Hi, When I try to configure an application with ssl and I try to configure a management server port no using ssl, the application doesn't start. This happens adding the following config
- name: MANAGEMENT_SERVER_SSL_ENABLED
value: "false"
- name: MANAGEMENT_SERVER_PORT
value: "18080"
Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'org.springframework.web.reactive.config.DelegatingWebFluxConfiguration': Unsatisfied dependency expressed through method 'setConfigurers' parameter 0; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'org.springframework.security.config.annotation.web.reactive.ServerHttpSecurityConfiguration': Unsatisfied dependency expressed through method 'setAdapterRegistry' parameter 0; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'org.springframework.boot.autoconfigure.web.reactive.WebFluxAutoConfiguration$EnableWebFluxConfiguration': Unsatisfied dependency expressed through method 'setConfigurers' parameter 0; nested exception is org.springframework.beans.factory.BeanCurrentlyInCreationException: Error creating bean with name 'authenticationPrincipalArgumentResolverConfigurer': Requested bean is currently in creation: Is there an unresolvable circular reference?
Comment From: wilkinsona
Thanks for the report. I can see from the stack trace that you're using WebFlux and Spring Security in your app but I can't tell what else might be involved. To help us to diagnose the problem, can you please provide a minimal sample that reproduces the problem?
Comment From: dante-ricalde
Hi, I have configured the following environment variables. It's difficult for me to diagnose the problem not getting more details in the exception thrown by spring boot....
I would like to indicate that this same configuration worked ok wih spring boot 2.2.6, but when I upgraded to spring boot 2.3.0.RELEASE,,,this error appeared..
containers:
- env:
- name: AZURE_KEYVAULT_ENABLED
value: "false"
- name: SPRING_CLOUD_CONFIG_URI
value: https://xxxxxxxxxxxxxx
- name: LOGSTASH_SOCKET
value: abc:9800
- name: SPRING_PROFILES_ACTIVE
value: dev
- name: CONTAINER_SERVICE_PORT
value: "9443"
- name: MONITORING
value: "no"
- name: WILLY_AGENT_MANAGER
value: xxx:xxx
- name: WILY_HOST
value: xxx
- name: WILY_PORT
value: "5001"
- name: SPRING_RABBITMQ_HOST
value: xxx
- name: SPRING_RABBITMQ_PORT
value: "xxx"
- name: SPRING_RABBITMQ_USERNAME
valueFrom:
secretKeyRef:
key: username
name: xxxx
- name: SPRING_RABBITMQ_PASSWORD
valueFrom:
secretKeyRef:
key: xxx
name: xxxx
- name: APP_PORT
value: "9443"
- name: MONITORING_PROFILE
value: -javaagent:/opt/wily/Agent.jar,-Dcom.wily.introscope.agentProfile=/opt/wily/core/config/IntroscopeAgent.profile
- name: ENVIRONMENT
value: dev
- name: LOGGING_LEVEL_ORG_SPRINGFRAMEWORK_SECURITY
value: DEBUG
- name: KEYSTORE_PATH
value: file:/tmp/cacerts
- name: KEYSTORE_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: keystore-password
- name: JAVA_OPTS
value: -Djava.awt.headless=true,-Xms768m,-Xmx768m,-XX:+UseG1GC,-XX:+DisableExplicitGC,-XshowSettings:properties,
-XX:+UnlockExperimentalVMOptions,-XX:+UseCGroupMemoryLimitForHeap,-XX:MaxRAMFraction=1,-Dvertx.cacheDirBase=/tmp/vertx-cache
- name: XXXX_NAMESPACE
value: xxx
- name: XXX_CONFIG_SERVER_SECRET
value: config-server-starter
- name: SPRING_CLOUD_KUBERNETES_SECRETS_ENABLEAPI
value: "true"
- name: SSL
value: "yes"
- name: SPRING_CLOUD_CONFIG_PROFILE
value: dev
- name: SPRING_CLOUD_CONFIG_LABEL
value: xxx
- name: SERVER_SSL_KEYSTORE
value: file:xxx
- name: SERVER_SSL_KEYSTOREPASSWORD
value: changeit
- name: SERVER_SSL_KEYSTORETYPE
value: PKCS12
- name: SERVER_SSL_KEYALIAS
value: xxx
- name: SECURITY_REQUIRESSL
value: "true"
- name: MANAGEMENT_SECURITY_ENABLED
value: "false"
- name: MANAGEMENT_SERVER_SSL_ENABLED
value: "false"
- name: MANAGEMENT_SERVER_PORT
value: "18080"
- name: SERVER_SSL_PROTOCOL
value: TLS
- name: SERVER_SSL_ENABLEDPROTOCOLS
value: TLSv1.2
- name: INTERNAL_SSL
value: "yes"
- name: LOCAL_DOMAIN
value: \S*(svc.cluster.local)$
Comment From: wilkinsona
Thanks, but we need more than that. Knowing how you've configured your app isn't enough if we don't know what's in your app and is therefore being configured. You haven't even said which version of Spring Boot you're using.
If you would like us to spend some more time investigating and trying to help you, you will have to spend some time to create a minimal sample that reproduces the problem.
Comment From: dante-ricalde
I would like to indicate that this same configuration worked ok wih spring boot 2.2.6, but when I upgraded to spring boot 2.3.0.RELEASE,,,this error appeared..
Comment From: snicoll
@dante-ricalde you already mentioned that in another comment. As Andy requested, please provide a minimal sample that reproduces the problem.
Comment From: dante-ricalde
Hi, I could reproduce the problem, It's when the global lazy initialization is enabled.
spring: main: allow-bean-definition-overriding: true lazy-initialization: true
and I add these two dependencies in pom to a demo project:
How can I attach the same project? Can i upload a zip??? Could you please help me to diagnose the problem?? Thanks and regards.
Comment From: dante-ricalde
I attach the link with the zip project in my own repo
https://github.com/dante-ricalde/tests/blob/master/demo.zip
Comment From: dante-ricalde
I want to indicate that I have also tried with the following dependencies and the same error occurs
But, I also want to indicate that removing the property spring.main.lazy-initialization=true my application started ok...But I would like to use the global lazy initialization ...
Thanks for your help.
Comment From: wilkinsona
Thanks for the sample. For reference, the problem can be reproduced with the following dependencies:
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-actuator</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-webflux</artifactId>
</dependency>
And the following properties:
spring.main.lazy-initialization=true
There's no need for a dependency on spring-cloud-starter-kubernetes-* or any bootstrap.yaml configuration.
The circular reference occurs because Spring Security's ServerHttpSecurityConfiguration produces a bean, authenticationPrincipalArgumentResolverConfigurer, that is consumed by DelegatingWebFluxConfiguration while also consuming a bean, webFluxAdapterRegistry, that is produced by DelegatingWebFluxConfiguration.
When lazy initialization is not enabled the eager initialization of errorWebExceptionHandler leads to a chain of bean initialization where the cycle does not occur. When lazy initialization is enabled, the chain of bean initialization is different and the cycle described above occurs. I'm not entirely sure why this is happening as I would expect the cycle to either always be breakable or always result in a failure. Regardless, I think the cycle could probably be broken by reworking ServerHttpSecurityConfiguration.
@dante-ricalde Can you please open a Spring Security issue referencing this one? I'll close this issue for now in the hope that the cycle can be broken in ServerHttpSecurityConfiguration. We can re-open if we need to try and work around the problem in Spring Boot instead.
Comment From: dante-ricalde
Thanks for the sample. For reference, the problem can be reproduced with the following dependencies:
<dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-actuator</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-security</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-webflux</artifactId> </dependency>And the following properties:
spring.main.lazy-initialization=trueThere's no need for a dependency on
spring-cloud-starter-kubernetes-*or anybootstrap.yamlconfiguration.The circular reference occurs because Spring Security's
ServerHttpSecurityConfigurationproduces a bean,authenticationPrincipalArgumentResolverConfigurer, that is consumed byDelegatingWebFluxConfigurationwhile also consuming a bean,webFluxAdapterRegistry, that is produced byDelegatingWebFluxConfiguration.When lazy initialization is not enabled the eager initialization of
errorWebExceptionHandlerleads to a chain of bean initialization where the cycle does not occur. When lazy initialization is enabled, the chain of bean initialization is different and the cycle described above occurs. I'm not entirely sure why this is happening as I would expect the cycle to either always be breakable or always result in a failure. Regardless, I think the cycle could probably be broken by reworkingServerHttpSecurityConfiguration.@dante-ricalde Can you please open a Spring Security issue referencing this one? I'll close this issue for now in the hope that the cycle can be broken in
ServerHttpSecurityConfiguration. We can re-open if we need to try and work around the problem in Spring Boot instead.
Thanks for your help @wilkinsona, I have opened a issue to spring security