1

I tried to test Spring WebFlux with traditional Web Security(@EnableWebSecurity). I used the Tomcat intead of Netty. I got the follow error message.

*************************** APPLICATION FAILED TO START


Description:

The bean 'springSecurityFilterChain', defined in class path resource [org/springframework/boot/actuate/autoconfigure/security/reactive/ReactiveManagementWebSecurityAutoConfiguration.class], could not be registered. A bean with that name has already been defined in class path resource [org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.class] and overriding is disabled.

Action:

Consider renaming one of the beans or enabling overriding by setting spring.main.allow-bean-definition-overriding=true

And I add spring.main.allow-bean-definition-overriding=true into application.properties. It works. But it generate new password. I am sure It didn't read my Custom SecurityConfig Adapter Class.

I would like to know that Why do I need this properties value?

And why didn't load my Adapter class after add the properties?

here is my SecurityConfig Adapter Class.

@Configuration
//@EnableWebFluxSecurity
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

@Override
    protected void configure(AuthenticationManagerBuilder auth)
        throws Exception {
PasswordEncoder encoder = PasswordEncoderFactories.createDelegatingPasswordEncoder();
        auth
        .inMemoryAuthentication()
          .withUser("user")
            .password(encoder.encode("user"))
            .authorities("ROLE_USER")
          .and()
          .withUser("woody")
            .password(encoder.encode("bullseye"))
            .authorities("ROLE_ADMIN");
    }

@Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
          .antMatchers("/hello")
          .authenticated()
          .antMatchers("/**")
          .permitAll()
          .and()
          .httpBasic();
    }

}

pom.xml

       <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-webflux</artifactId>
            <exclusions>
                <exclusion>
                    <groupId>org.springframework.boot</groupId>
                    <artifactId>spring-boot-starter-reactor-netty</artifactId>
                </exclusion>
            </exclusions>
        </dependency>
        <dependency>
            <groupId>io.projectreactor</groupId>
            <artifactId>reactor-test</artifactId>
            <scope>test</scope>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-security</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-tomcat</artifactId>
            <!--<scope>provided</scope>-->
        </dependency>
user1156041
  • 2,155
  • 5
  • 24
  • 54
  • What is your pom.xml looks like? And the class which does @SpringBootApplication? – Ian Lim Dec 19 '18 at 08:56
  • Yes, I used `@SpringBootApplication`. – user1156041 Dec 19 '18 at 09:02
  • 2
    You need the reactive version of the Spring Security stuff the regular stuff won't work. Even if it would configure it wouldn't secure anything after the filter execution as all of that is based on a `ThreadLocal` and that simply doesn't work in a Reactive environment. – M. Deinum Dec 19 '18 at 18:48

0 Answers0