Spring security core framework getting configured twice in Grails Spring security core plugin

Question

I am using Grails spring security core plugin version 3.0.3.

The debug statements when configuring the spring security core framework are printed twice and the filter chain is also initialized twice

WARN grails.plugin.springsecurity.SpringSecurityCoreGrailsPlugin -
Configuring Spring Security Core ...

Configuring Spring Security Core ...
WARN grails.plugin.springsecurity.SpringSecurityCoreGrailsPlugin - ... finished
configuring Spring Security Core

... finished configuring Spring Security Core

Build gradle file

buildscript {
    ext {
        grailsVersion = project.grailsVersion
    }
    repositories {
        mavenLocal()
        maven { url "https://repo.grails.org/grails/core" }
    }
    dependencies {
        classpath "org.grails:grails-gradle-plugin:$grailsVersion"
        classpath "org.grails.plugins:hibernate:4.3.10.5"
    }
}

plugins {
    id "io.spring.dependency-management" version "0.5.2.RELEASE"
}

version "0.1"
group "restservicesapp"

apply plugin: "spring-boot"
apply plugin: "war"
apply plugin: 'eclipse'
apply plugin: 'idea'
apply plugin: "org.grails.grails-web"

ext {
    grailsVersion = project.grailsVersion
    gradleWrapperVersion = project.gradleWrapperVersion
}

repositories {
    mavenLocal()
    maven { url "https://repo.grails.org/grails/core" }
}

dependencyManagement {
    imports {
        mavenBom "org.grails:grails-bom:$grailsVersion"
    }
    applyMavenExclusions false
}

dependencies {
    compile "org.springframework.boot:spring-boot-starter-logging"
    compile "org.springframework.boot:spring-boot-starter-actuator"
    compile "org.springframework.boot:spring-boot-autoconfigure"
    provided "org.springframework.boot:spring-boot-starter-tomcat"
    compile "org.grails.plugins:hibernate"
    compile "org.grails.plugins:cache"
    compile "org.hibernate:hibernate-ehcache"

    runtime "mysql:mysql-connector-java:5.1.38"
    compile 'org.grails.plugins:spring-security-core:3.0.3'
    compile ('org.grails.plugins:spring-security-rest-gorm:2.0.0.M2') {
        exclude group: 'org.grails.plugins', module: 'spring-security-core'
    }


    testCompile "org.grails:grails-plugin-testing"
    testCompile "org.grails.plugins:geb"

    //console "org.grails:grails-console"
}

task wrapper(type: Wrapper) {
    gradleVersion = gradleWrapperVersion
}

Answer 1

Do you have org.grails.plugins:cxf into your build.gradle ? Possibly two context are being created. One for your main app and other for your /services/*. Move the cfx dependency in gradle file above spring security plugin and then you should see spring security being configured once only. I have been struggled with this more then 2 weeks now. But this solved this issue for me. For me it actually was an issue as the spring security being configured second time it was giving my NPE at times. See this question from myself only.

Update

My above assessment proved wrong. The real solution is, add below snippet to your build.gradle configurations.runtime { exclude module: "cxf" }

Answer 2

I believe Spring Security is not being configured twice. One line of output is from logging, the other is a println. Below is some code from grails.plugin.springsecurity.SpringSecurityCoreGrailsPlugin:

    Closure doWithSpring() {{ ->
    ReflectionUtils.application = SpringSecurityUtils.application = grailsApplication

    SpringSecurityUtils.resetSecurityConfig()
    def conf = SpringSecurityUtils.securityConfig
    boolean printStatusMessages = (conf.printStatusMessages instanceof Boolean) ? conf.printStatusMessages : true
    if (!conf || !conf.active) {
        if (printStatusMessages) {
            String message = '\n\nSpring Security is disabled, not loading\n\n'
            log.warn message
            println message
        }
        return
    }

    log.trace 'doWithSpring'

    if (printStatusMessages) {
        String message = '\nConfiguring Spring Security Core ...'
        log.warn message
        println message
    }