Home > Software design >  circular reference between Spring Security and org.springdoc.ui.SwaggerConfig when upgrading to Spri
circular reference between Spring Security and org.springdoc.ui.SwaggerConfig when upgrading to Spri

Time:12-16

When upgrading my application from Spring Boot 2.5 to 2.6, I am getting this error :

Error creating bean with name 'securityConfig': Unsatisfied dependency expressed through method 'setContentNegotationStrategy' parameter 0;

nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'org.springframework.boot.autoconfigure.web.servlet.WebMvcAutoConfiguration$EnableWebMvcConfiguration': Unsatisfied dependency expressed through method 'setConfigurers' parameter 0;

nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'org.springdoc.ui.SwaggerConfig': Unsatisfied dependency expressed through field 'swaggerIndexTransformer';

nested exception is org.springframework.beans.factory.BeanCurrentlyInCreationException: Error creating bean with name 'org.springdoc.ui.SwaggerConfig': Requested bean is currently in creation: Is there an unresolvable circular reference?

This error is documented on https://github.com/spring-projects/spring-boot/wiki/Spring-Boot-2.6-Release-Notes#circular-references-prohibited-by-default and I know I could "fix" it by setting a property and go back to Spring Boot 2.5 behavior.. But if I can take the opportunity to fix a circular reference, I may as well do it for the future.

My securityConfig is simple, because my application is a public application returning some html content, to all callers, with no authentication. so this is my config :

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

  @Override
  protected void configure(HttpSecurity security) throws Exception {
    //application is open to everyone - no security
    security.httpBasic().disable();
  }
}

the setContentNegotationStrategy that the error mentions is a method from WebSecurityConfigurerAdapter that I am not overriding, so I am not able to understand what I need to do.

if I delete my SecurityConfig class, then I still have an error, same as before but without the mention of my SecurityConfig class:

Error creating bean with name 'org.springframework.boot.autoconfigure.web.servlet.WebMvcAutoConfiguration$EnableWebMvcConfiguration': Unsatisfied dependency expressed through method 'setConfigurers' parameter 0;

nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'org.springdoc.ui.SwaggerConfig': Unsatisfied dependency expressed through field 'swaggerIndexTransformer';

nested exception is org.springframework.beans.factory.BeanCurrentlyInCreationException: Error creating bean with name 'org.springdoc.ui.SwaggerConfig': Requested bean is currently in creation: Is there an unresolvable circular reference?

what is the recommended way to deal with what seems to be a circular reference between Spring Security and org.springdoc.ui.SwaggerConfig ?

CodePudding user response:

The problem's caused by org.springdoc.ui.SwaggerConfig. It has been fixed by these changes which are available in springdocs-openapi 1.5.13.

  • Related