1

I'm upgrading my application from Spring Boot 2.5.4 to 2.6.1 and having depency issues:

Description:
The dependencies of some of the beans in the application context form a cycle:

   oidcAuthService defined in file [/pr/pr-security-oidc/target/classes/com/pr/MyOauth2AuthService.class]

┌─────┐
|  oauth2SecurityConfiguration
↑     ↓
|  org.springframework.boot.autoconfigure.web.servlet.WebMvcAutoConfiguration$EnableWebMvcConfiguration
↑     ↓
|  org.springframework.security.config.annotation.web.configuration.OAuth2ClientConfiguration$OAuth2ClientWebMvcSecurityConfiguration
└─────┘

After some investigation when excluding WebMvcAutoConfiguration.class the application is able to start but it leads to different security configuration related issues. Any ideas what is happening with the new Spring version, why WebMvcAutoConfiguration and OAuth2ClientConfiguration are conflicting with each other?

P.S. I'm using the spring-boot-starter-oauth2-client with spring boot with no issues on the older version.

Thanks!

Zephaniah Irvine
  • 389
  • 2
  • 12
fleske
  • 400
  • 2
  • 7
  • this is occurring since spring 2.6 is the first version to check and error out on circular dependencies – eis Jan 18 '22 at 14:21

2 Answers2

3

You can try to place

spring.main.allow-circular-references: true

In your application.properties. For more follow the link: https://github.com/springdoc/springdoc-openapi/issues/1347

Yaroslav Prokopenko
  • 66
  • 6
0

I think the correct way is to remove:

... extends WebSecurityConfigurerAdapter

and replace it with bean:

@Bean
SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
    return http. ... <do whatever you did in configure method> ... .build();
}
Martin Mucha
  • 2,385
  • 1
  • 29
  • 49