Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adding a new securityFilterChain using java config in an xml configured application doesn't work #16547

Open
hellokkiyer opened this issue Feb 6, 2025 · 1 comment
Open

Adding a new securityFilterChain using java config in an xml configured application doesn't work #16547

hellokkiyer opened this issue Feb 6, 2025 · 1 comment
Labels
status: waiting-for-triage An issue we've not yet triaged type: bug A general bug

Comments

@hellokkiyer
Copy link

We have a Spring MVC application based on spring 5.x, also uses spring-security 5.x. The beans and the security filter chains along with patterns are configured by XML.

We are migrating to Spring 6 and intend to use spring-authorization-server for OAuth2 which only supports Java based configuration for configuring the authorization server securityFilterChain.

But when I add the new Java based config, it doesn't get picked neither the beans are created. I have to explicitly include it as a bean in xml config file to get it picked. But as soon as I do that, seems like it creates 2 securityFilterChain object and other bean creation are messed up.

I referred this issue and tried to implement what was suggested in the solution but I get an error :

Caused by: org.springframework.security.config.annotation.AlreadyBuiltException: This object has already been built
		at org.springframework.security.config.annotation.AbstractSecurityBuilder.build(AbstractSecurityBuilder.java:41)
		at org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration.springSecurityFilterChain(WebSecurityConfiguration.java:121)
		at com.test.abc.security.oauth2.config.AggregateSpringSecurityConfiguration.aggregateSpringSecurityFilterChain(AggregateSpringSecurityConfiguration.java:22)
		at com.test.abc.security.oauth2.config.AggregateSpringSecurityConfiguration$$SpringCGLIB$$0.CGLIB$aggregateSpringSecurityFilterChain$0(<generated>)
		at com.test.abc.security.oauth2.config.AggregateSpringSecurityConfiguration$$SpringCGLIB$$FastClass$$1.invoke(<generated>)
		at org.springframework.cglib.proxy.MethodProxy.invokeSuper(MethodProxy.java:258)
		at org.springframework.context.annotation.ConfigurationClassEnhancer$BeanMethodInterceptor.intercept(ConfigurationClassEnhancer.java:348)
		at com.test.abc.security.oauth2.config.AggregateSpringSecurityConfiguration$$SpringCGLIB$$0.aggregateSpringSecurityFilterChain(<generated>)
		at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
		at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
		at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
		at java.base/java.lang.reflect.Method.invoke(Method.java:569)
		at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:146)

Is there an efficient way where I can include Java based security configuration into xml based configuration.
@hellokkiyer hellokkiyer added status: waiting-for-triage An issue we've not yet triaged type: bug A general bug labels Feb 6, 2025
@hellokkiyer
Copy link
Author

Not sure, if it is a common usecase. But, there should be an option to integrate XML and Java based configuration together like Spring does allow configuring Beans in both way together

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
status: waiting-for-triage An issue we've not yet triaged type: bug A general bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@hellokkiyer