Describe the bug
***************************
APPLICATION FAILED TO START
***************************
Description:
The bean 'webAuthorizationManagerPostProcessor', defined in class path resource [org/springframework/security/config/annotation/web/configuration/ObservationConfiguration.class], could not be registered. A bean with that name has already been defined in class path resource [org/springframework/security/config/annotation/web/socket/WebSocketObservationConfiguration.class] and overriding is disabled.
Action:
Consider renaming one of the beans or enabling overriding by setting spring.main.allow-bean-definition-overriding=true
the naming conflict is between: * https://github.com/spring-projects/spring-security/blob/6.4.0-RC1/config/src/main/java/org/springframework/security/config/annotation/web/configuration/ObservationConfiguration.java#L48 * https://github.com/spring-projects/spring-security/blob/6.4.0-RC1/config/src/main/java/org/springframework/security/config/annotation/web/socket/WebSocketObservationConfiguration.java#L44
To Reproduce
* create an empty boot-3.4.0-RC1 app with spring-web, spring-security, spring-websocket
* add spring-security-messaging as dependency
* add @EnableWebSocketSecurity
Expected behavior
app starts
Sample
sample app will be referenced asap, thank you!
Comment From: ngocnhan-tran1996
@zyro23
I add @EnableWebSocket to file *Application.java and app starts
Comment From: zyro23
hmm.. just added @EnableWebSocket to DemoApplication from the sample app but still getting the same error?
(gradle-) cleaned the project, re-ran multiple times.
diff
Index: src/main/java/com/example/demo/DemoApplication.java
<+>UTF-8
===================================================================
diff --git a/src/main/java/com/example/demo/DemoApplication.java b/src/main/java/com/example/demo/DemoApplication.java
--- a/src/main/java/com/example/demo/DemoApplication.java (revision 3ff50e46fc8852dc867b458892b65cb98b01f9a5)
+++ b/src/main/java/com/example/demo/DemoApplication.java (date 1730308768835)
@@ -3,7 +3,9 @@
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.security.config.annotation.web.socket.EnableWebSocketSecurity;
+import org.springframework.web.socket.config.annotation.EnableWebSocket;
+@EnableWebSocket
@EnableWebSocketSecurity
@SpringBootApplication
public class DemoApplication {
console out (same failure)
2024-10-30T18:19:58.219+01:00 ERROR 15800 --- [demo] [ main] o.s.b.d.LoggingFailureAnalysisReporter :
***************************
APPLICATION FAILED TO START
***************************
Description:
The bean 'webAuthorizationManagerPostProcessor', defined in class path resource [org/springframework/security/config/annotation/web/configuration/ObservationConfiguration.class], could not be registered. A bean with that name has already been defined in class path resource [org/springframework/security/config/annotation/web/socket/WebSocketObservationConfiguration.class] and overriding is disabled.
Action:
Consider renaming one of the beans or enabling overriding by setting spring.main.allow-bean-definition-overriding=true
4 actionable tasks: 4 executed
FAILURE: Build failed with an exception.
to make sure this is not a "runs-on-my-machine" kinda issue:
* i pushed a second branch enable-web-socket to the sample repo, enabled github actions and added @EnableWebSocket
* https://github.com/zyro23/spring-security-16011/commit/a7dd7896311943add7bbdb9c8c01464f81cde18d
* the corresponding test workflow fails with the same error
* https://github.com/zyro23/spring-security-16011/actions/runs/11599033133/job/32296266726#step:4:32
Comment From: ngocnhan-tran1996
@zyro23
My bad, I work with wrong version, I confirm this version throws error
Comment From: kalgon
Can this issue be investigated before the releases of spring-security 6.4.0 and spring-boot 3.4.0 scheduled for next week? This problem breaks applications using both web and web sockets stacks.
Comment From: jzheaux
@kalgon, I'm sorry that this didn't get it before the 6.4 release. The fix will go out in the 6.4.1 release. I'll consult with the team to see if we can get it moved up.
In the meantime, are you able to set spring.main.allow-bean-definition-overriding to true?
If not, while not ideal, you can remove @EnableWebSocketSecurity, copy MessageMatcherAuthorizationManagerConfiguration and WebSocketMessageBrokerSecurityConfiguration into your project, and import them directly.
I've added https://github.com/spring-projects/spring-security-samples/issues/338 to catch things like this in the future.
Comment From: jzheaux
Closed in favor of #16113