You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
ServerHttpSecurityConfiguration defines a WebFluxConfigurer bean while also injecting a ReactiveAdapterRegistry. The ReactiveAdapterRegistry is defined by WebFluxConfigurationSupport but WebFluxConfigurationSupport also needs to be initialized with every WebFluxConfigurer bean. This creates a cycle between the two configuration classes. Framework is able to mask this cycle when the bean factory is configured to allow circular references. When circular references are prohibited, application context refresh fails with a BeanCurrentlyInCreationException.
To Reproduce
Run that attached sample with ./gradlew bootRun or import it into your IDE and run the main method.
Expected behavior
Spring Security can be used with WebFlux when the bean factory is configured to prohibit circular references.
A workaround could be to move the authenticationPrincipalArgumentResolverConfigurer to a different configuration.
That would prevent the error on startup, but a cycle would still exist.
I will discuss with the team and provide an update.
Thanks for the update, Ria. It looks like #8613 was an attempt to work around the underlying behaviour in Framework. I wonder if that could be taken a step further, perhaps by making authenticationPrincipalArgumentResolverConfigurerstatic?
Describe the bug
ServerHttpSecurityConfiguration
defines aWebFluxConfigurer
bean while also injecting aReactiveAdapterRegistry
. TheReactiveAdapterRegistry
is defined byWebFluxConfigurationSupport
butWebFluxConfigurationSupport
also needs to be initialized with everyWebFluxConfigurer
bean. This creates a cycle between the two configuration classes. Framework is able to mask this cycle when the bean factory is configured to allow circular references. When circular references are prohibited, application context refresh fails with aBeanCurrentlyInCreationException
.To Reproduce
Run that attached sample with
./gradlew bootRun
or import it into your IDE and run the main method.Expected behavior
Spring Security can be used with WebFlux when the bean factory is configured to prohibit circular references.
Sample
webflux-security-dependency-cycle.zip
The text was updated successfully, but these errors were encountered: