Describe the bug
The application fails to start due to a conflict between two beans required by the declare Bean SecurityFilterChain. The method expects a single bean, but two candidates are found:
-
webSocketAuthorizationManagerPostProcessor
Defined in:WebSocketObservationConfiguration.class -
objectPostProcessor
Defined in:ObjectPostProcessorConfiguration.class
This conflict causes Spring to throw an error during startup, indicating an inability to resolve the ambiguity.
This issue occurs in Spring Security 6.4.2.
To Reproduce
1. Annotate a configuration class with @EnableWebSocketSecurity.
2. Declare the following method in your configuration class:
```java
@Bean
public SecurityFilterChain customSecurityFilterChain(HttpSecurity http) throws Exception {
// Configure security filter chain here
return http.build();
}
APPLICATION FAILED TO START
Description:
Method testSecurityFilterChain in com.example.springsecurityobjectpostprocessorconflict.TestSecurityConfig required a single bean, but 2 were found:
- webSocketAuthorizationManagerPostProcessor: defined by method 'webSocketAuthorizationManagerPostProcessor' in class path resource [org/springframework/security/config/annotation/web/socket/WebSocketObservationConfiguration.class]
- objectPostProcessor: defined by method 'objectPostProcessor' in class path resource [org/springframework/security/config/annotation/configuration/ObjectPostProcessorConfiguration.class]
Expected behavior The application should start successfully without bean injection conflicts.
Sample
A link to a GitHub repository with a minimal, reproducible sample.
Comment From: kalgon
I have the same problem but the description is a bit different (it complains on WebSecurityConfiguration.setFilterChains()):
***************************
APPLICATION FAILED TO START
***************************
Description:
Parameter 0 of method setFilterChains in org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration required a single bean, but 2 were found:
- objectPostProcessor: defined by method 'objectPostProcessor' in class path resource [org/springframework/security/config/annotation/configuration/ObjectPostProcessorConfiguration.class]
- webSocketAuthorizationManagerPostProcessor: defined by method 'webSocketAuthorizationManagerPostProcessor' in class path resource [org/springframework/security/config/annotation/web/socket/WebSocketObservationConfiguration.class]
This may be due to missing parameter name information
Comment From: vitalii-crm
Any solution for this? In version 6.4.1, these two beans were also creating but did not cause such an exception.
Comment From: gncj
@kalgon Same here with versions: - spring boot: 3.4.1 - spring security: 6.4.2
***************************
APPLICATION FAILED TO START
***************************
Description:
Parameter 0 of method setFilterChains in org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration required a single bean, but 2 were found:
- objectPostProcessor: defined by method 'objectPostProcessor' in class path resource [org/springframework/security/config/annotation/configuration/ObjectPostProcessorConfiguration.class]
- webSocketAuthorizationManagerPostProcessor: defined by method 'webSocketAuthorizationManagerPostProcessor' in class path resource [org/springframework/security/config/annotation/web/socket/WebSocketObservationConfiguration.class]
This may be due to missing parameter name information
Action:
Consider marking one of the beans as @Primary, updating the consumer to accept multiple beans, or using @Qualifier to identify the bean that should be consumed
Comment From: vitalii-crm
@ngocnhan-tran1996 could you assist in this issue. hope it's after your changes https://github.com/spring-projects/spring-security/pull/16113
Comment From: tomaszbadon
Is there any known workaround for this issue?
Comment From: gmjdev
We are also affected by this issue after upgrading to
- Spring boot v3.4.1
- Spring v6.2.1
- Spring Security 6.4.2
`
APPLICATION FAILED TO START
Description:Parameter 0 of method setFilterChains in org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration required a single bean, but 2 were found:
- objectPostProcessor: defined by method 'objectPostProcessor' in class path resource [org/springframework/security/config/annotation/configuration/ObjectPostProcessorConfiguration.class]
- webSocketAuthorizationManagerPostProcessor: defined by method 'webSocketAuthorizationManagerPostProcessor' in class path resource [org/springframework/security/config/annotation/web/socket/WebSocketObservationConfiguration.class]
This may be due to missing parameter name informationAction:Consider marking one of the beans as @Primary, updating the consumer to accept multiple beans, or using @Qualifier to identify the bean that should be consumedEnsure that your compiler is configured to use the '-parameters' flag.You may need to update both your build tool settings as well as your IDE.(See https://github.com/spring-projects/spring-framework/wiki/Upgrading-to-Spring-Framework-6.x#parameter-name-retention)`
Comment From: waileong
Closing this issue as it has been resolved by Commit 2273850