circular dependency in web application using spring boot security

Question

Circular dependency error. As I'm new to this technology i couldn't solve this. i need some here to clear this issue. This code is to secure few pages in the existing project. I have to secure only 3 pages to access only by admin. Any solution which can escape circular dependency or which can fulfil my task will help. My task is to complete secure few pages from accessing the user. This code is taken from a stackoverflow snippet.

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
    @Autowired
    private UserDetailsService userDetailsService;

    @Bean
    public BCryptPasswordEncoder bCryptPasswordEncoder() {
        return new BCryptPasswordEncoder();
    }
    @Override
    public void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
                .antMatchers("/editincident","editaccident","editreqeust").authenticated()
                .anyRequest().permitAll()
                .and()
                .csrf().disable();
    }

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailsService).passwordEncoder(bCryptPasswordEncoder());
    }
}

seeing you have circular reference with passwordEncoder and security configuration, I believe you will need the same solution as described here https://stackoverflow.com/questions/70073748/i-cant-update-my-webapp-to-spring-boot-2-6-0-2-5-7-works-but-2-6-0-doesnt/71527547#71527547 . This probably happened with update to spring boot 2.6.0 — Panagiotis Bougioukos, Apr 14 '22 at 11:59
`spring.main.allow-circular-references=true` is just a workaround which can backfire in the future. — Panagiotis Bougioukos, Apr 14 '22 at 12:01

score 2 · Answer 1 · answered Apr 14 '22 at 10:32

In spring.io docs there is "If you use predominantly constructor injection, it is possible to create an unresolvable circular dependency scenario.

For example: Class A requires an instance of class B through constructor injection, and class B requires an instance of class A through constructor injection. If you configure beans for classes A and B to be injected into each other, the Spring IoC container detects this circular reference at runtime, and throws a BeanCurrentlyInCreationException.

One possible solution is to edit the source code of some classes to be configured by setters rather than constructors. Alternatively, avoid constructor injection and use setter injection only. In other words, although it is not recommended, you can configure circular dependencies with setter injection."

So you should change the way you create one of your beans with using constructor method

Compared to the other answers so far, this is the only one I would call a solution. — thinkgruen, Apr 14 '22 at 13:03
well an excuse for not solving the underlying architectural dependency separation problems.. not really a solution — Michail Michailidis, Aug 12 '22 at 11:28

score 2 · Accepted Answer · answered Apr 15 '22 at 05:42

2

you can write one line in your application.properties file to remove this error.
spring.main.allow-circular-references= true

answered Apr 15 '22 at 05:42

rg226965

61
2

circular dependency in web application using spring boot security

2 Answers2