[Fixed] spring-boot:3.2.1 (spring-security-config:6.2.1) Upgrade Issue: Error Creating Bean 'springSecurityFilterChain' – Spring

by
Ali Hasan
java spring spring-boot spring-security

Quick Fix: Add AbstractSecurityWebApplicationInitializer.DEFAULT_FILTER_NAME to the BeanDefinitionRegistryPostProcessor bean definition.

The Problem:

After upgrading from Spring Boot 3.2.0 to 3.2.1, a Spring Boot application fails to start due to an error associated with the creation of the ‘springSecurityFilterChain’ bean. The issue is related to changes in the WebMvcSecurityConfiguration class in spring-security-config:6.2.1, which caused an exception when instantiating WebMvcSecurityConfiguration$CompositeFilterChainProxy. The error message indicates that the FilterChainProxy could not be found in the specified list of objects, resulting in the failure to initialize the security filter chain. The problem persists even after implementing suggested fixes for similar issues, such as disabling FormLoginConfigurer, disabling debug logs, and including the @EnableWebSecurity and @Configuration annotations. The goal is to resolve this issue and successfully start the Spring Boot application.

The Solutions:

Solution 1: Temporary workaround with Custom FilterChainProxy

This solution provides a temporary workaround for the issue by defining a custom FilterChainProxy bean and a BeanDefinitionRegistryPostProcessor to replace the default FilterChainProxy bean with the custom one.

  1. Define the FilterChainProxy Class:

    Create a custom FilterChainProxy class named CompositeFilterChainProxy that extends FilterChainProxy. This class contains a delegate Filter for handling filter chain execution and a FilterChainProxy field to access the original Spring Security filter chain.

  2. Provide the Bean Definition:

    Inside the CompositeFilterChainProxy class, define a factory method createDoFilterDelegate(List<? extends Filter> filters) to create a delegate Filter from the provided list of filters. Another method findFilterChainProxy(List<? extends Filter> filters) is implemented to locate the actual Spring Security filter chain.

  3. Implement afterPropertiesSet(), doFilter(), and Required Methods:

    Override afterPropertiesSet() to delegate the initialization to the Spring Security filter chain. Implement doFilter() to call the delegate Filter for handling filter chain execution. Override other necessary methods to delegate operations to the Spring Security filter chain.

  4. Register the Bean Definition Post Processor:

    Define a static method beanDefinitionRegistryPostProcessor() that returns a BeanDefinitionRegistryPostProcessor instance. In this method, set the bean class name for AbstractSecurityWebApplicationInitializer.DEFAULT_FILTER_NAME to CompositeFilterChainProxy.

  5. Add the @Bean Annotation:

    Annotate the CompositeFilterChainProxy class with @Bean to register it as a Spring bean.

This temporary solution should allow Spring Boot to successfully start with the updated spring-security-config version.

Q&A

What’s the cause of the problem?

It’s a bug in spring-security-config:6.2.1.

How can I fix it?

Use code provided in the answer.

Can I wait for the official fix?

Yes.

Similar Posts

Springdoc openapi and Spring boot parent 2.7.10 compatibility – Spring-boot

Spring Data/JPA – How can I check if a record already exists by name? – Java

[Fixed] Spring boot 3 ehcache config setup issue – Spring

spring-security 6.0 migration – How to configure AuthenticationManager – Spring-security

[Solved] Powershell script Set-MpPreference not working correctly – Powershell

Spring Cloud Config – File extension is not known to any PropertySourceLoader in Openshift – Spring

[Solved] Cannot resolve plugin org.apache.maven.plugins:maven-site-plugin:3.12.1 – Spring

Migrating to java 17 mandatory module system, where do I find module javax.validation? – Java

[Solved] spring boot with sleuth not working traceId – Spring-boot

Exception handling in Spring – Controller or Service layer – Exception

© 2024 ProgramingQA. All Rights Reserved.

About Contact Terms Privacy Policy