2:42 a.m.
Hello Calixto,
this is more a question for keycloak-user instead of keycloak-dev.
There are some issues with Spring Security and the latest version of the
keycloak spring-boot / spring-security adapter 4.5.0.Final.
You can have a look at the following two examples for a working
configuration.
see:
https://github.com/thomasdarimont/wjax2018-spring-keycloak/tree/master/demos
- spring-boot-2-frontend
- spring-boot-2-backend
The examples are currently using
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.0.6.RELEASE</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
but the configuration works as well with
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.1.0.RELEASE</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
in combination with the following setting in application.yml /
application.properties:
spring:
main:
allow-bean-definition-overriding: true
which seems to be required since Spring Boot 2.1
Cheers,
Thomas
Am Di., 13. Nov. 2018 um 01:18 Uhr schrieb Calixto Meleán <cmelean(a)gmail.com
:
I’m doing a simple tutorial with SpringBoot 2.1.0 and KeyCloack
4.5.0.
When I start my app, I am getting the error below. It’s like the session
manager bean is being registered more than once.
org.springframework.beans.factory.support.BeanDefinitionOverrideException:
Invalid bean definition with name 'httpSessionManager' defined in class
path resource [com/example/demo/configuration/SecurityConfig.class]: Cannot
register bean definition [Root bean: class [null]; scope=; abstract=false;
lazyInit=false; autowireMode=3; dependencyCheck=0; autowireCandidate=true;
primary=false; factoryBeanName=securityConfig;
factoryMethodName=httpSessionManager; initMethodName=null;
destroyMethodName=(inferred); defined in class path resource
[com/example/demo/configuration/SecurityConfig.class]] for bean
'httpSessionManager': There is already [Generic bean: class
[org.keycloak.adapters.springsecurity.management.HttpSessionManager];
scope=singleton; abstract=false; lazyInit=false; autowireMode=0;
dependencyCheck=0; autowireCandidate=true; primary=false;
factoryBeanName=null; factoryMethodName=null; initMethodName=null;
destroyMethodName=null; defined in URL [jar:file:/Users/bigcat/.m!
2/repository/org/keycloak/keycloak-spring-security-adapter/4.5.0.Final/keycloak-spring-security-adapter-4.5.0.Final.jar!/org/keycloak/adapters/springsecurity/management/HttpSessionManager.class]]
bound.
Relevant maven dependencies I have are:
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-spring-boot-starter</artifactId>
<version>${keycloak.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
SecurityConfig.class is:
@KeycloakConfiguration
public class SecurityConfig extends KeycloakWebSecurityConfigurerAdapter {
@Bean
public KeycloakConfigResolver KeycloakConfigResolver() {
return new KeycloakSpringBootConfigResolver();
}
/**
* Registers the KeycloakAuthenticationProvider with the authentication
manager.
*/
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws
Exception {
auth.authenticationProvider(keycloakAuthenticationProvider());
}
/**
* Defines the session authentication strategy.
*/
@Bean
@Override
protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
return new RegisterSessionAuthenticationStrategy(new
SessionRegistryImpl());
}
@Override
protected void configure(HttpSecurity http) throws Exception
{
super.configure(http);
http
.authorizeRequests()
.antMatchers("/customers*").hasRole("pharmacist")
.anyRequest().permitAll();
}
}
Appreciate any help. Thanks
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev