Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bean Conflict Between webSocketAuthorizationManagerPostProcessor and objectPostProcessor in Spring Security Configuration #16299

Open
waileong opened this issue Dec 18, 2024 · 2 comments
Labels
status: waiting-for-triage An issue we've not yet triaged type: bug A general bug

Comments

@waileong
Copy link

Describe the bug
The application fails to start due to a conflict between two beans required by the declare Bean SecurityFilterChain . The method expects a single bean, but two candidates are found:

  1. webSocketAuthorizationManagerPostProcessor
    Defined in: WebSocketObservationConfiguration.class

  2. objectPostProcessor
    Defined in: ObjectPostProcessorConfiguration.class

This conflict causes Spring to throw an error during startup, indicating an inability to resolve the ambiguity.

This issue occurs in Spring Security 6.4.2.


To Reproduce

  1. Annotate a configuration class with @EnableWebSocketSecurity.
  2. Declare the following method in your configuration class:
    @Bean
    public SecurityFilterChain customSecurityFilterChain(HttpSecurity http) throws Exception {
        // Configure security filter chain here
        return http.build();
    }
    

APPLICATION FAILED TO START


Description:

Method testSecurityFilterChain in com.example.springsecurityobjectpostprocessorconflict.TestSecurityConfig required a single bean, but 2 were found:
	- webSocketAuthorizationManagerPostProcessor: defined by method 'webSocketAuthorizationManagerPostProcessor' in class path resource [org/springframework/security/config/annotation/web/socket/WebSocketObservationConfiguration.class]
	- objectPostProcessor: defined by method 'objectPostProcessor' in class path resource [org/springframework/security/config/annotation/configuration/ObjectPostProcessorConfiguration.class]
	

Expected behavior
The application should start successfully without bean injection conflicts.

Sample

A link to a GitHub repository with a minimal, reproducible sample.

@kalgon
Copy link

kalgon commented Dec 20, 2024

I have the same problem but the description is a bit different (it complains on WebSecurityConfiguration.setFilterChains()):

***************************
APPLICATION FAILED TO START
***************************

Description:

Parameter 0 of method setFilterChains in org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration required a single bean, but 2 were found:
	- objectPostProcessor: defined by method 'objectPostProcessor' in class path resource [org/springframework/security/config/annotation/configuration/ObjectPostProcessorConfiguration.class]
	- webSocketAuthorizationManagerPostProcessor: defined by method 'webSocketAuthorizationManagerPostProcessor' in class path resource [org/springframework/security/config/annotation/web/socket/WebSocketObservationConfiguration.class]

This may be due to missing parameter name information

@vitalii-crm
Copy link

Any solution for this? In version 6.4.1, these two beans were also creating but did not cause such an exception.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
status: waiting-for-triage An issue we've not yet triaged type: bug A general bug
Projects
None yet
Development

No branches or pull requests

3 participants