Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Spring Security config cyclic dependency error

Tags:

dependency-injection

jwt

spring-security

I have got a working custom Spring Security Configuration, to secure certain url patterns using a JSON Web Token instead of a HTTPSession.

I order to enable method based security in opposite to url based patterns, I need to register an AuthenticationManager, which fails due to a cyclic dependency:

Caused by: org.springframework.beans.BeanInstantiationException: 
Failed to instantiate [org.springframework.security.authentication.AuthenticationManager]: 
Factory method 'authenticationManagerBean' threw exception; nested exception is org.springframework.beans.FatalBeanException: 
A dependency cycle was detected when trying to resolve the AuthenticationManager. Please ensure you have configured authentication.

My own dependency is to a filter which I need in order to configure it. Everything works fine, when I omit the registration of the AuthenticationManager:

@Configuration
@EnableWebSecurity
@Order(2)
@EnableGlobalMethodSecurity(securedEnabled = true)
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private StatelessAuthenticationFilter statelessAuthenticationFilter;

    public SpringSecurityConfig() {
        super(true);
    }

    @Override
    public void configure(WebSecurity web) throws Exception {
        ...
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                ...
                // check specific paths for specific role
                .antMatchers("/...").hasRole("...")
                ...

                // all other calls must be authenticated
                .anyRequest().authenticated().and()

                // custom filter to parse JWT token previously sent to client from header and create Authentication
                .addFilterBefore(statelessAuthenticationFilter, (Class<? extends Filter>) UsernamePasswordAuthenticationFilter.class)

                ...
    }

    // config works fine without this method, but method security needs an AuthenticationManager:
    @Override
    @Bean
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }

What am I missing?

like image 914
Journeycorner Avatar asked Oct 28 '25 15:10

Journeycorner

1 Answers

Just returning the AuthenticationManager like shown below fixed the problem:

@Override
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
    return authenticationManager();
}
like image 191
Journeycorner Avatar answered Oct 30 '25 13:10

Journeycorner
Sign in to Comment

Related questions

Spring Security 5.1 - Get Token for Client Credentials Flow with WebClient
How to use Spring Security OAuth 2 client without using it for login/authentication purposes
Spring Security JavaConfig: IllegalArgumentException: 'name' must not be null
Spring security : User class without UserRole (roles). Authentication only no authorization needed
Custom spring security filter not called at runtime
getPrincipal() method returning username instead of UserDetails

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!