I’ve been trying to figure out this error for days. I’ve looked at similar questions and they either don’t apply or I don’t know enough about spring-security to make them apply.
I’ve migrated to spring-boot-starter-parent 3.3.2 from 2.3.9.RELEASE to be able to do a Java 11 to 21 upgrade. I’m getting the following message on startup.
org.springframework.beans.factory.BeanCurrentlyInCreationException: Error creating bean with name 'securityConfig': Requested bean is currently in creation: Is there an unresolvable circular reference?
Any help would be greatly appreciated. I’m pretty awful with spring-security and this is all legacy code.
<code>@Configuration
@EnableWebSecurity
public class SecurityConfig {
@Autowired
Environment env;
@Autowired
public void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(preAuthenticatedAuthenticationProvider());
}
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http.authorizeHttpRequests((authz) -> authz.requestMatchers("/secure/**").authenticated());
http.authorizeHttpRequests((authz) -> authz.requestMatchers("/insecure/**", "/actuator/**").permitAll());
http.httpBasic(Customizer.withDefaults());
http.csrf(csrf -> csrf.disable());
http.sessionManagement(sess -> sess.sessionCreationPolicy(SessionCreationPolicy.STATELESS));
http.exceptionHandling(eh -> eh.authenticationEntryPoint(new FailedAuthenticationEntryPoint()));
return http.build();
}
@Bean
public WebSecurityCustomizer webSecurityCustomizer() {
return (web) -> web.ignoring().requestMatchers("/insecure/**", "/actuator/**");
}
@Bean
public AbstractPreAuthenticatedProcessingFilter preAuthFilter() throws Exception {
GetParameterAuthenticationFilter filter = new GetParameterAuthenticationFilter();
// How can I get access to this "magic" method again?
// filter.setAuthenticationManager(authenticationManager());
return filter;
}
/**
* This uses {@link AverageSpeedUserDetailsService} to turn API keys into full user objects.
*/
@Bean
public PreAuthenticatedAuthenticationProvider preAuthenticatedAuthenticationProvider() {
PreAuthenticatedAuthenticationProvider p = new PreAuthenticatedAuthenticationProvider();
p.setPreAuthenticatedUserDetailsService(new UserDetailsByNameServiceWrapper<>(avgSpeedUserDetailsService()));
return p;
}
@Bean
public AverageSpeedUserDetailsService avgSpeedUserDetailsService() {
ApiKeyAuthority aka = new ApiKeyAuthority(userDataSource());
AverageSpeedUserDetailsService service = new AverageSpeedUserDetailsService(aka);
return service;
}
@Bean
public DataSource userDataSource() {
BasicDataSource ds = new BasicDataSource();
ds.setDriverClassName(org.postgresql.Driver.class.getName());
ds.setUrl(env.getRequiredProperty("db.apikey.url"));
ds.setUsername(env.getRequiredProperty("db.apikey.user"));
ds.setPassword(env.getRequiredProperty("db.apikey.password"));
return ds;
}
}
</code>
<code>@Configuration
@EnableWebSecurity
public class SecurityConfig {
@Autowired
Environment env;
@Autowired
public void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(preAuthenticatedAuthenticationProvider());
}
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http.authorizeHttpRequests((authz) -> authz.requestMatchers("/secure/**").authenticated());
http.authorizeHttpRequests((authz) -> authz.requestMatchers("/insecure/**", "/actuator/**").permitAll());
http.httpBasic(Customizer.withDefaults());
http.csrf(csrf -> csrf.disable());
http.sessionManagement(sess -> sess.sessionCreationPolicy(SessionCreationPolicy.STATELESS));
http.exceptionHandling(eh -> eh.authenticationEntryPoint(new FailedAuthenticationEntryPoint()));
return http.build();
}
@Bean
public WebSecurityCustomizer webSecurityCustomizer() {
return (web) -> web.ignoring().requestMatchers("/insecure/**", "/actuator/**");
}
@Bean
public AbstractPreAuthenticatedProcessingFilter preAuthFilter() throws Exception {
GetParameterAuthenticationFilter filter = new GetParameterAuthenticationFilter();
// How can I get access to this "magic" method again?
// filter.setAuthenticationManager(authenticationManager());
return filter;
}
/**
* This uses {@link AverageSpeedUserDetailsService} to turn API keys into full user objects.
*/
@Bean
public PreAuthenticatedAuthenticationProvider preAuthenticatedAuthenticationProvider() {
PreAuthenticatedAuthenticationProvider p = new PreAuthenticatedAuthenticationProvider();
p.setPreAuthenticatedUserDetailsService(new UserDetailsByNameServiceWrapper<>(avgSpeedUserDetailsService()));
return p;
}
@Bean
public AverageSpeedUserDetailsService avgSpeedUserDetailsService() {
ApiKeyAuthority aka = new ApiKeyAuthority(userDataSource());
AverageSpeedUserDetailsService service = new AverageSpeedUserDetailsService(aka);
return service;
}
@Bean
public DataSource userDataSource() {
BasicDataSource ds = new BasicDataSource();
ds.setDriverClassName(org.postgresql.Driver.class.getName());
ds.setUrl(env.getRequiredProperty("db.apikey.url"));
ds.setUsername(env.getRequiredProperty("db.apikey.user"));
ds.setPassword(env.getRequiredProperty("db.apikey.password"));
return ds;
}
}
</code>
@Configuration
@EnableWebSecurity
public class SecurityConfig {
@Autowired
Environment env;
@Autowired
public void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(preAuthenticatedAuthenticationProvider());
}
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http.authorizeHttpRequests((authz) -> authz.requestMatchers("/secure/**").authenticated());
http.authorizeHttpRequests((authz) -> authz.requestMatchers("/insecure/**", "/actuator/**").permitAll());
http.httpBasic(Customizer.withDefaults());
http.csrf(csrf -> csrf.disable());
http.sessionManagement(sess -> sess.sessionCreationPolicy(SessionCreationPolicy.STATELESS));
http.exceptionHandling(eh -> eh.authenticationEntryPoint(new FailedAuthenticationEntryPoint()));
return http.build();
}
@Bean
public WebSecurityCustomizer webSecurityCustomizer() {
return (web) -> web.ignoring().requestMatchers("/insecure/**", "/actuator/**");
}
@Bean
public AbstractPreAuthenticatedProcessingFilter preAuthFilter() throws Exception {
GetParameterAuthenticationFilter filter = new GetParameterAuthenticationFilter();
// How can I get access to this "magic" method again?
// filter.setAuthenticationManager(authenticationManager());
return filter;
}
/**
* This uses {@link AverageSpeedUserDetailsService} to turn API keys into full user objects.
*/
@Bean
public PreAuthenticatedAuthenticationProvider preAuthenticatedAuthenticationProvider() {
PreAuthenticatedAuthenticationProvider p = new PreAuthenticatedAuthenticationProvider();
p.setPreAuthenticatedUserDetailsService(new UserDetailsByNameServiceWrapper<>(avgSpeedUserDetailsService()));
return p;
}
@Bean
public AverageSpeedUserDetailsService avgSpeedUserDetailsService() {
ApiKeyAuthority aka = new ApiKeyAuthority(userDataSource());
AverageSpeedUserDetailsService service = new AverageSpeedUserDetailsService(aka);
return service;
}
@Bean
public DataSource userDataSource() {
BasicDataSource ds = new BasicDataSource();
ds.setDriverClassName(org.postgresql.Driver.class.getName());
ds.setUrl(env.getRequiredProperty("db.apikey.url"));
ds.setUsername(env.getRequiredProperty("db.apikey.user"));
ds.setPassword(env.getRequiredProperty("db.apikey.password"));
return ds;
}
}