Ninad Divadkar (Migrated from SEC-3176) said:
when I disallow circularReferences in the project, Spring-security throws an exception. Here is how I start up the application
{{ConfigurableApplicationContext ctx = new SpringApplicationBuilder(Application.class)
.initializers(new ApplicationContextInitializer
Working code is here - https://github.com/nsdiv/gs-spring-boot
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration': Injection of autowired dependencies failed; nested exception is org.springframework.beans.factory.BeanCreationException: Could not autowire method: public void org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration.setFilterChainProxySecurityConfigurer(org.springframework.security.config.annotation.ObjectPostProcessor,java.util.List) throws java.lang.Exception; nested exception is org.springframework.beans.factory.BeanExpressionException: Expression parsing failed; nested exception is org.springframework.expression.spel.SpelEvaluationException: EL1058E:(pos 1): A problem occurred when trying to resolve bean 'autowiredWebSecurityConfigurersIgnoreParents':'Could not resolve bean reference against BeanFactory' at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor.postProcessPropertyValues(AutowiredAnnotationBeanPostProcessor.java:334) ~[spring-beans-4.2.3.RELEASE.jar:4.2.3.RELEASE] at at org.springframework.boot.builder.SpringApplicationBuilder.run(SpringApplicationBuilder.java:134) [spring-boot-1.3.0.RELEASE.jar:1.3.0.RELEASE] at hello.Application.main(Application.java:23) [classes/:na] Caused by: org.springframework.beans.factory.BeanCreationException: Could not autowire method: public void org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration.setFilterChainProxySecurityConfigurer(org.springframework.security.config.annotation.ObjectPostProcessor,java.util.List) throws java.lang.Exception; nested exception is org.springframework.beans.factory.BeanExpressionException: Expression parsing failed; nested exception is org.springframework.expression.spel.SpelEvaluationException: EL1058E:(pos 1): A problem occurred when trying to resolve bean 'autowiredWebSecurityConfigurersIgnoreParents':'Could not resolve bean reference against BeanFactory' at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredMethodElement.inject(AutowiredAnnotationBeanPostProcessor.java:661) ~[spring-beans-4.2.3.RELEASE.jar:4.2.3.RELEASE] at org.springframework.beans.factory.annotation.InjectionMetadata.inject(InjectionMetadata.java:88) ~[spring-beans-4.2.3.RELEASE.jar:4.2.3.RELEASE] at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor.postProcessPropertyValues(AutowiredAnnotationBeanPostProcessor.java:331) ~[spring-beans-4.2.3.RELEASE.jar:4.2.3.RELEASE] ... 16 common frames omitted Caused by: org.springframework.beans.factory.BeanExpressionException: Expression parsing failed; nested exception is org.springframework.expression.spel.SpelEvaluationException: EL1058E:(pos 1): A problem occurred when trying to resolve bean 'autowiredWebSecurityConfigurersIgnoreParents':'Could not resolve bean reference against BeanFactory' at org.springframework.context.expression.StandardBeanExpressionResolver.evaluate(StandardBeanExpressionResolver.java:164) ~[spring-context-4.2.3.RELEASE.jar:4.2.3.RELEASE] at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredMethodElement.inject(AutowiredAnnotationBeanPostProcessor.java:618) ~[spring-beans-4.2.3.RELEASE.jar:4.2.3.RELEASE] ... 18 common frames omitted Caused by: org.springframework.expression.spel.SpelEvaluationException: EL1058E:(pos 1): A problem occurred when trying to resolve bean 'autowiredWebSecurityConfigurersIgnoreParents':'Could not resolve bean reference against BeanFactory' at org.springframework.expression.spel.ast.BeanReference.getValueInternal(BeanReference.java:56) ~[spring-expression-4.2.3.RELEASE.jar:4.2.3.RELEASE]
Comment From: jzheaux
Thanks for the report.
This is no longer an issue in the latest Spring Security. When I use the latest Spring Boot Guides sample and set it allowCircularReferences to false, the issue does not occur. In addition to Boot 2.5.0, I also tried this with 2.3.0 and 2.4.0.
It appears that the reporter was using Boot 1.x and Security 4.2.x versions, which are no longer supported. However, if a user is still experiencing this on a supported branch, please feel free to reopen and we can take a look.
Comment From: jzheaux
Related to https://github.com/spring-projects/spring-security/issues/3317