[keycloak-user] [keycloak-dev] There is already a httpSessionManager
Thomas Darimont
thomas.darimont at googlemail.com
Tue Nov 13 03:42:36 EST 2018
Hello Calixto,
this is more a question for keycloak-user instead of keycloak-dev.
There are some issues with Spring Security and the latest version of the
keycloak spring-boot / spring-security adapter 4.5.0.Final.
You can have a look at the following two examples for a working
configuration.
see:
https://github.com/thomasdarimont/wjax2018-spring-keycloak/tree/master/demos
- spring-boot-2-frontend
- spring-boot-2-backend
The examples are currently using
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.0.6.RELEASE</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
but the configuration works as well with
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.1.0.RELEASE</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
in combination with the following setting in application.yml /
application.properties:
spring:
main:
allow-bean-definition-overriding: true
which seems to be required since Spring Boot 2.1
Cheers,
Thomas
Am Di., 13. Nov. 2018 um 01:18 Uhr schrieb Calixto Meleán <cmelean at gmail.com
>:
> I’m doing a simple tutorial with SpringBoot 2.1.0 and KeyCloack 4.5.0.
> When I start my app, I am getting the error below. It’s like the session
> manager bean is being registered more than once.
>
> org.springframework.beans.factory.support.BeanDefinitionOverrideException:
> Invalid bean definition with name 'httpSessionManager' defined in class
> path resource [com/example/demo/configuration/SecurityConfig.class]: Cannot
> register bean definition [Root bean: class [null]; scope=; abstract=false;
> lazyInit=false; autowireMode=3; dependencyCheck=0; autowireCandidate=true;
> primary=false; factoryBeanName=securityConfig;
> factoryMethodName=httpSessionManager; initMethodName=null;
> destroyMethodName=(inferred); defined in class path resource
> [com/example/demo/configuration/SecurityConfig.class]] for bean
> 'httpSessionManager': There is already [Generic bean: class
> [org.keycloak.adapters.springsecurity.management.HttpSessionManager];
> scope=singleton; abstract=false; lazyInit=false; autowireMode=0;
> dependencyCheck=0; autowireCandidate=true; primary=false;
> factoryBeanName=null; factoryMethodName=null; initMethodName=null;
> destroyMethodName=null; defined in URL [jar:file:/Users/bigcat/.m!
> 2/repository/org/keycloak/keycloak-spring-security-adapter/4.5.0.Final/keycloak-spring-security-adapter-4.5.0.Final.jar!/org/keycloak/adapters/springsecurity/management/HttpSessionManager.class]]
> bound.
>
> Relevant maven dependencies I have are:
>
> <dependency>
> <groupId>org.keycloak</groupId>
> <artifactId>keycloak-spring-boot-starter</artifactId>
> <version>${keycloak.version}</version>
> </dependency>
>
> <dependency>
> <groupId>org.springframework.boot</groupId>
> <artifactId>spring-boot-starter-security</artifactId>
> </dependency>
>
> SecurityConfig.class is:
>
> @KeycloakConfiguration
> public class SecurityConfig extends KeycloakWebSecurityConfigurerAdapter {
>
> @Bean
> public KeycloakConfigResolver KeycloakConfigResolver() {
> return new KeycloakSpringBootConfigResolver();
> }
>
> /**
> * Registers the KeycloakAuthenticationProvider with the authentication
> manager.
> */
> @Autowired
> public void configureGlobal(AuthenticationManagerBuilder auth) throws
> Exception {
> auth.authenticationProvider(keycloakAuthenticationProvider());
> }
>
> /**
> * Defines the session authentication strategy.
> */
> @Bean
> @Override
> protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
> return new RegisterSessionAuthenticationStrategy(new
> SessionRegistryImpl());
> }
>
> @Override
> protected void configure(HttpSecurity http) throws Exception
> {
> super.configure(http);
> http
> .authorizeRequests()
> .antMatchers("/customers*").hasRole("pharmacist")
> .anyRequest().permitAll();
> }
> }
>
>
> Appreciate any help. Thanks
>
>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
More information about the keycloak-user
mailing list