Unable to use Keycloak in Spring Boot 2.1 due to duplicated Bean Registration httpSessionManager
I want to secure my Spring Boot 2.1 app with Keycloak 4.5.
Currently I cannot start the application due to the following error:
Exception encountered during context initialization - cancelling refresh attempt:
org.springframework.beans.factory.support.BeanDefinitionOverrideException:
Invalid bean definition with name 'httpSessionManager' defined in class path resource [dummy/service/SecurityConfig.class]:
Cannot register bean definition [Root bean: class [null]; scope=; abstract=false; lazyInit=false; autowireMode=3; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=securityConfig; factoryMethodName=httpSessionManager; initMethodName=null; destroyMethodName=(inferred); defined in class path resource [dummy/SecurityConfig.class]] for bean 'httpSessionManager':
There is already [Generic bean: class [org.keycloak.adapters.springsecurity.management.HttpSessionManager]; scope=singleton; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null; defined in URL [jar:file:/.m2/repository/org/keycloak/keycloak-spring-security-adapter/4.5.0.Final/keycloak-spring-security-adapter-4.5.0.Final.jar!/org/keycloak/adapters/springsecurity/management/HttpSessionManager.class]] bound.
My class SecurityConfig (see below) extends from KeycloakWebSecurityConfigurerAdapter. This adapter already defines the bean httpSessionManager.
I understand why this is a problem. Question is, how can I prevent this or fix my conflict?
The Steps I have done so far:
- Built my pom (see below) using:
- spring-boot-starter-web
- spring-boot-starter-security
- keycloak-spring-boot-starter
- keycloak-adapter-bom in dependencyManagement
- Defined an own SecurityConfig extending KeycloakWebSecurityConfigurerAdapter
pom.xml
...
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.1.0.RELEASE</version>
</parent>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
<java.version>11</java.version>
<maven.compiler.source>$java.version</maven.compiler.source>
<maven.compiler.target>$java.version</maven.compiler.target>
<keycloak.version>4.5.0.Final</keycloak.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-spring-boot-starter</artifactId>
</dependency>
</dependencies>
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.keycloak.bom</groupId>
<artifactId>keycloak-adapter-bom</artifactId>
<version>$keycloak.version</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>
...
SecurityConfig.java
@KeycloakConfiguration
@EnableGlobalMethodSecurity(prePostEnabled = true)
@Import(KeycloakWebSecurityConfigurerAdapter.class)
class SecurityConfig extends KeycloakWebSecurityConfigurerAdapter
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth)
KeycloakAuthenticationProvider keycloakAuthenticationProvider = keycloakAuthenticationProvider();
keycloakAuthenticationProvider.setGrantedAuthoritiesMapper(new SimpleAuthorityMapper());
auth.authenticationProvider(keycloakAuthenticationProvider);
@Bean
@Override
protected SessionAuthenticationStrategy sessionAuthenticationStrategy()
return new RegisterSessionAuthenticationStrategy(new SessionRegistryImpl());
@Bean
public KeycloakConfigResolver keycloakConfigResolver()
return new KeycloakSpringBootConfigResolver();
@Override
protected void configure(HttpSecurity http) throws Exception
super.configure(http);
http.csrf().ignoringAntMatchers("/**/*");
http.authorizeRequests()
.anyRequest().permitAll();
Update
There is a known issue (KEYCLOAK-8725). The fix is planned for 5.x of Keycloak. However, there was a workaround in the comments. Just replace the annotation @KeyCloakConfiguration with:
@Configuration
@ComponentScan(
basePackageClasses = KeycloakSecurityComponents.class,
excludeFilters = @ComponentScan.Filter(type = FilterType.REGEX, pattern = "org.keycloak.adapters.springsecurity.management.HttpSessionManager"))
@EnableWebSecurity
spring-boot spring-security keycloak
asked Nov 15 '18 at 11:08
Tobias Bertram-KöhlerTobias Bertram-Köhler
735
add a comment |
I want to secure my Spring Boot 2.1 app with Keycloak 4.5.
Currently I cannot start the application due to the following error:
Exception encountered during context initialization - cancelling refresh attempt:
org.springframework.beans.factory.support.BeanDefinitionOverrideException:
Invalid bean definition with name 'httpSessionManager' defined in class path resource [dummy/service/SecurityConfig.class]:
Cannot register bean definition [Root bean: class [null]; scope=; abstract=false; lazyInit=false; autowireMode=3; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=securityConfig; factoryMethodName=httpSessionManager; initMethodName=null; destroyMethodName=(inferred); defined in class path resource [dummy/SecurityConfig.class]] for bean 'httpSessionManager':
There is already [Generic bean: class [org.keycloak.adapters.springsecurity.management.HttpSessionManager]; scope=singleton; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null; defined in URL [jar:file:/.m2/repository/org/keycloak/keycloak-spring-security-adapter/4.5.0.Final/keycloak-spring-security-adapter-4.5.0.Final.jar!/org/keycloak/adapters/springsecurity/management/HttpSessionManager.class]] bound.
My class SecurityConfig (see below) extends from KeycloakWebSecurityConfigurerAdapter. This adapter already defines the bean httpSessionManager.
I understand why this is a problem. Question is, how can I prevent this or fix my conflict?
The Steps I have done so far:
- Built my pom (see below) using:
- spring-boot-starter-web
- spring-boot-starter-security
- keycloak-spring-boot-starter
- keycloak-adapter-bom in dependencyManagement
- Defined an own SecurityConfig extending KeycloakWebSecurityConfigurerAdapter
pom.xml
...
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.1.0.RELEASE</version>
</parent>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
<java.version>11</java.version>
<maven.compiler.source>$java.version</maven.compiler.source>
<maven.compiler.target>$java.version</maven.compiler.target>
<keycloak.version>4.5.0.Final</keycloak.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-spring-boot-starter</artifactId>
</dependency>
</dependencies>
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.keycloak.bom</groupId>
<artifactId>keycloak-adapter-bom</artifactId>
<version>$keycloak.version</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>
...
SecurityConfig.java
@KeycloakConfiguration
@EnableGlobalMethodSecurity(prePostEnabled = true)
@Import(KeycloakWebSecurityConfigurerAdapter.class)
class SecurityConfig extends KeycloakWebSecurityConfigurerAdapter
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth)
KeycloakAuthenticationProvider keycloakAuthenticationProvider = keycloakAuthenticationProvider();
keycloakAuthenticationProvider.setGrantedAuthoritiesMapper(new SimpleAuthorityMapper());
auth.authenticationProvider(keycloakAuthenticationProvider);
@Bean
@Override
protected SessionAuthenticationStrategy sessionAuthenticationStrategy()
return new RegisterSessionAuthenticationStrategy(new SessionRegistryImpl());
@Bean
public KeycloakConfigResolver keycloakConfigResolver()
return new KeycloakSpringBootConfigResolver();
@Override
protected void configure(HttpSecurity http) throws Exception
super.configure(http);
http.csrf().ignoringAntMatchers("/**/*");
http.authorizeRequests()
.anyRequest().permitAll();
Update
There is a known issue (KEYCLOAK-8725). The fix is planned for 5.x of Keycloak. However, there was a workaround in the comments. Just replace the annotation @KeyCloakConfiguration with:
@Configuration
@ComponentScan(
basePackageClasses = KeycloakSecurityComponents.class,
excludeFilters = @ComponentScan.Filter(type = FilterType.REGEX, pattern = "org.keycloak.adapters.springsecurity.management.HttpSessionManager"))
@EnableWebSecurity
spring-boot spring-security keycloak
asked Nov 15 '18 at 11:08
Tobias Bertram-KöhlerTobias Bertram-Köhler
735
add a comment |
I want to secure my Spring Boot 2.1 app with Keycloak 4.5.
Currently I cannot start the application due to the following error:
Exception encountered during context initialization - cancelling refresh attempt:
org.springframework.beans.factory.support.BeanDefinitionOverrideException:
Invalid bean definition with name 'httpSessionManager' defined in class path resource [dummy/service/SecurityConfig.class]:
Cannot register bean definition [Root bean: class [null]; scope=; abstract=false; lazyInit=false; autowireMode=3; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=securityConfig; factoryMethodName=httpSessionManager; initMethodName=null; destroyMethodName=(inferred); defined in class path resource [dummy/SecurityConfig.class]] for bean 'httpSessionManager':
There is already [Generic bean: class [org.keycloak.adapters.springsecurity.management.HttpSessionManager]; scope=singleton; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null; defined in URL [jar:file:/.m2/repository/org/keycloak/keycloak-spring-security-adapter/4.5.0.Final/keycloak-spring-security-adapter-4.5.0.Final.jar!/org/keycloak/adapters/springsecurity/management/HttpSessionManager.class]] bound.
My class SecurityConfig (see below) extends from KeycloakWebSecurityConfigurerAdapter. This adapter already defines the bean httpSessionManager.
I understand why this is a problem. Question is, how can I prevent this or fix my conflict?
The Steps I have done so far:
- Built my pom (see below) using:
- spring-boot-starter-web
- spring-boot-starter-security
- keycloak-spring-boot-starter
- keycloak-adapter-bom in dependencyManagement
- Defined an own SecurityConfig extending KeycloakWebSecurityConfigurerAdapter
pom.xml
...
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.1.0.RELEASE</version>
</parent>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
<java.version>11</java.version>
<maven.compiler.source>$java.version</maven.compiler.source>
<maven.compiler.target>$java.version</maven.compiler.target>
<keycloak.version>4.5.0.Final</keycloak.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-spring-boot-starter</artifactId>
</dependency>
</dependencies>
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.keycloak.bom</groupId>
<artifactId>keycloak-adapter-bom</artifactId>
<version>$keycloak.version</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>
...
SecurityConfig.java
@KeycloakConfiguration
@EnableGlobalMethodSecurity(prePostEnabled = true)
@Import(KeycloakWebSecurityConfigurerAdapter.class)
class SecurityConfig extends KeycloakWebSecurityConfigurerAdapter
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth)
KeycloakAuthenticationProvider keycloakAuthenticationProvider = keycloakAuthenticationProvider();
keycloakAuthenticationProvider.setGrantedAuthoritiesMapper(new SimpleAuthorityMapper());
auth.authenticationProvider(keycloakAuthenticationProvider);
@Bean
@Override
protected SessionAuthenticationStrategy sessionAuthenticationStrategy()
return new RegisterSessionAuthenticationStrategy(new SessionRegistryImpl());
@Bean
public KeycloakConfigResolver keycloakConfigResolver()
return new KeycloakSpringBootConfigResolver();
@Override
protected void configure(HttpSecurity http) throws Exception
super.configure(http);
http.csrf().ignoringAntMatchers("/**/*");
http.authorizeRequests()
.anyRequest().permitAll();
Update
There is a known issue (KEYCLOAK-8725). The fix is planned for 5.x of Keycloak. However, there was a workaround in the comments. Just replace the annotation @KeyCloakConfiguration with:
@Configuration
@ComponentScan(
basePackageClasses = KeycloakSecurityComponents.class,
excludeFilters = @ComponentScan.Filter(type = FilterType.REGEX, pattern = "org.keycloak.adapters.springsecurity.management.HttpSessionManager"))
@EnableWebSecurity
spring-boot spring-security keycloak
asked Nov 15 '18 at 11:08
Tobias Bertram-KöhlerTobias Bertram-Köhler
735
I want to secure my Spring Boot 2.1 app with Keycloak 4.5.
Currently I cannot start the application due to the following error:
Exception encountered during context initialization - cancelling refresh attempt:
org.springframework.beans.factory.support.BeanDefinitionOverrideException:
Invalid bean definition with name 'httpSessionManager' defined in class path resource [dummy/service/SecurityConfig.class]:
Cannot register bean definition [Root bean: class [null]; scope=; abstract=false; lazyInit=false; autowireMode=3; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=securityConfig; factoryMethodName=httpSessionManager; initMethodName=null; destroyMethodName=(inferred); defined in class path resource [dummy/SecurityConfig.class]] for bean 'httpSessionManager':
There is already [Generic bean: class [org.keycloak.adapters.springsecurity.management.HttpSessionManager]; scope=singleton; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null; defined in URL [jar:file:/.m2/repository/org/keycloak/keycloak-spring-security-adapter/4.5.0.Final/keycloak-spring-security-adapter-4.5.0.Final.jar!/org/keycloak/adapters/springsecurity/management/HttpSessionManager.class]] bound.
My class SecurityConfig (see below) extends from KeycloakWebSecurityConfigurerAdapter. This adapter already defines the bean httpSessionManager.
I understand why this is a problem. Question is, how can I prevent this or fix my conflict?
The Steps I have done so far:
- Built my pom (see below) using:
- spring-boot-starter-web
- spring-boot-starter-security
- keycloak-spring-boot-starter
- keycloak-adapter-bom in dependencyManagement
- Defined an own SecurityConfig extending KeycloakWebSecurityConfigurerAdapter
pom.xml
...
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.1.0.RELEASE</version>
</parent>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
<java.version>11</java.version>
<maven.compiler.source>$java.version</maven.compiler.source>
<maven.compiler.target>$java.version</maven.compiler.target>
<keycloak.version>4.5.0.Final</keycloak.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-spring-boot-starter</artifactId>
</dependency>
</dependencies>
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.keycloak.bom</groupId>
<artifactId>keycloak-adapter-bom</artifactId>
<version>$keycloak.version</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>
...
SecurityConfig.java
@KeycloakConfiguration
@EnableGlobalMethodSecurity(prePostEnabled = true)
@Import(KeycloakWebSecurityConfigurerAdapter.class)
class SecurityConfig extends KeycloakWebSecurityConfigurerAdapter
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth)
KeycloakAuthenticationProvider keycloakAuthenticationProvider = keycloakAuthenticationProvider();
keycloakAuthenticationProvider.setGrantedAuthoritiesMapper(new SimpleAuthorityMapper());
auth.authenticationProvider(keycloakAuthenticationProvider);
@Bean
@Override
protected SessionAuthenticationStrategy sessionAuthenticationStrategy()
return new RegisterSessionAuthenticationStrategy(new SessionRegistryImpl());
@Bean
public KeycloakConfigResolver keycloakConfigResolver()
return new KeycloakSpringBootConfigResolver();
@Override
protected void configure(HttpSecurity http) throws Exception
super.configure(http);
http.csrf().ignoringAntMatchers("/**/*");
http.authorizeRequests()
.anyRequest().permitAll();
Update
There is a known issue (KEYCLOAK-8725). The fix is planned for 5.x of Keycloak. However, there was a workaround in the comments. Just replace the annotation @KeyCloakConfiguration with:
@Configuration
@ComponentScan(
basePackageClasses = KeycloakSecurityComponents.class,
excludeFilters = @ComponentScan.Filter(type = FilterType.REGEX, pattern = "org.keycloak.adapters.springsecurity.management.HttpSessionManager"))
@EnableWebSecurity
spring-boot spring-security keycloak
spring-boot spring-security keycloak
asked Nov 15 '18 at 11:08
Tobias Bertram-KöhlerTobias Bertram-Köhler
735
asked Nov 15 '18 at 11:08
Tobias Bertram-KöhlerTobias Bertram-Köhler
735
edited Nov 15 '18 at 12:35
Tobias Bertram-Köhler
asked Nov 15 '18 at 11:08
Tobias Bertram-KöhlerTobias Bertram-Köhler
735
asked Nov 15 '18 at 11:08
Tobias Bertram-KöhlerTobias Bertram-Köhler
735
asked Nov 15 '18 at 11:08
Tobias Bertram-KöhlerTobias Bertram-Köhler
735
735
add a comment |
add a comment |
2 Answers
2
active
oldest
votes
It looks like there's a bug in Keycloak's Spring Security integration which means that an application that subclasses KeycloakWebSecurityConfigurerAdapter will try to create two beans named httpSessionManager. When two beans are defined with the same name, the second definition that is encountered will attempt to override the first. This overriding is prohibited by default in Spring Boot 2.1. I would recommend reporting this as a bug against Keycloak's Spring Security integration. While you are waiting for the bug to be resolved, you can work around the problem by setting spring.main.allow-bean-definition-overriding=true in application.properties.
answered Nov 15 '18 at 11:33
Andy WilkinsonAndy Wilkinson
59.5k9143150
1
Thank you, that helped me finding the issue (KEYCLOAK-8725).
– Tobias Bertram-Köhler
Nov 15 '18 at 12:22
add a comment |
This helped me to resolve an issue, remove @KeycloakConfiguration and use this instead (from KEYCLOAK-8725):
Java:
@Configuration
@ComponentScan(
basePackageClasses = KeycloakSecurityComponents.class,
excludeFilters = @ComponentScan.Filter(type = FilterType.REGEX, pattern = "org.keycloak.adapters.springsecurity.management.HttpSessionManager"))
@EnableWebSecurity
Kotlin:
@Configuration
@ComponentScan(
basePackageClasses = [KeycloakSecurityComponents::class],
excludeFilters = [ComponentScan.Filter(type = FilterType.REGEX, pattern = ["org.keycloak.adapters.springsecurity.management.HttpSessionManager"])]
)
@EnableWebSecurity
answered Nov 29 '18 at 11:31
Yuriy YunikovYuriy Yunikov
3,46512550
2
clean and elegant solution. it works!
– guleryuz
Jan 21 at 11:58
add a comment |
Your Answer
StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53318134%2funable-to-use-keycloak-in-spring-boot-2-1-due-to-duplicated-bean-registration-ht%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
It looks like there's a bug in Keycloak's Spring Security integration which means that an application that subclasses KeycloakWebSecurityConfigurerAdapter will try to create two beans named httpSessionManager. When two beans are defined with the same name, the second definition that is encountered will attempt to override the first. This overriding is prohibited by default in Spring Boot 2.1. I would recommend reporting this as a bug against Keycloak's Spring Security integration. While you are waiting for the bug to be resolved, you can work around the problem by setting spring.main.allow-bean-definition-overriding=true in application.properties.
answered Nov 15 '18 at 11:33
Andy WilkinsonAndy Wilkinson
59.5k9143150
1
Thank you, that helped me finding the issue (KEYCLOAK-8725).
– Tobias Bertram-Köhler
Nov 15 '18 at 12:22
add a comment |
It looks like there's a bug in Keycloak's Spring Security integration which means that an application that subclasses KeycloakWebSecurityConfigurerAdapter will try to create two beans named httpSessionManager. When two beans are defined with the same name, the second definition that is encountered will attempt to override the first. This overriding is prohibited by default in Spring Boot 2.1. I would recommend reporting this as a bug against Keycloak's Spring Security integration. While you are waiting for the bug to be resolved, you can work around the problem by setting spring.main.allow-bean-definition-overriding=true in application.properties.
answered Nov 15 '18 at 11:33
Andy WilkinsonAndy Wilkinson
59.5k9143150
1
Thank you, that helped me finding the issue (KEYCLOAK-8725).
– Tobias Bertram-Köhler
Nov 15 '18 at 12:22
add a comment |
It looks like there's a bug in Keycloak's Spring Security integration which means that an application that subclasses KeycloakWebSecurityConfigurerAdapter will try to create two beans named httpSessionManager. When two beans are defined with the same name, the second definition that is encountered will attempt to override the first. This overriding is prohibited by default in Spring Boot 2.1. I would recommend reporting this as a bug against Keycloak's Spring Security integration. While you are waiting for the bug to be resolved, you can work around the problem by setting spring.main.allow-bean-definition-overriding=true in application.properties.
answered Nov 15 '18 at 11:33
Andy WilkinsonAndy Wilkinson
59.5k9143150
It looks like there's a bug in Keycloak's Spring Security integration which means that an application that subclasses KeycloakWebSecurityConfigurerAdapter will try to create two beans named httpSessionManager. When two beans are defined with the same name, the second definition that is encountered will attempt to override the first. This overriding is prohibited by default in Spring Boot 2.1. I would recommend reporting this as a bug against Keycloak's Spring Security integration. While you are waiting for the bug to be resolved, you can work around the problem by setting spring.main.allow-bean-definition-overriding=true in application.properties.
answered Nov 15 '18 at 11:33
Andy WilkinsonAndy Wilkinson
59.5k9143150
answered Nov 15 '18 at 11:33
Andy WilkinsonAndy Wilkinson
59.5k9143150
answered Nov 15 '18 at 11:33
Andy WilkinsonAndy Wilkinson
59.5k9143150
answered Nov 15 '18 at 11:33
Andy WilkinsonAndy Wilkinson
59.5k9143150
59.5k9143150
1
Thank you, that helped me finding the issue (KEYCLOAK-8725).
– Tobias Bertram-Köhler
Nov 15 '18 at 12:22
add a comment |
1
Thank you, that helped me finding the issue (KEYCLOAK-8725).
– Tobias Bertram-Köhler
Nov 15 '18 at 12:22
1
1
Thank you, that helped me finding the issue (KEYCLOAK-8725).
– Tobias Bertram-Köhler
Nov 15 '18 at 12:22
Thank you, that helped me finding the issue (KEYCLOAK-8725).
– Tobias Bertram-Köhler
Nov 15 '18 at 12:22
add a comment |
This helped me to resolve an issue, remove @KeycloakConfiguration and use this instead (from KEYCLOAK-8725):
Java:
@Configuration
@ComponentScan(
basePackageClasses = KeycloakSecurityComponents.class,
excludeFilters = @ComponentScan.Filter(type = FilterType.REGEX, pattern = "org.keycloak.adapters.springsecurity.management.HttpSessionManager"))
@EnableWebSecurity
Kotlin:
@Configuration
@ComponentScan(
basePackageClasses = [KeycloakSecurityComponents::class],
excludeFilters = [ComponentScan.Filter(type = FilterType.REGEX, pattern = ["org.keycloak.adapters.springsecurity.management.HttpSessionManager"])]
)
@EnableWebSecurity
answered Nov 29 '18 at 11:31
Yuriy YunikovYuriy Yunikov
3,46512550
2
clean and elegant solution. it works!
– guleryuz
Jan 21 at 11:58
add a comment |
This helped me to resolve an issue, remove @KeycloakConfiguration and use this instead (from KEYCLOAK-8725):
Java:
@Configuration
@ComponentScan(
basePackageClasses = KeycloakSecurityComponents.class,
excludeFilters = @ComponentScan.Filter(type = FilterType.REGEX, pattern = "org.keycloak.adapters.springsecurity.management.HttpSessionManager"))
@EnableWebSecurity
Kotlin:
@Configuration
@ComponentScan(
basePackageClasses = [KeycloakSecurityComponents::class],
excludeFilters = [ComponentScan.Filter(type = FilterType.REGEX, pattern = ["org.keycloak.adapters.springsecurity.management.HttpSessionManager"])]
)
@EnableWebSecurity
answered Nov 29 '18 at 11:31
Yuriy YunikovYuriy Yunikov
3,46512550
2
clean and elegant solution. it works!
– guleryuz
Jan 21 at 11:58
add a comment |
This helped me to resolve an issue, remove @KeycloakConfiguration and use this instead (from KEYCLOAK-8725):
Java:
@Configuration
@ComponentScan(
basePackageClasses = KeycloakSecurityComponents.class,
excludeFilters = @ComponentScan.Filter(type = FilterType.REGEX, pattern = "org.keycloak.adapters.springsecurity.management.HttpSessionManager"))
@EnableWebSecurity
Kotlin:
@Configuration
@ComponentScan(
basePackageClasses = [KeycloakSecurityComponents::class],
excludeFilters = [ComponentScan.Filter(type = FilterType.REGEX, pattern = ["org.keycloak.adapters.springsecurity.management.HttpSessionManager"])]
)
@EnableWebSecurity
answered Nov 29 '18 at 11:31
Yuriy YunikovYuriy Yunikov
3,46512550
This helped me to resolve an issue, remove @KeycloakConfiguration and use this instead (from KEYCLOAK-8725):
Java:
@Configuration
@ComponentScan(
basePackageClasses = KeycloakSecurityComponents.class,
excludeFilters = @ComponentScan.Filter(type = FilterType.REGEX, pattern = "org.keycloak.adapters.springsecurity.management.HttpSessionManager"))
@EnableWebSecurity
Kotlin:
@Configuration
@ComponentScan(
basePackageClasses = [KeycloakSecurityComponents::class],
excludeFilters = [ComponentScan.Filter(type = FilterType.REGEX, pattern = ["org.keycloak.adapters.springsecurity.management.HttpSessionManager"])]
)
@EnableWebSecurity
answered Nov 29 '18 at 11:31
Yuriy YunikovYuriy Yunikov
3,46512550
answered Nov 29 '18 at 11:31
Yuriy YunikovYuriy Yunikov
3,46512550
answered Nov 29 '18 at 11:31
Yuriy YunikovYuriy Yunikov
3,46512550
answered Nov 29 '18 at 11:31
Yuriy YunikovYuriy Yunikov
3,46512550
3,46512550
2
clean and elegant solution. it works!
– guleryuz
Jan 21 at 11:58
add a comment |
2
clean and elegant solution. it works!
– guleryuz
Jan 21 at 11:58
2
2
clean and elegant solution. it works!
– guleryuz
Jan 21 at 11:58
clean and elegant solution. it works!
– guleryuz
Jan 21 at 11:58
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53318134%2funable-to-use-keycloak-in-spring-boot-2-1-due-to-duplicated-bean-registration-ht%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
