Issue
I am trying to update Spring Boot application from 2.4 to 2.6.4 but I am getting following error:
The dependencies of some of the beans in the application context form a cycle:
┌─────┐ | webSecurityConfig ↑ ↓ | org.springframework.boot.autoconfigure.web.servlet.WebMvcAutoConfiguration$EnableWebMvcConfiguration.
Following is WebSecurityConfig code:
import javax.sql.DataSource;
import com.jay.liqui.jwt.JWTAuthorizationFilter;
import com.jay.liqui.jwt.JwtTokenProvider;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Lazy;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.web.servlet.config.annotation.CorsRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
import org.springframework.core.annotation.Order;
@Configuration
//@Order(1)
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private DataSource dataSource;
@Autowired
private JwtTokenProvider jwtTokenProvider;
@Bean
public static PasswordEncoder passwordEncoder(){
return new BCryptPasswordEncoder();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
//Cross-origin-resource-sharing: localhost:8080, localhost:4200(allow for it.)
http.cors().and()
.authorizeRequests()
//These are public paths
.antMatchers("/resources/**", "/error", "/api/user/**").permitAll()
//These can be reachable for just have admin role.
.antMatchers("/api/admin/**").hasRole("ADMIN")
//All remaining paths should need authentication.
.anyRequest().fullyAuthenticated()
.and()
//logout will log the user out by invalidated session.
.logout().permitAll()
.logoutRequestMatcher(new AntPathRequestMatcher("/api/user/logout", "POST"))
.and()
//login form and path
.formLogin().loginPage("/api/user/login").and()
//enable basic authentication
.httpBasic().and()
//We will handle it later.
//Cross side request forgery
.csrf().disable();
//jwt filter
http.addFilter(new JWTAuthorizationFilter(authenticationManager(),jwtTokenProvider));
}
@Autowired
public void configAuthentication(AuthenticationManagerBuilder authBuilder) throws Exception {
authBuilder.jdbcAuthentication()
.dataSource(dataSource)
.passwordEncoder(new BCryptPasswordEncoder())
.usersByUsernameQuery("select username, password, enabled from usr01 where username=?")
.authoritiesByUsernameQuery("select username, role from usr01 where username=?")
;
}
//Cross origin resource sharing.
@Bean
public WebMvcConfigurer corsConfigurer(){
return new WebMvcConfigurer() {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**").allowedOrigins("*").allowedMethods("*");
}
};
}
}
Solution
The cause of this error is Spring Boot 2.4 disable spring.main.allow-bean-definition-overriding by default and Spring Boot 2.6.4 enable
There are 2 solutions to fix it
Solution 1: You set allow-bean-definition-overriding is true in application.properties
spring.main.allow-bean-definition-overriding=true
Solution 2: You should move Bean WebMvcConfigurer to another class
Example:
@EnableWebMvc
@Configuration
public class WebConfig implements WebMvcConfigurer {
@Override
public void addResourceHandlers(ResourceHandlerRegistry registry) {
registry.addResourceHandler("/swagger-ui/**").addResourceLocations("classpath:/META-INF/resources/swagger-ui.html");
registry.addResourceHandler("/webjars/**").addResourceLocations("classpath:/META-INF/resources/webjars/");
}
@Override
public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(logInterceptor);
}
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**").allowedOrigins("*").allowedMethods("*");
}
@Bean
public InternalResourceViewResolver defaultViewResolver() {
return new InternalResourceViewResolver();
}
}
Answered By - Viettel Solutions
Answer Checked By - David Goodson (JavaFixing Volunteer)