"Could not wire ResourceServerTokenServices" error

[jonasflesch]

We have been using 2.0.4.SNAPSHOT version, but since we upgraded to 2.0.5-RELEASE we are receiving this error:

Could not wire ResourceServerTokenServices: please create a bean definition and mark it as @Primary.

Debugging, I found that the exception was caused by:

org.springframework.beans.factory.NoUniqueBeanDefinitionException:
No qualifying bean of type [org.springframework.security.oauth2.provider.token.ResourceServerTokenServices] is defined:
expected single matching bean but found 2:
consumerTokenServices,
defaultAuthorizationServerTokenServices

(code added on commit 45505c6)

[jonasflesch]

I really don't see the point in always registering the default one here. In my case it is adding the default and another created by the configurer, resulting in the duplication error:
https://github.com/spring-projects/spring-security-oauth/blob/fad4785a59d684a78cb9bed6adee41c6fb07a766/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/AuthorizationServerEndpointsConfiguration.java#L126-141

[dsyer]

I agree it is not ideal yet, but the various token services might not always be the same instance of DefaultTokenServices. You can easily get the one you need by using a @Qualilfier (that's what I have been doing while I think about a better way of exposing them in the framework).

[gauravlanjekar]

Hello,
I am also facing the same issue here.

The problem is that when I use spring OAuth 2.0.5.Release along with spring-orm. And have @EnableGlobalMethodSecurity(prePostEnabled = true, proxyTargetClass = true) as a configuration.

The test to load the application context fails. The application works fine when I Run it. Only the tests fail.

After Debugging I figured out the problem was with this part of the code

private ResourceServerTokenServices resolveTokenServices() {
        if (tokenServices == null || tokenServices.length == 0) {
            return null;
        }
        if (tokenServices.length == 1) {
            return tokenServices[0];
        }
        if (tokenServices.length == 2 && tokenServices[0] == tokenServices[1]) {
            return tokenServices[0];
        }
        try {
            TokenServicesConfiguration bean = context.getAutowireCapableBeanFactory().createBean(
                    TokenServicesConfiguration.class);
            return bean.services;
        }
        catch (BeanCreationException e) {
            throw new IllegalStateException(
                    "Could not wire ResourceServerTokenServices: please create a bean definition and mark it as @Primary.");
        }
    }

the condition
if (tokenServices.length == 2 && tokenServices[0] == tokenServices[1]) {
fails because the tokenservices array contains two beans which are proxied by Cglib and do not equate.

I have created a test project on which the tests fail. It is a fork of the sparklr-boot project.
https://github.com/gauravlanjekar/sparklr-boot

@dsyer I would really appreciate any help on this. Or a even a work around :)

Thanks in advance

[dsyer]

@gauravlanjekar that last change fixes your app, but possibly not the original problem (if not please open another ticket).

[mrethers]

I've had the exact same issue with @EnableTransactionManagement. I end up with [1] DefaultTokenServices (id=97) and [0] DefaultTokenServices$$EnhancerBySpringCGLIB$$765d443b (id=161). When removing the annotation, I end up with two beans but that are indeed equal. I have not found a solution to that problem yet. The two following lines create the two beans:

       @Bean
    public ConsumerTokenServices consumerTokenServices() throws Exception {
        return getEndpointsConfigurer().getConsumerTokenServices();
    }

    /**
     * This needs to be a <code>@Bean</code> so that it can be <code>@Transactional</code> (in case the token store
     * supports them). If you are overriding the token services in an {@link AuthorizationServerConfigurer} consider
     * making it a <code>@Bean</code> for the same reason (assuming you need transactions, e.g. for a JDBC token store).
     * 
     * @return an AuthorizationServerTokenServices
     */
    @Bean
    public AuthorizationServerTokenServices defaultAuthorizationServerTokenServices() {
        return endpoints.getDefaultAuthorizationServerTokenServices();
    }

It's strange because I'm not overriding the tokenservices so only one is created through the createDefaultTokenServices() method and I verified that the consumerTokenServices() and getDefaultAuthorizationServerTokenServices() return the same instance but then only one of the bean is proxied, how is that?

I'm using 2.0.6.

[xenoterracide]

same problem, though we have 3... (2.0.15), because we're defining our own. fixed it by overriding the bean name of one that it was looking for.

private static final String TOKEN_SERVICES = "defaultAuthorizationServerTokenServices";


@Bean(TOKEN_SERVICES)
DefaultTokenServices tokenServices( final DataSource dataSource ) {
    DefaultTokenServices tokenServices = new DefaultTokenServices();
    tokenServices.setTokenStore( tokenStore( dataSource ) );
    tokenServices.setTokenEnhancer( tokenEnhancer() );
    tokenServices.setClientDetailsService( clientDetails( dataSource ) );
    tokenServices.setSupportRefreshToken( true );
    return tokenServices;
}

seems like a very fragile workaround though.