Skip to content

Spring Security Circular Bean Dependency #4489

New issue
New issue
Closed
Closed
Spring Security Circular Bean Dependency#4489
Assignees
rwinch
Labels
in: configAn issue in spring-security-configtype: bugA general bug
Milestone
5.0.0.M4
@aemaem

Description

@aemaem
aemaem
opened on Aug 9, 2017

Summary

Spring Security has a circular bean dependency in org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration.

Actual Behavior

When running the sample (./gradlew bootRun) with setting "allow circular references" to false the application will fail to start.

The dependencies of some of the beans in the application context form a cycle:

┌─────┐
|  org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration
└─────┘

Background

In our client's deployment they encountered a circular bean dependency in our own code (also a Spring Boot Project). We could not reproduce the issue, which is why we would like to check strictly on circular bean dependencies.

Expected Behavior

Resolved circular bean dependency.

Configuration

Set "allow circular references" to false.

new SpringApplicationBuilder(SecurityCycleBeanDependencyApplication.class)
    .initializers((ApplicationContextInitializer<GenericApplicationContext>) applicationContext -> applicationContext.setAllowCircularReferences(false))
    .run(args);

Version

Spring Boot 1.5.6
with Spring Security and Spring Web

Sample

https://github.com/aemaem/security-cycle-bean-dependency

Metadata

Metadata

Assignees

Labels

in: configAn issue in spring-security-configtype: bugA general bug

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions