Spring Security Circular Dependency User Details

Question

I am developing a Spring Boot application. I have to make credentials for both Admins users. I was Working on Spring Security . Struck with circular dependency error. Without including spring security I tested other urls with post api. It worked fine. But can't understand this error.

SecurityConfig File

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private UserDetailsService userDetailsService;

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailsService).passwordEncoder(encodePWD());
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.csrf().disable();

        http.authorizeRequests().antMatchers("/rest/auth/**").authenticated().anyRequest().permitAll().and()
                .authorizeRequests().antMatchers("/secure/rest/**").authenticated().anyRequest().hasAnyRole("ADMIN").and()
                .formLogin().permitAll();

    }

    @Bean
    public BCryptPasswordEncoder encodePWD() {
        return new BCryptPasswordEncoder();
    }
}

Getting this error

Error starting ApplicationContext. To display the conditions report re-run your application with 'debug' enabled.
2022-10-04 11:59:31.338[0;39m [31mERROR[0;39m [35m5733[0;39m [2m---[0;39m [2m[  restartedMain][0;39m [36mo.s.b.d.LoggingFailureAnalysisReporter  [0;39m [2m:[0;39m 


***************************
APPLICATION FAILED TO START
***************************

Description:

The dependencies of some of the beans in the application context form a cycle:

┌─────┐
|  securityConfig (field private org.springframework.security.core.userdetails.UserDetailsService strictly.cinema.config.SecurityConfig.userDetailsService)
↑     ↓
|  inMemoryUserDetailsManager defined in class path resource [org/springframework/boot/autoconfigure/security/servlet/UserDetailsServiceAutoConfiguration.class]
└─────┘


Action:

Relying upon circular references is discouraged and they are prohibited by default. Update your application to remove the dependency cycle between beans. As a last resort, it may be possible to break the cycle automatically by setting spring.main.allow-circular-references to true.

Answer 1

I have met same problem and might be helpful to you if you are using SpringBoot 2.6.x or higher version

Check at spring-cyclic-dependencies and you will find below description

SpringBoot 2.6.x does not recommend the use of circular dependencies, which is good news, SpringBoot is gradually guiding developers to write standard code from the bottom up, but also sad news, circular dependencies are too widely used.

If you upgrade from a low version to 2.6.x, then the first problem you are likely to encounter is a circular dependency problem.

and

The simplest way is to allow circular references in the global configuration file, the default value of this property is false, display the declaration as true, you can avoid the project startup console circular reference exception.

So add following code in your yaml configuration file

spring:
  main:
    allow-circular-references: true