Spring Security + CAS SSO AuthenticationManager
Question
I build a java application using Spring/Spring-Security. Without the CAS-SSO Spring implementation my application works fine. But when i implement the CAS configuration into my application and build it, i get at startup the following exception.
localhost-startStop-1 30.09.2015 13:34:48 WARN [org.springframework.web.context.support.XmlWebApplicationContext] Exception encountered during context initialization - cancelling refresh attempt
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'methodSecurityInterceptor' defined in class path resource [org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.aopalliance.intercept.MethodInterceptor]: Factory method 'methodSecurityInterceptor' threw exception; nested exception is java.lang.IllegalArgumentException: Expecting to only find a single bean for type interface org.springframework.security.authentication.AuthenticationManager, but found [org.springframework.security.config.authentication.AuthenticationManagerFactoryBean#0, org.springframework.security.authentication.ProviderManager#0, org.springframework.security.authenticationManager]
at org.springframework.beans.factory.support.ConstructorResolver.instantiateUsingFactoryMethod(ConstructorResolver.java:599) ~[spring-beans-4.1.4.RELEASE.jar:4.1.4.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.instantiateUsingFactoryMethod(AbstractAutowireCapableBeanFactory.java:1111) ~[spring-beans-4.1.4.RELEASE.jar:4.1.4.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1006) ~[spring-beans-4.1.4.RELEASE.jar:4.1.4.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:504) ~[spring-beans-4.1.4.RELEASE.jar:4.1.4.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:476) ~[spring-beans-4.1.4.RELEASE.jar:4.1.4.RELEASE]
at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:303) ~[spring-beans-4.1.4.RELEASE.jar:4.1.4.RELEASE]
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230) ~[spring-beans-4.1.4.RELEASE.jar:4.1.4.RELEASE]
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:299) ~[spring-beans-4.1.4.RELEASE.jar:4.1.4.RELEASE]
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:194) ~[spring-beans-4.1.4.RELEASE.jar:4.1.4.RELEASE]
at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:762) ~[spring-beans-4.1.4.RELEASE.jar:4.1.4.RELEASE]
at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:757) ~[spring-context-4.1.4.RELEASE.jar:4.1.4.RELEASE]
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:480) ~[spring-context-4.1.4.RELEASE.jar:4.1.4.RELEASE]
at org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext(ContextLoader.java:403) [spring-web-4.1.4.RELEASE.jar:4.1.4.RELEASE]
at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:306) [spring-web-4.1.4.RELEASE.jar:4.1.4.RELEASE]
at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:106) [spring-web-4.1.4.RELEASE.jar:4.1.4.RELEASE]
at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4720) [tomcat-embed-core-8.0.18.jar:8.0.18]
at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5154) [tomcat-embed-core-8.0.18.jar:8.0.18]
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150) [tomcat-embed-core-8.0.18.jar:8.0.18]
at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1409) [tomcat-embed-core-8.0.18.jar:8.0.18]
at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1399) [tomcat-embed-core-8.0.18.jar:8.0.18]
at java.util.concurrent.FutureTask.run(FutureTask.java:262) [na:1.7.0_60]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [na:1.7.0_60]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [na:1.7.0_60]
at java.lang.Thread.run(Thread.java:745) [na:1.7.0_60]
Caused by: org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.aopalliance.intercept.MethodInterceptor]: Factory method 'methodSecurityInterceptor' threw exception; nested exception is java.lang.IllegalArgumentException: Expecting to only find a single bean for type interface org.springframework.security.authentication.AuthenticationManager, but found [org.springframework.security.config.authentication.AuthenticationManagerFactoryBean#0, org.springframework.security.authentication.ProviderManager#0, org.springframework.security.authenticationManager]
at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:189) ~[spring-beans-4.1.4.RELEASE.jar:4.1.4.RELEASE]
at org.springframework.beans.factory.support.ConstructorResolver.instantiateUsingFactoryMethod(ConstructorResolver.java:588) ~[spring-beans-4.1.4.RELEASE.jar:4.1.4.RELEASE]
... 23 common frames omitted
Caused by: java.lang.IllegalArgumentException: Expecting to only find a single bean for type interface org.springframework.security.authentication.AuthenticationManager, but found [org.springframework.security.config.authentication.AuthenticationManagerFactoryBean#0, org.springframework.security.authentication.ProviderManager#0, org.springframework.security.authenticationManager]
at org.springframework.util.Assert.isTrue(Assert.java:65) ~[spring-core-4.1.4.RELEASE.jar:4.1.4.RELEASE]
at org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration.lazyBean(AuthenticationConfiguration.java:112) ~[spring-security-config-3.2.5.RELEASE.jar:3.2.5.RELEASE]
at org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration.getAuthenticationMangerBean(AuthenticationConfiguration.java:122) ~[spring-security-config-3.2.5.RELEASE.jar:3.2.5.RELEASE]
at org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration.getAuthenticationManager(AuthenticationConfiguration.java:81) ~[spring-security-config-3.2.5.RELEASE.jar:3.2.5.RELEASE]
at org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration.authenticationManager(GlobalMethodSecurityConfiguration.java:246) ~[spring-security-config-3.2.5.RELEASE.jar:3.2.5.RELEASE]
at org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration.methodSecurityInterceptor(GlobalMethodSecurityConfiguration.java:117) ~[spring-security-config-3.2.5.RELEASE.jar:3.2.5.RELEASE]
at org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration$$EnhancerBySpringCGLIB$$9e9ddf83.CGLIB$methodSecurityInterceptor$7(<generated>) ~[spring-core-4.1.4.RELEASE.jar:3.2.5.RELEASE]
at org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration$$EnhancerBySpringCGLIB$$9e9ddf83$$FastClassBySpringCGLIB$$a8539286.invoke(<generated>) ~[spring-core-4.1.4.RELEASE.jar:3.2.5.RELEASE]
at org.springframework.cglib.proxy.MethodProxy.invokeSuper(MethodProxy.java:228) ~[spring-core-4.1.4.RELEASE.jar:4.1.4.RELEASE]
at org.springframework.context.annotation.ConfigurationClassEnhancer$BeanMethodInterceptor.intercept(ConfigurationClassEnhancer.java:309) ~[spring-context-4.1.4.RELEASE.jar:4.1.4.RELEASE]
at org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration$$EnhancerBySpringCGLIB$$9e9ddf83.methodSecurityInterceptor(<generated>) ~[spring-core-4.1.4.RELEASE.jar:3.2.5.RELEASE]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.7.0_60]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) ~[na:1.7.0_60]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.7.0_60]
at java.lang.reflect.Method.invoke(Method.java:606) ~[na:1.7.0_60]
at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:162) ~[spring-beans-4.1.4.RELEASE.jar:4.1.4.RELEASE]
... 24 common frames omitted`
My authenticationManager declaration/configuration in spring-security-beans.xml is: <authentication-manager> <authentication-provider ref="casAuthenticationProvider" /> </authentication-manager>
Have someone a good hint for me to solve my problem?
Edit:
It's an xml and java based configuration. In the following my spring-security-beans.xml:
<beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd">
<global-method-security secured-annotations="enabled" pre-post-annotations="enabled" />
<http auto-config="true" disable-url-rewriting="true" create-session="ifRequired">
<intercept-url pattern="/pages/*" access="ROLE_UI_GENERAL, ROLE_ADMIN" />
<logout logout-success-url="/" invalidate-session="true" delete-cookies="JSESSIONID" />
<access-denied-handler ref="accessDeniedHandler" />
</http>
<authentication-manager alias="authenticationManager">
<authentication-provider ref="casAuthenticationProvider" />
</authentication-manager>
<beans:bean id="accessDeniedHandler" class="org.springframework.security.web.access.AccessDeniedHandlerImpl">
<beans:property name="errorPage" value="/error_pages/403.jsp" />
</beans:bean>
</beans:beans>
And the CAS configuration:
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity( securedEnabled = true )
@Controller
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Value( "${cas.service}" )
private String SERVER_HOST;
@Value( "${server.port}" )
private String SERVER_PORT;
@Value( "${cas.host}" )
private String CAS_AUTH;
@Value( "${cas.authpath}" )
private String CAS_AUTHPATH;
@Value( "${cas.logoutpath}" )
private String CAS_LOGOUTPATH;
@Override
protected void configure( final HttpSecurity http ) throws Exception {
http.authorizeRequests().anyRequest().authenticated();
http.csrf().disable();
http.exceptionHandling().authenticationEntryPoint( casAuthenticationEntryPoint() ).and().logout()
.logoutRequestMatcher( new AntPathRequestMatcher( "/j_spring_cas_security_logout" ) ).and() //$NON-NLS-1$
.addFilter( casAuthenticationFilter() )
.addFilterBefore( requestSingleSignOutFilter(), LogoutFilter.class );
}
@Override
public void configure( final WebSecurity web ) throws Exception {
web.ignoring().antMatchers( "/javax.faces.resource/**" ); //$NON-NLS-1$
}
@Override
protected void configure( final AuthenticationManagerBuilder auth ) throws Exception {
auth.authenticationProvider( casAuthenticationProvider() );
}
@Bean
public CasAuthenticationProvider casAuthenticationProvider() {
CasAuthenticationProvider casAuthenticationProvider = new CasAuthenticationProvider();
casAuthenticationProvider.setAuthenticationUserDetailsService( authenticationUserDetailsService() );
casAuthenticationProvider.setServiceProperties( serviceProperties() );
casAuthenticationProvider.setTicketValidator( cas20ServiceTicketValidator() );
casAuthenticationProvider.setKey( "mc_auth" ); //$NON-NLS-1$
return casAuthenticationProvider;
}
@Bean
public AuthenticationUserDetailsService authenticationUserDetailsService() {
return new CasAuthenticationUserDetailsService();
}
@Bean
public ServiceProperties serviceProperties() {
ServiceProperties serviceProperties = new ServiceProperties();
serviceProperties.setService( this.SERVER_HOST + ":" + this.SERVER_PORT + "/j_spring_cas_security_check" ); //$NON-NLS-1$ //$NON-NLS-2$
serviceProperties.setSendRenew( false );
return serviceProperties;
}
@Bean
public Cas20ServiceTicketValidator cas20ServiceTicketValidator() {
return new Cas20ServiceTicketValidator( this.CAS_AUTH );
}
@Bean
public CasAuthenticationFilter casAuthenticationFilter() throws Exception {
CasAuthenticationFilter casAuthenticationFilter = new CasAuthenticationFilter();
casAuthenticationFilter.setAuthenticationManager( authenticationManager() );
return casAuthenticationFilter;
}
@Bean
public CasAuthenticationEntryPoint casAuthenticationEntryPoint() {
CasAuthenticationEntryPoint casAuthenticationEntryPoint = new CasAuthenticationEntryPoint();
casAuthenticationEntryPoint.setLoginUrl( this.CAS_AUTH + this.CAS_AUTHPATH );
casAuthenticationEntryPoint.setServiceProperties( serviceProperties() );
return casAuthenticationEntryPoint;
}
@Bean
public LogoutFilter requestSingleSignOutFilter() {
SecurityContextLogoutHandler logoutHandler = new SecurityContextLogoutHandler();
LogoutFilter logoutFilter = new LogoutFilter( this.CAS_AUTH + this.CAS_LOGOUTPATH, logoutHandler );
logoutFilter.setLogoutRequestMatcher( new AntPathRequestMatcher( "/j_spring_cas_security_logout" ) ); //$NON-NLS-1$
return logoutFilter;
}
@RequestMapping( value = "/", method = RequestMethod.GET )
public String defaultUrl( final HttpSession session, final Model model, final HttpServletRequest request,
final HttpServletResponse response ) {
return "redirect:/pages/main"; //$NON-NLS-1$
}
1 answers
solution1
1 2015-11-06 10:19:26
you are having two spring security configuration one with xml and one with through java configuration and both are giving you AuthenticationManager bean . It is better to remove either one of them and it should work perfectly.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
Implement SSO using CAS + Spring Security
Spring Security AuthenticationManager
Infinite redirection login loop in CAS-SSO & Spring Security (SpringBoot)
Spring Security AuthenticationManager set a PasswordEncoder
Spring boot security - AuthenticationManager problem
spring security authenticationManager must be specified
Spring security. Custom AuthenticationManager
Spring Security and CAS Integration
Implementing CAS with Spring Security 3
CAS + Spring security
Related Tags