Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix conflicting bean names between @EnableWebSecurity and @EnableWebSocketSecurity #16011

Closed
zyro23 opened this issue Oct 30, 2024 · 6 comments · Fixed by #16113
Closed

Fix conflicting bean names between @EnableWebSecurity and @EnableWebSocketSecurity #16011

zyro23 opened this issue Oct 30, 2024 · 6 comments · Fixed by #16113
Assignees
@jzheaux
Labels
in: config An issue in spring-security-config status: duplicate A duplicate of another issue type: bug A general bug

Comments

@zyro23
Copy link

zyro23 commented Oct 30, 2024

Describe the bug

***************************
APPLICATION FAILED TO START
***************************

Description:

The bean 'webAuthorizationManagerPostProcessor', defined in class path resource [org/springframework/security/config/annotation/web/configuration/ObservationConfiguration.class], could not be registered. A bean with that name has already been defined in class path resource [org/springframework/security/config/annotation/web/socket/WebSocketObservationConfiguration.class] and overriding is disabled.

Action:

Consider renaming one of the beans or enabling overriding by setting spring.main.allow-bean-definition-overriding=true

the naming conflict is between:

To Reproduce

  • create an empty boot-3.4.0-RC1 app with spring-web, spring-security, spring-websocket
  • add spring-security-messaging as dependency
  • add @EnableWebSocketSecurity

Expected behavior

app starts

Sample

sample app will be referenced asap, thank you!
@zyro23 zyro23 added status: waiting-for-triage An issue we've not yet triaged type: bug A general bug labels Oct 30, 2024
zyro23 added a commit to zyro23/spring-security-16011 that referenced this issue Oct 30, 2024
@zyro23
reproduce spring-projects/spring-security#16011
3ff50e4 
add spring-security-messaging, @EnableWebSocketSecurity
@ngocnhan-tran1996
Copy link
Contributor

@zyro23

I add @EnableWebSocket to file *Application.java and app starts

@zyro23
Copy link
Author

zyro23 commented Oct 30, 2024

hmm.. just added @EnableWebSocket to DemoApplication from the sample app but still getting the same error?

(gradle-) cleaned the project, re-ran multiple times.

diff 
Index: src/main/java/com/example/demo/DemoApplication.java
<+>UTF-8
===================================================================
diff --git a/src/main/java/com/example/demo/DemoApplication.java b/src/main/java/com/example/demo/DemoApplication.java
--- a/src/main/java/com/example/demo/DemoApplication.java	(revision 3ff50e46fc8852dc867b458892b65cb98b01f9a5)
+++ b/src/main/java/com/example/demo/DemoApplication.java	(date 1730308768835)
@@ -3,7 +3,9 @@
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.security.config.annotation.web.socket.EnableWebSocketSecurity;
+import org.springframework.web.socket.config.annotation.EnableWebSocket;
 
+@EnableWebSocket
 @EnableWebSocketSecurity
 @SpringBootApplication
 public class DemoApplication {
console out (same failure) 
2024-10-30T18:19:58.219+01:00 ERROR 15800 --- [demo] [           main] o.s.b.d.LoggingFailureAnalysisReporter   : 

***************************
APPLICATION FAILED TO START
***************************

Description:

The bean 'webAuthorizationManagerPostProcessor', defined in class path resource [org/springframework/security/config/annotation/web/configuration/ObservationConfiguration.class], could not be registered. A bean with that name has already been defined in class path resource [org/springframework/security/config/annotation/web/socket/WebSocketObservationConfiguration.class] and overriding is disabled.

Action:

Consider renaming one of the beans or enabling overriding by setting spring.main.allow-bean-definition-overriding=true

4 actionable tasks: 4 executed

FAILURE: Build failed with an exception.

to make sure this is not a "runs-on-my-machine" kinda issue:

@ngocnhan-tran1996
Copy link
Contributor

@zyro23

My bad, I work with wrong version, I confirm this version throws error

@kalgon
Copy link

kalgon commented Nov 16, 2024

Can this issue be investigated before the releases of spring-security 6.4.0 and spring-boot 3.4.0 scheduled for next week? This problem breaks applications using both web and web sockets stacks.

@ngocnhan-tran1996 ngocnhan-tran1996 mentioned this issue Nov 17, 2024
Merged
@jzheaux jzheaux added in: config An issue in spring-security-config and removed status: waiting-for-triage An issue we've not yet triaged labels Nov 20, 2024
@jzheaux jzheaux mentioned this issue Nov 20, 2024
Open
@jzheaux
Copy link
Contributor

jzheaux commented Nov 20, 2024
edited
Loading

@kalgon, I'm sorry that this didn't get it before the 6.4 release. The fix will go out in the 6.4.1 release. I'll consult with the team to see if we can get it moved up.

In the meantime, are you able to set spring.main.allow-bean-definition-overriding to true?

If not, while not ideal, you can remove @EnableWebSocketSecurity, copy MessageMatcherAuthorizationManagerConfiguration and WebSocketMessageBrokerSecurityConfiguration into your project, and import them directly.

I've added spring-projects/spring-security-samples#338 to catch things like this in the future.

@jzheaux jzheaux changed the title 6.4.0-RC1 - BeanDefinitionOverrideException: Invalid bean definition with name 'webAuthorizationManagerPostProcessor' Fix conflicting bean names between @EnableWebSecurity and @EnableWebSocketSecurity Nov 20, 2024
@jzheaux jzheaux added this to the 6.4.1 milestone Nov 20, 2024
@jzheaux jzheaux added the status: duplicate A duplicate of another issue label Nov 20, 2024
jzheaux added a commit to ngocnhan-tran1996/spring-security that referenced this issue Nov 20, 2024
@jzheaux
Add EnableWebSecurity + EnableWebSocketSecurity Test
f788c36 
Issue spring-projectsgh-16011
jzheaux pushed a commit to ngocnhan-tran1996/spring-security that referenced this issue Nov 20, 2024
@ngocnhan-tran1996 @jzheaux
Resolve Observation Bean Name Collisions
e57f075 
Closes spring-projectsgh-16011
jzheaux added a commit that referenced this issue Nov 20, 2024
@jzheaux
Add EnableWebSecurity + EnableWebSocketSecurity Test
91832bf 
Issue gh-16011
@jzheaux
Copy link
Contributor

jzheaux commented Nov 20, 2024

Closed in favor of #16113

@jzheaux jzheaux removed this from the 6.4.1 milestone Nov 20, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jzheaux jzheaux

Labels
in: config An issue in spring-security-config status: duplicate A duplicate of another issue type: bug A general bug
Projects
None yet
Milestone
No milestone
4 participants
@kalgon @zyro23 @jzheaux @ngocnhan-tran1996