[keycloak-dev] There is already a httpSessionManager

Zed Spencer-Milnes zed at digitaltreemedia.co.uk
Mon Nov 12 19:29:29 EST 2018 

This is due to new behaviour in Spring Boot 2.1 surrounding duplicate definition of beans. Release note: https://github.com/spring-projects/spring-boot/wiki/Spring-Boot-2.1-Release-Notes#bean-overriding

Overriding beans is required to follow the current documentation on integrating Keycloak into your Spring Boot app.

You can reenable this behaviour by including the following in your application.yml:
spring:
    main:
        allow-bean-definition-overriding: true

Or spring.main.allow-bean-definition-overriding=true in your application.properties.

Hope this helps.

Regards,
Zed

> On 13 Nov 2018, at 00:17, Calixto Meleán <cmelean at gmail.com> wrote:
> 
> I’m doing a simple tutorial with SpringBoot 2.1.0 and KeyCloack 4.5.0. When I start my app, I am getting the error below. It’s like the session manager bean is being registered more than once.
> 
> org.springframework.beans.factory.support.BeanDefinitionOverrideException: Invalid bean definition with name 'httpSessionManager' defined in class path resource [com/example/demo/configuration/SecurityConfig.class]: Cannot register bean definition [Root bean: class [null]; scope=; abstract=false; lazyInit=false; autowireMode=3; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=securityConfig; factoryMethodName=httpSessionManager; initMethodName=null; destroyMethodName=(inferred); defined in class path resource [com/example/demo/configuration/SecurityConfig.class]] for bean 'httpSessionManager': There is already [Generic bean: class [org.keycloak.adapters.springsecurity.management.HttpSessionManager]; scope=singleton; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null; defined in URL [jar:file:/Users/bigcat/.m!
> 2/repository/org/keycloak/keycloak-spring-security-adapter/4.5.0.Final/keycloak-spring-security-adapter-4.5.0.Final.jar!/org/keycloak/adapters/springsecurity/management/HttpSessionManager.class]] bound.
> 
> Relevant maven dependencies I have are:
> 
> <dependency>
> <groupId>org.keycloak</groupId>
> <artifactId>keycloak-spring-boot-starter</artifactId>
> <version>${keycloak.version}</version>
> </dependency>
> 
> <dependency>
> <groupId>org.springframework.boot</groupId>
> <artifactId>spring-boot-starter-security</artifactId>
> </dependency>
> 
> SecurityConfig.class is:
> 
> @KeycloakConfiguration
> public class SecurityConfig extends KeycloakWebSecurityConfigurerAdapter {
> 
>  @Bean
>  public KeycloakConfigResolver KeycloakConfigResolver() {
>      return new KeycloakSpringBootConfigResolver();
>  }
> 
>  /**
>   * Registers the KeycloakAuthenticationProvider with the authentication manager.
>   */
>  @Autowired
>  public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
>      auth.authenticationProvider(keycloakAuthenticationProvider());
>  }
> 
>  /**
>   * Defines the session authentication strategy.
>   */
>  @Bean
>  @Override
>  protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
>      return new RegisterSessionAuthenticationStrategy(new SessionRegistryImpl());
>  }
> 
>  @Override
>  protected void configure(HttpSecurity http) throws Exception
>  {
>      super.configure(http);
>      http
>              .authorizeRequests()
>              .antMatchers("/customers*").hasRole("pharmacist")
>              .anyRequest().permitAll();
>  }
> }
> 
> 
> Appreciate any help. Thanks
> 
> 
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev

More information about the keycloak-dev mailing list