Home > Net >  Circular Dependency in my SecurityConfig with Spring Boot
Circular Dependency in my SecurityConfig with Spring Boot

Time:12-16

I tried to create a simple login module with Spring Boot and Spring Boot Security.

One of the updates happens in creating SecurityConfig is some of classes like WebSecurityConfigurerAdapter is now deprecated so I try the following code to make a SecurityConfig but unfortunately, I caught in a circular dependency.

Actually, I used Lombok to minimize the used of @Autowired in every field injection.

I tried the following approach:

  1. I create another class for PasswordEncoder to avoid circular dependency if I used Password Encoder in the other parts of the Application.

Error Message.


Description:

The dependencies of some of the beans in the application context form a cycle:

┌──->──┐
|  securityConfig defined in file [C:\Users\jgeronimo\Documents\jp_geronimo\sample_projects\spring-security-tutorial\target\classes\com\workshop\application\config\SecurityConfig.class]
└──<-──┘


Action:

Despite circular references being allowed, the dependency cycle between beans could not be broken. Update your application to remove the dependency cycle.

SecurityConfig.java

@Configuration
@EnableWebSecurity
@RequiredArgsConstructor
public class SecurityConfig {

    private final JwtAuthFilter jwtAuthFilter;

    private final JwtUserDetailsService userDetailsService;

    private final PasswordEncoder passwordEncoder;

    private final JwtAuthenticate jwtAuthenticate;

    public void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.authenticationProvider(authenticationProvider());
    }

    @Bean
    public JwtAuthenticate jwtAuthenticationEntryPointBean() throws Exception{
        return new JwtAuthenticate();
    }

    @Bean
    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        http
                .cors().and().csrf().disable()
                .authorizeHttpRequests()
                .requestMatchers("/**/auth/**")
                .permitAll()
                .anyRequest()
                .authenticated()
                .and()
                .exceptionHandling().authenticationEntryPoint(jwtAuthenticate).and()
                .sessionManagement()
                .sessionCreationPolicy(SessionCreationPolicy.STATELESS);

        http.addFilterBefore(jwtAuthFilter, UsernamePasswordAuthenticationFilter.class);
        return http.build();
    }

    @Bean
    public AuthenticationProvider authenticationProvider() {
        final DaoAuthenticationProvider daoAuthenticationProvider = new DaoAuthenticationProvider();
        daoAuthenticationProvider.setUserDetailsService(userDetailsService);
        daoAuthenticationProvider.setPasswordEncoder(passwordEncoder);
        return daoAuthenticationProvider;
    }

    @Bean
    public AuthenticationManager authenticationManager(
            AuthenticationConfiguration authenticationConfiguration) throws Exception {
        return authenticationConfiguration.getAuthenticationManager();
    }

Encoder.config

@Configuration
public class EncoderConfig {

    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }
}

CodePudding user response:

The field JwtAuthenticate jwtAuthenticate is redundant - remove it.

And while constructing the SecurityFilterChain refer to the method producing JwtAuthenticate Bean:

.exceptionHandling().authenticationEntryPoint(jwtAuthenticationEntryPointBean())

Page link:https//www.codepudding.com/net/644598.html

Prev:Use @RequestBody to map JSON to a class with @Builder
Next:How to send Spring Bean serialized as the body of a REST call using Web Client in a Java Spring boot
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding