[keycloak-user] [keycloak-dev] There is already a httpSessionManager

Thomas Darimont thomas.darimont at googlemail.com
Tue Nov 13 03:42:36 EST 2018 

Hello Calixto,

this is more a question for keycloak-user instead of keycloak-dev.

There are some issues with Spring Security and the latest version of the
keycloak spring-boot / spring-security adapter 4.5.0.Final.
You can have a look at the following two examples for a working
configuration.

see:
https://github.com/thomasdarimont/wjax2018-spring-keycloak/tree/master/demos
- spring-boot-2-frontend
- spring-boot-2-backend

The examples are currently using
    <parent>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-parent</artifactId>
        <version>2.0.6.RELEASE</version>
        <relativePath/> <!-- lookup parent from repository -->
    </parent>

but the configuration works as well with

    <parent>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-parent</artifactId>
        <version>2.1.0.RELEASE</version>
        <relativePath/> <!-- lookup parent from repository -->
    </parent>

in combination with the following setting in application.yml /
application.properties:

spring:
  main:
    allow-bean-definition-overriding: true

which seems to be required since Spring Boot 2.1

Cheers,
Thomas

Am Di., 13. Nov. 2018 um 01:18 Uhr schrieb Calixto Meleán <cmelean at gmail.com
>:

> I’m doing a simple tutorial with SpringBoot 2.1.0 and KeyCloack 4.5.0.
> When I start my app, I am getting the error below. It’s like the session
> manager bean is being registered more than once.
>
> org.springframework.beans.factory.support.BeanDefinitionOverrideException:
> Invalid bean definition with name 'httpSessionManager' defined in class
> path resource [com/example/demo/configuration/SecurityConfig.class]: Cannot
> register bean definition [Root bean: class [null]; scope=; abstract=false;
> lazyInit=false; autowireMode=3; dependencyCheck=0; autowireCandidate=true;
> primary=false; factoryBeanName=securityConfig;
> factoryMethodName=httpSessionManager; initMethodName=null;
> destroyMethodName=(inferred); defined in class path resource
> [com/example/demo/configuration/SecurityConfig.class]] for bean
> 'httpSessionManager': There is already [Generic bean: class
> [org.keycloak.adapters.springsecurity.management.HttpSessionManager];
> scope=singleton; abstract=false; lazyInit=false; autowireMode=0;
> dependencyCheck=0; autowireCandidate=true; primary=false;
> factoryBeanName=null; factoryMethodName=null; initMethodName=null;
> destroyMethodName=null; defined in URL [jar:file:/Users/bigcat/.m!
> 2/repository/org/keycloak/keycloak-spring-security-adapter/4.5.0.Final/keycloak-spring-security-adapter-4.5.0.Final.jar!/org/keycloak/adapters/springsecurity/management/HttpSessionManager.class]]
> bound.
>
> Relevant maven dependencies I have are:
>
> <dependency>
>  <groupId>org.keycloak</groupId>
>  <artifactId>keycloak-spring-boot-starter</artifactId>
>  <version>${keycloak.version}</version>
> </dependency>
>
> <dependency>
>  <groupId>org.springframework.boot</groupId>
>  <artifactId>spring-boot-starter-security</artifactId>
> </dependency>
>
> SecurityConfig.class is:
>
> @KeycloakConfiguration
> public class SecurityConfig extends KeycloakWebSecurityConfigurerAdapter {
>
>   @Bean
>   public KeycloakConfigResolver KeycloakConfigResolver() {
>       return new KeycloakSpringBootConfigResolver();
>   }
>
>   /**
>    * Registers the KeycloakAuthenticationProvider with the authentication
> manager.
>    */
>   @Autowired
>   public void configureGlobal(AuthenticationManagerBuilder auth) throws
> Exception {
>       auth.authenticationProvider(keycloakAuthenticationProvider());
>   }
>
>   /**
>    * Defines the session authentication strategy.
>    */
>   @Bean
>   @Override
>   protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
>       return new RegisterSessionAuthenticationStrategy(new
> SessionRegistryImpl());
>   }
>
>   @Override
>   protected void configure(HttpSecurity http) throws Exception
>   {
>       super.configure(http);
>       http
>               .authorizeRequests()
>               .antMatchers("/customers*").hasRole("pharmacist")
>               .anyRequest().permitAll();
>   }
> }
>
>
> Appreciate any help. Thanks
>
>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev

More information about the keycloak-user mailing list