Issue
I am trying to upgrade the spring boot version from 2.1.7.RELEASE to 2.7.2. After the version change I see the WebSecurityConfigurerAdapter is deprecated. The current configuration looks like this.
@EnableOAuth2Sso
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfigure extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.antMatcher("/**").authorizeRequests()
.antMatchers(HttpMethod.POST, "**/api/**").permitAll()
.antMatchers(HttpMethod.GET, "**/api/**").permitAll()
.anyRequest().authenticated().and()
.csrf().disable()
.sessionManagement().maximumSessions(-1).sessionRegistry(sessionRegistry());
http.headers().frameOptions().sameOrigin();
TransactionSynchronizationManager.setActualTransactionActive(true);
}
}
After following this migration guide - Spring Security without the WebSecurityConfigurerAdapter, I've modified the code as below.
@EnableOAuth2Sso
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfigure {
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http.antMatcher("/**").authorizeRequests().antMatchers(HttpMethod.POST, "**/api/**").permitAll()
.antMatchers(HttpMethod.GET, "**/api/**").permitAll().anyRequest().authenticated().and().csrf()
.disable().sessionManagement().maximumSessions(-1).sessionRegistry(sessionRegistry());
http.headers().frameOptions().sameOrigin();
TransactionSynchronizationManager.setActualTransactionActive(true);
return http.build();
}
}
After the change I'm getting this error while I start the application.
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'springSecurityFilterChain' defined in class path resource [org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [javax.servlet.Filter]: Factory method 'springSecurityFilterChain' threw exception; nested exception is java.lang.IllegalStateException: Found WebSecurityConfigurerAdapter as well as SecurityFilterChain. Please select just one.
I'm using the spring security oauth2 for enabling the SSO
<dependency>
<groupId>org.springframework.security.oauth.boot</groupId>
<artifactId>spring-security-oauth2-autoconfigure</artifactId>
<version>2.0.0.RELEASE</version>
</dependency>
I highly doubt @EnableOAuth2Sso
the reason behind the error. Any help would be appreciated.
Solution
As the exception show,because @EnableOAuth2Sso
import OAuth2SsoDefaultConfiguration
which it's extend WebSecurityConfigurerAdapter
.you can use dsl http.oauth2Login()
instead of use @EnableOAuth2Sso
Answered By - DingHao
Answer Checked By - Katrina (JavaFixing Volunteer)