Unable to use Keycloak in Spring Boot 2.1 due to duplicated Bean Registration httpSessionManager










14















I want to secure my Spring Boot 2.1 app with Keycloak 4.5.



Currently I cannot start the application due to the following error:



Exception encountered during context initialization - cancelling refresh attempt: 
org.springframework.beans.factory.support.BeanDefinitionOverrideException:
Invalid bean definition with name 'httpSessionManager' defined in class path resource [dummy/service/SecurityConfig.class]:
Cannot register bean definition [Root bean: class [null]; scope=; abstract=false; lazyInit=false; autowireMode=3; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=securityConfig; factoryMethodName=httpSessionManager; initMethodName=null; destroyMethodName=(inferred); defined in class path resource [dummy/SecurityConfig.class]] for bean 'httpSessionManager':
There is already [Generic bean: class [org.keycloak.adapters.springsecurity.management.HttpSessionManager]; scope=singleton; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null; defined in URL [jar:file:/.m2/repository/org/keycloak/keycloak-spring-security-adapter/4.5.0.Final/keycloak-spring-security-adapter-4.5.0.Final.jar!/org/keycloak/adapters/springsecurity/management/HttpSessionManager.class]] bound.


My class SecurityConfig (see below) extends from KeycloakWebSecurityConfigurerAdapter. This adapter already defines the bean httpSessionManager.



I understand why this is a problem. Question is, how can I prevent this or fix my conflict?



The Steps I have done so far:



  • Built my pom (see below) using:

    • spring-boot-starter-web

    • spring-boot-starter-security

    • keycloak-spring-boot-starter

    • keycloak-adapter-bom in dependencyManagement


  • Defined an own SecurityConfig extending KeycloakWebSecurityConfigurerAdapter

pom.xml



...
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.1.0.RELEASE</version>
</parent>

<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>

<java.version>11</java.version>
<maven.compiler.source>$java.version</maven.compiler.source>
<maven.compiler.target>$java.version</maven.compiler.target>

<keycloak.version>4.5.0.Final</keycloak.version>
</properties>

<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-spring-boot-starter</artifactId>
</dependency>
</dependencies>

<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.keycloak.bom</groupId>
<artifactId>keycloak-adapter-bom</artifactId>
<version>$keycloak.version</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>
...


SecurityConfig.java



@KeycloakConfiguration
@EnableGlobalMethodSecurity(prePostEnabled = true)
@Import(KeycloakWebSecurityConfigurerAdapter.class)
class SecurityConfig extends KeycloakWebSecurityConfigurerAdapter

@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth)
KeycloakAuthenticationProvider keycloakAuthenticationProvider = keycloakAuthenticationProvider();
keycloakAuthenticationProvider.setGrantedAuthoritiesMapper(new SimpleAuthorityMapper());
auth.authenticationProvider(keycloakAuthenticationProvider);


@Bean
@Override
protected SessionAuthenticationStrategy sessionAuthenticationStrategy()
return new RegisterSessionAuthenticationStrategy(new SessionRegistryImpl());


@Bean
public KeycloakConfigResolver keycloakConfigResolver()
return new KeycloakSpringBootConfigResolver();


@Override
protected void configure(HttpSecurity http) throws Exception
super.configure(http);
http.csrf().ignoringAntMatchers("/**/*");
http.authorizeRequests()
.anyRequest().permitAll();




Update
There is a known issue (KEYCLOAK-8725). The fix is planned for 5.x of Keycloak. However, there was a workaround in the comments. Just replace the annotation @KeyCloakConfiguration with:



@Configuration
@ComponentScan(
basePackageClasses = KeycloakSecurityComponents.class,
excludeFilters = @ComponentScan.Filter(type = FilterType.REGEX, pattern = "org.keycloak.adapters.springsecurity.management.HttpSessionManager"))
@EnableWebSecurity









share|improve this question




























    14















    I want to secure my Spring Boot 2.1 app with Keycloak 4.5.



    Currently I cannot start the application due to the following error:



    Exception encountered during context initialization - cancelling refresh attempt: 
    org.springframework.beans.factory.support.BeanDefinitionOverrideException:
    Invalid bean definition with name 'httpSessionManager' defined in class path resource [dummy/service/SecurityConfig.class]:
    Cannot register bean definition [Root bean: class [null]; scope=; abstract=false; lazyInit=false; autowireMode=3; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=securityConfig; factoryMethodName=httpSessionManager; initMethodName=null; destroyMethodName=(inferred); defined in class path resource [dummy/SecurityConfig.class]] for bean 'httpSessionManager':
    There is already [Generic bean: class [org.keycloak.adapters.springsecurity.management.HttpSessionManager]; scope=singleton; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null; defined in URL [jar:file:/.m2/repository/org/keycloak/keycloak-spring-security-adapter/4.5.0.Final/keycloak-spring-security-adapter-4.5.0.Final.jar!/org/keycloak/adapters/springsecurity/management/HttpSessionManager.class]] bound.


    My class SecurityConfig (see below) extends from KeycloakWebSecurityConfigurerAdapter. This adapter already defines the bean httpSessionManager.



    I understand why this is a problem. Question is, how can I prevent this or fix my conflict?



    The Steps I have done so far:



    • Built my pom (see below) using:

      • spring-boot-starter-web

      • spring-boot-starter-security

      • keycloak-spring-boot-starter

      • keycloak-adapter-bom in dependencyManagement


    • Defined an own SecurityConfig extending KeycloakWebSecurityConfigurerAdapter

    pom.xml



    ...
    <parent>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-parent</artifactId>
    <version>2.1.0.RELEASE</version>
    </parent>

    <properties>
    <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
    <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>

    <java.version>11</java.version>
    <maven.compiler.source>$java.version</maven.compiler.source>
    <maven.compiler.target>$java.version</maven.compiler.target>

    <keycloak.version>4.5.0.Final</keycloak.version>
    </properties>

    <dependencies>
    <dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-web</artifactId>
    </dependency>
    <dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-security</artifactId>
    </dependency>
    <dependency>
    <groupId>org.keycloak</groupId>
    <artifactId>keycloak-spring-boot-starter</artifactId>
    </dependency>
    </dependencies>

    <dependencyManagement>
    <dependencies>
    <dependency>
    <groupId>org.keycloak.bom</groupId>
    <artifactId>keycloak-adapter-bom</artifactId>
    <version>$keycloak.version</version>
    <type>pom</type>
    <scope>import</scope>
    </dependency>
    </dependencies>
    </dependencyManagement>
    ...


    SecurityConfig.java



    @KeycloakConfiguration
    @EnableGlobalMethodSecurity(prePostEnabled = true)
    @Import(KeycloakWebSecurityConfigurerAdapter.class)
    class SecurityConfig extends KeycloakWebSecurityConfigurerAdapter

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth)
    KeycloakAuthenticationProvider keycloakAuthenticationProvider = keycloakAuthenticationProvider();
    keycloakAuthenticationProvider.setGrantedAuthoritiesMapper(new SimpleAuthorityMapper());
    auth.authenticationProvider(keycloakAuthenticationProvider);


    @Bean
    @Override
    protected SessionAuthenticationStrategy sessionAuthenticationStrategy()
    return new RegisterSessionAuthenticationStrategy(new SessionRegistryImpl());


    @Bean
    public KeycloakConfigResolver keycloakConfigResolver()
    return new KeycloakSpringBootConfigResolver();


    @Override
    protected void configure(HttpSecurity http) throws Exception
    super.configure(http);
    http.csrf().ignoringAntMatchers("/**/*");
    http.authorizeRequests()
    .anyRequest().permitAll();




    Update
    There is a known issue (KEYCLOAK-8725). The fix is planned for 5.x of Keycloak. However, there was a workaround in the comments. Just replace the annotation @KeyCloakConfiguration with:



    @Configuration
    @ComponentScan(
    basePackageClasses = KeycloakSecurityComponents.class,
    excludeFilters = @ComponentScan.Filter(type = FilterType.REGEX, pattern = "org.keycloak.adapters.springsecurity.management.HttpSessionManager"))
    @EnableWebSecurity









    share|improve this question


























      14












      14








      14


      1






      I want to secure my Spring Boot 2.1 app with Keycloak 4.5.



      Currently I cannot start the application due to the following error:



      Exception encountered during context initialization - cancelling refresh attempt: 
      org.springframework.beans.factory.support.BeanDefinitionOverrideException:
      Invalid bean definition with name 'httpSessionManager' defined in class path resource [dummy/service/SecurityConfig.class]:
      Cannot register bean definition [Root bean: class [null]; scope=; abstract=false; lazyInit=false; autowireMode=3; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=securityConfig; factoryMethodName=httpSessionManager; initMethodName=null; destroyMethodName=(inferred); defined in class path resource [dummy/SecurityConfig.class]] for bean 'httpSessionManager':
      There is already [Generic bean: class [org.keycloak.adapters.springsecurity.management.HttpSessionManager]; scope=singleton; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null; defined in URL [jar:file:/.m2/repository/org/keycloak/keycloak-spring-security-adapter/4.5.0.Final/keycloak-spring-security-adapter-4.5.0.Final.jar!/org/keycloak/adapters/springsecurity/management/HttpSessionManager.class]] bound.


      My class SecurityConfig (see below) extends from KeycloakWebSecurityConfigurerAdapter. This adapter already defines the bean httpSessionManager.



      I understand why this is a problem. Question is, how can I prevent this or fix my conflict?



      The Steps I have done so far:



      • Built my pom (see below) using:

        • spring-boot-starter-web

        • spring-boot-starter-security

        • keycloak-spring-boot-starter

        • keycloak-adapter-bom in dependencyManagement


      • Defined an own SecurityConfig extending KeycloakWebSecurityConfigurerAdapter

      pom.xml



      ...
      <parent>
      <groupId>org.springframework.boot</groupId>
      <artifactId>spring-boot-starter-parent</artifactId>
      <version>2.1.0.RELEASE</version>
      </parent>

      <properties>
      <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
      <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>

      <java.version>11</java.version>
      <maven.compiler.source>$java.version</maven.compiler.source>
      <maven.compiler.target>$java.version</maven.compiler.target>

      <keycloak.version>4.5.0.Final</keycloak.version>
      </properties>

      <dependencies>
      <dependency>
      <groupId>org.springframework.boot</groupId>
      <artifactId>spring-boot-starter-web</artifactId>
      </dependency>
      <dependency>
      <groupId>org.springframework.boot</groupId>
      <artifactId>spring-boot-starter-security</artifactId>
      </dependency>
      <dependency>
      <groupId>org.keycloak</groupId>
      <artifactId>keycloak-spring-boot-starter</artifactId>
      </dependency>
      </dependencies>

      <dependencyManagement>
      <dependencies>
      <dependency>
      <groupId>org.keycloak.bom</groupId>
      <artifactId>keycloak-adapter-bom</artifactId>
      <version>$keycloak.version</version>
      <type>pom</type>
      <scope>import</scope>
      </dependency>
      </dependencies>
      </dependencyManagement>
      ...


      SecurityConfig.java



      @KeycloakConfiguration
      @EnableGlobalMethodSecurity(prePostEnabled = true)
      @Import(KeycloakWebSecurityConfigurerAdapter.class)
      class SecurityConfig extends KeycloakWebSecurityConfigurerAdapter

      @Autowired
      public void configureGlobal(AuthenticationManagerBuilder auth)
      KeycloakAuthenticationProvider keycloakAuthenticationProvider = keycloakAuthenticationProvider();
      keycloakAuthenticationProvider.setGrantedAuthoritiesMapper(new SimpleAuthorityMapper());
      auth.authenticationProvider(keycloakAuthenticationProvider);


      @Bean
      @Override
      protected SessionAuthenticationStrategy sessionAuthenticationStrategy()
      return new RegisterSessionAuthenticationStrategy(new SessionRegistryImpl());


      @Bean
      public KeycloakConfigResolver keycloakConfigResolver()
      return new KeycloakSpringBootConfigResolver();


      @Override
      protected void configure(HttpSecurity http) throws Exception
      super.configure(http);
      http.csrf().ignoringAntMatchers("/**/*");
      http.authorizeRequests()
      .anyRequest().permitAll();




      Update
      There is a known issue (KEYCLOAK-8725). The fix is planned for 5.x of Keycloak. However, there was a workaround in the comments. Just replace the annotation @KeyCloakConfiguration with:



      @Configuration
      @ComponentScan(
      basePackageClasses = KeycloakSecurityComponents.class,
      excludeFilters = @ComponentScan.Filter(type = FilterType.REGEX, pattern = "org.keycloak.adapters.springsecurity.management.HttpSessionManager"))
      @EnableWebSecurity









      share|improve this question
















      I want to secure my Spring Boot 2.1 app with Keycloak 4.5.



      Currently I cannot start the application due to the following error:



      Exception encountered during context initialization - cancelling refresh attempt: 
      org.springframework.beans.factory.support.BeanDefinitionOverrideException:
      Invalid bean definition with name 'httpSessionManager' defined in class path resource [dummy/service/SecurityConfig.class]:
      Cannot register bean definition [Root bean: class [null]; scope=; abstract=false; lazyInit=false; autowireMode=3; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=securityConfig; factoryMethodName=httpSessionManager; initMethodName=null; destroyMethodName=(inferred); defined in class path resource [dummy/SecurityConfig.class]] for bean 'httpSessionManager':
      There is already [Generic bean: class [org.keycloak.adapters.springsecurity.management.HttpSessionManager]; scope=singleton; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null; defined in URL [jar:file:/.m2/repository/org/keycloak/keycloak-spring-security-adapter/4.5.0.Final/keycloak-spring-security-adapter-4.5.0.Final.jar!/org/keycloak/adapters/springsecurity/management/HttpSessionManager.class]] bound.


      My class SecurityConfig (see below) extends from KeycloakWebSecurityConfigurerAdapter. This adapter already defines the bean httpSessionManager.



      I understand why this is a problem. Question is, how can I prevent this or fix my conflict?



      The Steps I have done so far:



      • Built my pom (see below) using:

        • spring-boot-starter-web

        • spring-boot-starter-security

        • keycloak-spring-boot-starter

        • keycloak-adapter-bom in dependencyManagement


      • Defined an own SecurityConfig extending KeycloakWebSecurityConfigurerAdapter

      pom.xml



      ...
      <parent>
      <groupId>org.springframework.boot</groupId>
      <artifactId>spring-boot-starter-parent</artifactId>
      <version>2.1.0.RELEASE</version>
      </parent>

      <properties>
      <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
      <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>

      <java.version>11</java.version>
      <maven.compiler.source>$java.version</maven.compiler.source>
      <maven.compiler.target>$java.version</maven.compiler.target>

      <keycloak.version>4.5.0.Final</keycloak.version>
      </properties>

      <dependencies>
      <dependency>
      <groupId>org.springframework.boot</groupId>
      <artifactId>spring-boot-starter-web</artifactId>
      </dependency>
      <dependency>
      <groupId>org.springframework.boot</groupId>
      <artifactId>spring-boot-starter-security</artifactId>
      </dependency>
      <dependency>
      <groupId>org.keycloak</groupId>
      <artifactId>keycloak-spring-boot-starter</artifactId>
      </dependency>
      </dependencies>

      <dependencyManagement>
      <dependencies>
      <dependency>
      <groupId>org.keycloak.bom</groupId>
      <artifactId>keycloak-adapter-bom</artifactId>
      <version>$keycloak.version</version>
      <type>pom</type>
      <scope>import</scope>
      </dependency>
      </dependencies>
      </dependencyManagement>
      ...


      SecurityConfig.java



      @KeycloakConfiguration
      @EnableGlobalMethodSecurity(prePostEnabled = true)
      @Import(KeycloakWebSecurityConfigurerAdapter.class)
      class SecurityConfig extends KeycloakWebSecurityConfigurerAdapter

      @Autowired
      public void configureGlobal(AuthenticationManagerBuilder auth)
      KeycloakAuthenticationProvider keycloakAuthenticationProvider = keycloakAuthenticationProvider();
      keycloakAuthenticationProvider.setGrantedAuthoritiesMapper(new SimpleAuthorityMapper());
      auth.authenticationProvider(keycloakAuthenticationProvider);


      @Bean
      @Override
      protected SessionAuthenticationStrategy sessionAuthenticationStrategy()
      return new RegisterSessionAuthenticationStrategy(new SessionRegistryImpl());


      @Bean
      public KeycloakConfigResolver keycloakConfigResolver()
      return new KeycloakSpringBootConfigResolver();


      @Override
      protected void configure(HttpSecurity http) throws Exception
      super.configure(http);
      http.csrf().ignoringAntMatchers("/**/*");
      http.authorizeRequests()
      .anyRequest().permitAll();




      Update
      There is a known issue (KEYCLOAK-8725). The fix is planned for 5.x of Keycloak. However, there was a workaround in the comments. Just replace the annotation @KeyCloakConfiguration with:



      @Configuration
      @ComponentScan(
      basePackageClasses = KeycloakSecurityComponents.class,
      excludeFilters = @ComponentScan.Filter(type = FilterType.REGEX, pattern = "org.keycloak.adapters.springsecurity.management.HttpSessionManager"))
      @EnableWebSecurity






      spring-boot spring-security keycloak






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Nov 15 '18 at 12:35







      Tobias Bertram-Köhler

















      asked Nov 15 '18 at 11:08









      Tobias Bertram-KöhlerTobias Bertram-Köhler

      735




      735






















          2 Answers
          2






          active

          oldest

          votes


















          7














          It looks like there's a bug in Keycloak's Spring Security integration which means that an application that subclasses KeycloakWebSecurityConfigurerAdapter will try to create two beans named httpSessionManager. When two beans are defined with the same name, the second definition that is encountered will attempt to override the first. This overriding is prohibited by default in Spring Boot 2.1. I would recommend reporting this as a bug against Keycloak's Spring Security integration. While you are waiting for the bug to be resolved, you can work around the problem by setting spring.main.allow-bean-definition-overriding=true in application.properties.






          share|improve this answer


















          • 1





            Thank you, that helped me finding the issue (KEYCLOAK-8725).

            – Tobias Bertram-Köhler
            Nov 15 '18 at 12:22


















          11














          This helped me to resolve an issue, remove @KeycloakConfiguration and use this instead (from KEYCLOAK-8725):



          Java:



          @Configuration
          @ComponentScan(
          basePackageClasses = KeycloakSecurityComponents.class,
          excludeFilters = @ComponentScan.Filter(type = FilterType.REGEX, pattern = "org.keycloak.adapters.springsecurity.management.HttpSessionManager"))
          @EnableWebSecurity


          Kotlin:



          @Configuration
          @ComponentScan(
          basePackageClasses = [KeycloakSecurityComponents::class],
          excludeFilters = [ComponentScan.Filter(type = FilterType.REGEX, pattern = ["org.keycloak.adapters.springsecurity.management.HttpSessionManager"])]
          )
          @EnableWebSecurity





          share|improve this answer


















          • 2





            clean and elegant solution. it works!

            – guleryuz
            Jan 21 at 11:58











          Your Answer






          StackExchange.ifUsing("editor", function ()
          StackExchange.using("externalEditor", function ()
          StackExchange.using("snippets", function ()
          StackExchange.snippets.init();
          );
          );
          , "code-snippets");

          StackExchange.ready(function()
          var channelOptions =
          tags: "".split(" "),
          id: "1"
          ;
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function()
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled)
          StackExchange.using("snippets", function()
          createEditor();
          );

          else
          createEditor();

          );

          function createEditor()
          StackExchange.prepareEditor(
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader:
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          ,
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          );



          );













          draft saved

          draft discarded


















          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53318134%2funable-to-use-keycloak-in-spring-boot-2-1-due-to-duplicated-bean-registration-ht%23new-answer', 'question_page');

          );

          Post as a guest















          Required, but never shown

























          2 Answers
          2






          active

          oldest

          votes








          2 Answers
          2






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes









          7














          It looks like there's a bug in Keycloak's Spring Security integration which means that an application that subclasses KeycloakWebSecurityConfigurerAdapter will try to create two beans named httpSessionManager. When two beans are defined with the same name, the second definition that is encountered will attempt to override the first. This overriding is prohibited by default in Spring Boot 2.1. I would recommend reporting this as a bug against Keycloak's Spring Security integration. While you are waiting for the bug to be resolved, you can work around the problem by setting spring.main.allow-bean-definition-overriding=true in application.properties.






          share|improve this answer


















          • 1





            Thank you, that helped me finding the issue (KEYCLOAK-8725).

            – Tobias Bertram-Köhler
            Nov 15 '18 at 12:22















          7














          It looks like there's a bug in Keycloak's Spring Security integration which means that an application that subclasses KeycloakWebSecurityConfigurerAdapter will try to create two beans named httpSessionManager. When two beans are defined with the same name, the second definition that is encountered will attempt to override the first. This overriding is prohibited by default in Spring Boot 2.1. I would recommend reporting this as a bug against Keycloak's Spring Security integration. While you are waiting for the bug to be resolved, you can work around the problem by setting spring.main.allow-bean-definition-overriding=true in application.properties.






          share|improve this answer


















          • 1





            Thank you, that helped me finding the issue (KEYCLOAK-8725).

            – Tobias Bertram-Köhler
            Nov 15 '18 at 12:22













          7












          7








          7







          It looks like there's a bug in Keycloak's Spring Security integration which means that an application that subclasses KeycloakWebSecurityConfigurerAdapter will try to create two beans named httpSessionManager. When two beans are defined with the same name, the second definition that is encountered will attempt to override the first. This overriding is prohibited by default in Spring Boot 2.1. I would recommend reporting this as a bug against Keycloak's Spring Security integration. While you are waiting for the bug to be resolved, you can work around the problem by setting spring.main.allow-bean-definition-overriding=true in application.properties.






          share|improve this answer













          It looks like there's a bug in Keycloak's Spring Security integration which means that an application that subclasses KeycloakWebSecurityConfigurerAdapter will try to create two beans named httpSessionManager. When two beans are defined with the same name, the second definition that is encountered will attempt to override the first. This overriding is prohibited by default in Spring Boot 2.1. I would recommend reporting this as a bug against Keycloak's Spring Security integration. While you are waiting for the bug to be resolved, you can work around the problem by setting spring.main.allow-bean-definition-overriding=true in application.properties.







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Nov 15 '18 at 11:33









          Andy WilkinsonAndy Wilkinson

          59.5k9143150




          59.5k9143150







          • 1





            Thank you, that helped me finding the issue (KEYCLOAK-8725).

            – Tobias Bertram-Köhler
            Nov 15 '18 at 12:22












          • 1





            Thank you, that helped me finding the issue (KEYCLOAK-8725).

            – Tobias Bertram-Köhler
            Nov 15 '18 at 12:22







          1




          1





          Thank you, that helped me finding the issue (KEYCLOAK-8725).

          – Tobias Bertram-Köhler
          Nov 15 '18 at 12:22





          Thank you, that helped me finding the issue (KEYCLOAK-8725).

          – Tobias Bertram-Köhler
          Nov 15 '18 at 12:22













          11














          This helped me to resolve an issue, remove @KeycloakConfiguration and use this instead (from KEYCLOAK-8725):



          Java:



          @Configuration
          @ComponentScan(
          basePackageClasses = KeycloakSecurityComponents.class,
          excludeFilters = @ComponentScan.Filter(type = FilterType.REGEX, pattern = "org.keycloak.adapters.springsecurity.management.HttpSessionManager"))
          @EnableWebSecurity


          Kotlin:



          @Configuration
          @ComponentScan(
          basePackageClasses = [KeycloakSecurityComponents::class],
          excludeFilters = [ComponentScan.Filter(type = FilterType.REGEX, pattern = ["org.keycloak.adapters.springsecurity.management.HttpSessionManager"])]
          )
          @EnableWebSecurity





          share|improve this answer


















          • 2





            clean and elegant solution. it works!

            – guleryuz
            Jan 21 at 11:58
















          11














          This helped me to resolve an issue, remove @KeycloakConfiguration and use this instead (from KEYCLOAK-8725):



          Java:



          @Configuration
          @ComponentScan(
          basePackageClasses = KeycloakSecurityComponents.class,
          excludeFilters = @ComponentScan.Filter(type = FilterType.REGEX, pattern = "org.keycloak.adapters.springsecurity.management.HttpSessionManager"))
          @EnableWebSecurity


          Kotlin:



          @Configuration
          @ComponentScan(
          basePackageClasses = [KeycloakSecurityComponents::class],
          excludeFilters = [ComponentScan.Filter(type = FilterType.REGEX, pattern = ["org.keycloak.adapters.springsecurity.management.HttpSessionManager"])]
          )
          @EnableWebSecurity





          share|improve this answer


















          • 2





            clean and elegant solution. it works!

            – guleryuz
            Jan 21 at 11:58














          11












          11








          11







          This helped me to resolve an issue, remove @KeycloakConfiguration and use this instead (from KEYCLOAK-8725):



          Java:



          @Configuration
          @ComponentScan(
          basePackageClasses = KeycloakSecurityComponents.class,
          excludeFilters = @ComponentScan.Filter(type = FilterType.REGEX, pattern = "org.keycloak.adapters.springsecurity.management.HttpSessionManager"))
          @EnableWebSecurity


          Kotlin:



          @Configuration
          @ComponentScan(
          basePackageClasses = [KeycloakSecurityComponents::class],
          excludeFilters = [ComponentScan.Filter(type = FilterType.REGEX, pattern = ["org.keycloak.adapters.springsecurity.management.HttpSessionManager"])]
          )
          @EnableWebSecurity





          share|improve this answer













          This helped me to resolve an issue, remove @KeycloakConfiguration and use this instead (from KEYCLOAK-8725):



          Java:



          @Configuration
          @ComponentScan(
          basePackageClasses = KeycloakSecurityComponents.class,
          excludeFilters = @ComponentScan.Filter(type = FilterType.REGEX, pattern = "org.keycloak.adapters.springsecurity.management.HttpSessionManager"))
          @EnableWebSecurity


          Kotlin:



          @Configuration
          @ComponentScan(
          basePackageClasses = [KeycloakSecurityComponents::class],
          excludeFilters = [ComponentScan.Filter(type = FilterType.REGEX, pattern = ["org.keycloak.adapters.springsecurity.management.HttpSessionManager"])]
          )
          @EnableWebSecurity






          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Nov 29 '18 at 11:31









          Yuriy YunikovYuriy Yunikov

          3,46512550




          3,46512550







          • 2





            clean and elegant solution. it works!

            – guleryuz
            Jan 21 at 11:58













          • 2





            clean and elegant solution. it works!

            – guleryuz
            Jan 21 at 11:58








          2




          2





          clean and elegant solution. it works!

          – guleryuz
          Jan 21 at 11:58






          clean and elegant solution. it works!

          – guleryuz
          Jan 21 at 11:58


















          draft saved

          draft discarded
















































          Thanks for contributing an answer to Stack Overflow!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid


          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.

          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53318134%2funable-to-use-keycloak-in-spring-boot-2-1-due-to-duplicated-bean-registration-ht%23new-answer', 'question_page');

          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          這個網誌中的熱門文章

          How to read a connectionString WITH PROVIDER in .NET Core?

          Node.js Script on GitHub Pages or Amazon S3

          Museum of Modern and Contemporary Art of Trento and Rovereto