Uploaded image for project: 'Keycloak'
  1. Keycloak
  2. KEYCLOAK-8725

KeycloakWebSecurityConfigurerAdapter requires bean overriding to be allowed

    Details

    • Docs QE Status:
      NEW
    • QE Status:
      NEW

      Description

      Hello,

      Spring Boot 2.1 changed the default behavior for bean overriding to not allowed as seen in here:
      https://github.com/spring-projects/spring-boot/wiki/Spring-Boot-2.1-Release-Notes#bean-overriding

      With this, the context fails to create, because the Keycloak security config tries to override the httpSessionManager bean. To make this work, the bean overriding must be enabled (using the new property, which in turn calls DefaultListableBeanFactory.setAllowBeanDefinitionOverriding()). Of course, this is easy to do, but I understand the Spring team's rationale for avoiding this if possible.

      This is a minimum working example for a bearer-only REST API. Maybe there is some error in my configuration that causes this, but it's pretty much in line with the official docs.

      @KeycloakConfiguration
      class SecurityConfig extends KeycloakWebSecurityConfigurerAdapter {
      
          @Bean
          public KeycloakConfigResolver keycloakConfigResolver() {
              return new KeycloakSpringBootConfigResolver();
          }
      
          @Override
          protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
              return new NullAuthenticatedSessionStrategy();
          }
      
          @Override
          protected void configure(AuthenticationManagerBuilder auth) {
              auth.authenticationProvider(keycloakAuthenticationProvider());
          }
      
          @Override
          protected void configure(HttpSecurity http) throws Exception {
              super.configure(http);
              http
                      .csrf().disable()
                      .sessionManagement()
                      .sessionCreationPolicy(STATELESS)
                      .and()
      
                      .authorizeRequests()
                      .antMatchers("/api/**").authenticated()
                      .anyRequest().permitAll();
          }
      }
      

      application.yml:

      Unable to find source-code formatter for language: yml. Available languages are: actionscript, ada, applescript, bash, c, c#, c++, cpp, css, erlang, go, groovy, haskell, html, java, javascript, js, json, lua, none, nyan, objc, perl, php, python, r, rainbow, ruby, scala, sh, sql, swift, visualbasic, xml, yaml
      # spring context can be started only with true
      spring.main.allow-bean-definition-overriding: false
      
      keycloak:
        auth-server-url: http://localhost:8180/auth
        realm: test-realm
        resource: test-api
        bearer-only: true
        principal-attribute: preferred_username
      

      This results in the error:

      Error starting ApplicationContext. To display the conditions report re-run your application with 'debug' enabled.
      2018-11-02 17:33:44.093 ERROR 9812 --- [           main] o.s.b.d.LoggingFailureAnalysisReporter   : 
      
      ***************************
      APPLICATION FAILED TO START
      ***************************
      
      Description:
      
      The bean 'httpSessionManager', defined in class path resource [example/SecurityConfig.class], could not be registered. A bean with that name has already been defined in URL [jar:file:/C:/Users/machart/.gradle/caches/modules-2/files-2.1/org.keycloak/keycloak-spring-security-adapter/4.4.0.Final/b394ec7197db5ebaabb498ce0e2dac115c988a68/keycloak-spring-security-adapter-4.4.0.Final.jar!/org/keycloak/adapters/springsecurity/management/HttpSessionManager.class] and overriding is disabled.
      
      Action:
      
      Consider renaming one of the beans or enabling overriding by setting spring.main.allow-bean-definition-overriding=true
      

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  sebastienblanc Sebastien Blanc
                  Reporter:
                  natix643 Jiri Machart
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  6 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: