("****")).
authorities(new SimpleGrantedAuthority("SOME_ROLE")).build());
}
}
import com.azure.spring.aad.webapi.AADJwtBearerTokenAuthenticationConverter;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Profile;
import org.springframework.core.annotation.Order;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
import org.springframework.security.web.SecurityFilterChain;
@Order(2)
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
@Configuration
public class OAuthTwoConfiguration {
@Profile(value="OAUTHPROFILE")
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/api/test").permitAll()
.and().authorizeRequests((requests) -> requests.anyRequest().authenticated())
.oauth2ResourceServer()
.jwt()
.jwtAuthenticationConverter(new AADJwtBearerTokenAuthenticationConverter());
return http.build();
}
@Profile(value = "test")
@Bean
public WebSecurityCustomizer WebSecurityCustomizer () throws Exception {
return (web)->web.ignoring().antMatchers("/someAPI");
}
}
Caused by: org.springframework.beans.BeanInstantiationException: Failed to instantiate [javax.servlet.Filter]: Factory method 'springSecurityFilterChain' threw exception; nested exception is java.lang.IllegalStateException: Found WebSecurityConfigurerAdapter as well as SecurityFilterChain. Please select just one. at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:185) ~[spring-beans-5.3.22.jar:5.3.22] at org.springframework.beans.factory.support.ConstructorResolver.instantiate(ConstructorResolver.java:653) ~[spring-beans-5.3.22.jar:5.3.22] ... 21 common frames omitted Caused by: java.lang.IllegalStateException: Found WebSecurityConfigurerAdapter as well as SecurityFilterChain. Please select just one. at org.springframework.util.Assert.state(Assert.java:76) ~[spring-core-5.3.22.jar:5.3.22] at org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration.springSecurityFilterChain(WebSecurityConfiguration.java:106) ~[spring-security-config-5.7.2.jar:5.7.2] at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:na] at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:na] at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:na] at java.base/java.lang.reflect.Method.invoke(Method.java:566) ~[na:na] at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:154) ~[spring-beans-5.3.22.jar:5.3.22] ... 22 common frames omitted
Upvotes: 4
Views: 17695
Answers (1)
Reputation: 496
Either your code or some of the libraries that you use are still providing WebSecurityConfigurerAdapter.
Check your code again, maybe you are forgetting some place.
Try to update the libraries that you use to the latest versions.
If they are not migrated yet, you'll might have to wait until they are, before you get rid of WebSecurityConfigurerAdapter.
Upvotes: 4
Related Questions
- Deprecate WebSecurityConfigurerAdapter and move to SecurityFilterChain
- Replace WebSecurityConfigurerAdapter in Spring boot for ResourceServerConfigurerAdapter
- Error running springboot oauth2 application: java.security.PrivilegedActionException: null
- The type org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter cannot be resolved
- java.lang.IllegalStateException: When using WebSecurityConfigurerAdapter
- Spring Security OAuth2: InsufficientAuthenticationException
- HttpSecurity file do not have method oauth2Login()
- Unauthorized error on Spring Boot Authorization Server /oauth/authorize
- Spring Boot -> UnsatisfiedDependencyException
- An Authentication object was not found in the SecurityContext in oauth2