Home > database >  Spring Security: Error while upgrading the deprecated WebSecurityConfigurerAdapter in Spring Boot 2.
Spring Security: Error while upgrading the deprecated WebSecurityConfigurerAdapter in Spring Boot 2.

Time:08-19

I am trying to upgrade the spring boot version from 2.1.7.RELEASE to 2.7.2. After the version change I see the WebSecurityConfigurerAdapter is deprecated. The current configuration looks like this.

@EnableOAuth2Sso
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfigure extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.antMatcher("/**").authorizeRequests()
        .antMatchers(HttpMethod.POST, "**/api/**").permitAll()
        .antMatchers(HttpMethod.GET, "**/api/**").permitAll()
        .anyRequest().authenticated().and()
        .csrf().disable()
        .sessionManagement().maximumSessions(-1).sessionRegistry(sessionRegistry());

        http.headers().frameOptions().sameOrigin();

       TransactionSynchronizationManager.setActualTransactionActive(true);
   }
}

After following this migration guide - Spring Security without the WebSecurityConfigurerAdapter, I've modified the code as below.

@EnableOAuth2Sso
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfigure {

    @Bean
    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        http.antMatcher("/**").authorizeRequests().antMatchers(HttpMethod.POST, "**/api/**").permitAll()
            .antMatchers(HttpMethod.GET, "**/api/**").permitAll().anyRequest().authenticated().and().csrf()
            .disable().sessionManagement().maximumSessions(-1).sessionRegistry(sessionRegistry());

        http.headers().frameOptions().sameOrigin();

        TransactionSynchronizationManager.setActualTransactionActive(true);
        return http.build();
    }
}

After the change I'm getting this error while I start the application.

org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'springSecurityFilterChain' defined in class path resource [org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [javax.servlet.Filter]: Factory method 'springSecurityFilterChain' threw exception; nested exception is java.lang.IllegalStateException: Found WebSecurityConfigurerAdapter as well as SecurityFilterChain. Please select just one.

I'm using the spring security oauth2 for enabling the SSO

    <dependency>
        <groupId>org.springframework.security.oauth.boot</groupId>
        <artifactId>spring-security-oauth2-autoconfigure</artifactId>
        <version>2.0.0.RELEASE</version>
    </dependency>

I highly doubt @EnableOAuth2Sso the reason behind the error. Any help would be appreciated.

CodePudding user response:

As the exception show,because @EnableOAuth2Sso import OAuth2SsoDefaultConfiguration which it's extend WebSecurityConfigurerAdapter.you can use dsl http.oauth2Login() instead of use @EnableOAuth2Sso

Page link:https//www.codepudding.com/database/515647.html

Prev:How can I set a dynamic environment variable when building my Spring Boot app as a docker image usin
Next:is there a way to create alerts for virtual machine, storage account resources in azure log analytic
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding