Order on WebSecurityConfigurers must be unique

Question

I am trying to configure Spring Security with DB Authentication for my Rest Service. But i am getting the following error.

> org.springframework.beans.factory.BeanCreationException: Error
> creating bean with name
> 'org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration':
> Injection of autowired dependencies failed; nested exception is
> java.lang.IllegalStateException: @Order on WebSecurityConfigurers must
> be unique. Order of 2147483640 was already used, so it cannot be used
> on com.be.api.rest.config.ApplicationSecurity@1d0e7bad too.   at
> org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor.postProcessPropertyValues(AutowiredAnnotationBeanPostProcessor.java:334)
> ~[spring-beans-4.2.6.RELEASE.jar:4.2.6.RELEASE]   at
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1214)
> ~[spring-beans-4.2.6.RELEASE.jar:4.2.6.RELEASE]   at
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:543)
> ~[spring-beans-4.2.6.RELEASE.jar:4.2.6.RELEASE]   at
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:482)
> ~[spring-beans-4.2.6.RELEASE.jar:4.2.6.RELEASE]   at
> org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:306)
> ~[spring-beans-4.2.6.RELEASE.jar:4.2.6.RELEASE]   at
> org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
> ~[spring-beans-4.2.6.RELEASE.jar:4.2.6.RELEASE]   at
> org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:302)
> ~[spring-beans-4.2.6.RELEASE.jar:4.2.6.RELEASE]   at
> org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:197)
> ~[spring-beans-4.2.6.RELEASE.jar:4.2.6.RELEASE]   at
> org.springframework.beans.factory.support.ConstructorResolver.instantiateUsingFactoryMethod(ConstructorResolver.java:368)
> ~[spring-beans-4.2.6.RELEASE.jar:4.2.6.RELEASE]   at
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.instantiateUsingFactoryMethod(AbstractAutowireCapableBeanFactory.java:1123)
> ~[spring-beans-4.2.6.RELEASE.jar:4.2.6.RELEASE]   at
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1018)
> ~[spring-beans-4.2.6.RELEASE.jar:4.2.6.RELEASE]   at
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:510)
> ~[spring-beans-4.2.6.RELEASE.jar:4.2.6.RELEASE]   at
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:482)
> ~[spring-beans-4.2.6.RELEASE.jar:4.2.6.RELEASE]   at
> org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:306)
> ~[spring-beans-4.2.6.RELEASE.jar:4.2.6.RELEASE]   at
> org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
> ~[spring-beans-4.2.6.RELEASE.jar:4.2.6.RELEASE]   at
> org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:302)
> ~[spring-beans-4.2.6.RELEASE.jar:4.2.6.RELEASE]   at
> org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:202)
> ~[spring-beans-4.2.6.RELEASE.jar:4.2.6.RELEASE]   at
> org.springframework.context.support.AbstractApplicationContext.getBean(AbstractApplicationContext.java:1060)
> ~[spring-context-4.2.6.RELEASE.jar:4.2.6.RELEASE]     at
> org.springframework.web.filter.DelegatingFilterProxy.initDelegate(DelegatingFilterProxy.java:326)
> ~[spring-web-4.2.6.RELEASE.jar:4.2.6.RELEASE]     at
> org.springframework.web.filter.DelegatingFilterProxy.initFilterBean(DelegatingFilterProxy.java:235)
> ~[spring-web-4.2.6.RELEASE.jar:4.2.6.RELEASE]     at
> org.springframework.web.filter.GenericFilterBean.init(GenericFilterBean.java:199)
> ~[spring-web-4.2.6.RELEASE.jar:4.2.6.RELEASE]     at
> org.apache.catalina.core.ApplicationFilterConfig.initFilter(ApplicationFilterConfig.java:279)
> ~[tomcat-embed-core-8.0.33.jar:8.0.33]    at
> org.apache.catalina.core.ApplicationFilterConfig.<init>(ApplicationFilterConfig.java:109)
> ~[tomcat-embed-core-8.0.33.jar:8.0.33]    at
> org.apache.catalina.core.StandardContext.filterStart(StandardContext.java:4658)
> [tomcat-embed-core-8.0.33.jar:8.0.33]     at
> org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5277)
> [tomcat-embed-core-8.0.33.jar:8.0.33]     at
> org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:147)
> [tomcat-embed-core-8.0.33.jar:8.0.33]     at
> org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1408)
> [tomcat-embed-core-8.0.33.jar:8.0.33]     at
> org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1398)
> [tomcat-embed-core-8.0.33.jar:8.0.33]     at
> java.util.concurrent.FutureTask.run(Unknown Source) [na:1.8.0_60]     at
> java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
> [na:1.8.0_60]     at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
> [na:1.8.0_60]     at java.lang.Thread.run(Unknown Source) [na:1.8.0_60]
> Caused by: java.lang.IllegalStateException: @Order on
> WebSecurityConfigurers must be unique. Order of 2147483640 was already
> used, so it cannot be used on
> com.be.api.rest.config.ApplicationSecurity@1d0e7bad too.  at
> org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration.setFilterChainProxySecurityConfigurer(WebSecurityConfiguration.java:148)
> ~[spring-security-config-4.0.4.RELEASE.jar:4.0.4.RELEASE]     at
> sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> ~[na:1.8.0_60]    at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown
> Source) ~[na:1.8.0_60]    at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
> ~[na:1.8.0_60]    at java.lang.reflect.Method.invoke(Unknown Source)
> ~[na:1.8.0_60]    at
> org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredMethodElement.inject(AutowiredAnnotationBeanPostProcessor.java:654)
> ~[spring-beans-4.2.6.RELEASE.jar:4.2.6.RELEASE]   at
> org.springframework.beans.factory.annotation.InjectionMetadata.inject(InjectionMetadata.java:88)
> ~[spring-beans-4.2.6.RELEASE.jar:4.2.6.RELEASE]   at
> org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor.postProcessPropertyValues(AutowiredAnnotationBeanPostProcessor.java:331)
> ~[spring-beans-4.2.6.RELEASE.jar:4.2.6.RELEASE]   ... 31 common frames
> omitted

I have checked several posts and tried multiple approaches and still was not able get this resolved.

My Security Config Class

@Configuration
@Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)
public class ApplicationSecurity extends WebSecurityConfigurerAdapter {

    @Autowired
    private RESTAuthenticationEntryPoint authenticationEntryPoint;
    @Autowired
    private RESTAuthenticationFailureHandler authenticationFailureHandler;
    @Autowired
    private RESTAuthenticationSuccessHandler authenticationSuccessHandler;
    @Autowired
    private DaoAuthenticationProvider authenticationProvider;
    @Autowired
    @Qualifier("customUserDetailsService")
    private UserDetailsService userDetailsService;


    @Override
    public void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailsService);
        auth.authenticationProvider(authenticationProvider);
    }



    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests().antMatchers("/rest/**").authenticated();
        http.exceptionHandling().authenticationEntryPoint(authenticationEntryPoint);
        http.formLogin().successHandler(authenticationSuccessHandler);
        http.formLogin().failureHandler(authenticationFailureHandler);
        http.logout().logoutSuccessUrl("/");
        // CSRF tokens handling
        http.addFilterAfter(new CsrfTokenResponseHeaderBindingFilter(), CsrfFilter.class);
    }
}

I have tried removing @Order annotation, Adding @EnableWebSecurity, @EnableWebMvcSecurity. But none of them worked.

Any suggestions?

The whole source code is available at : https://github.com/tpulimoottil/bep

Any help is really appreciated. I am kind of stuck here.