Hi Team,
We are migrating spring boot 2.7 to 3.1 version. We have follow the official document. Currently we are using Spring 3.1.2 version and Spring security 6.1.2 Before upgrading we are using WebSecurityConfigurerAdapter in our WebSecurityConfig. As per suggestion from official docs we have changed our code and using SecurityFilterChain in WebSecurityConfig. When we ae starting our server local server getting below error.
class path resource [org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurerAdapter.class] cannot be opened because it does not exist.
We have use all possible solutions but still getting same error. PSB stacktrace
Standard Commons Logging discovery in action with spring-jcl: please remove commons-logging.jar from classpath in order to avoid potential conflicts
[ERROR] 2023-08-31 10:58:38.587 [main] SpringApplication [] - Application run failed
org.springframework.beans.factory.BeanDefinitionStoreException: Failed to parse configuration class
at org.springframework.context.annotation.ConfigurationClassParser.parse(ConfigurationClassParser.java:178) ~[spring-context-6.0.11.jar:6.0.11]
at org.springframework.context.annotation.ConfigurationClassPostProcessor.processConfigBeanDefinitions(ConfigurationClassPostProcessor.java:415) ~[spring-context-6.0.11.jar:6.0.11]
at org.springframework.context.annotation.ConfigurationClassPostProcessor.postProcessBeanDefinitionRegistry(ConfigurationClassPostProcessor.java:287) ~[spring-context-6.0.11.jar:6.0.11]
at org.springframework.context.support.PostProcessorRegistrationDelegate.invokeBeanDefinitionRegistryPostProcessors(PostProcessorRegistrationDelegate.java:344) ~[spring-context-6.0.11.jar:6.0.11]
at org.springframework.context.support.PostProcessorRegistrationDelegate.invokeBeanFactoryPostProcessors(PostProcessorRegistrationDelegate.java:115) ~[spring-context-6.0.11.jar:6.0.11]
at org.springframework.context.support.AbstractApplicationContext.invokeBeanFactoryPostProcessors(AbstractApplicationContext.java:771) ~[spring-context-6.0.11.jar:6.0.11]
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:589) ~[spring-context-6.0.11.jar:6.0.11]
at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.refresh(ServletWebServerApplicationContext.java:146) ~[spring-boot-3.1.2.jar:3.1.2]
at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:734) **[spring-boot-3.1.2.jar:3.1.2]**
at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:436) [spring-boot-3.1.2.jar:3.1.2]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:312) [spring-boot-3.1.2.jar:3.1.2]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1306) [spring-boot-3.1.2.jar:3.1.2]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1295) [spring-boot-3.1.2.jar:3.1.2]
at com.cah.parmed.order.ParmedWebOrderApplication.main(ParmedWebOrderApplication.java:29) [main/:?]
**Caused by: java.io.FileNotFoundException: class path resource [org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurerAdapter.class] cannot be opened because it does not exist**
at org.springframework.core.io.ClassPathResource.getInputStream(ClassPathResource.java:211) ~[spring-core-6.0.11.jar:6.0.11]
at org.springframework.core.type.classreading.SimpleMetadataReader.getClassReader(SimpleMetadataReader.java:54) ~[spring-core-6.0.11.jar:6.0.11]
at org.springframework.core.type.classreading.SimpleMetadataReader.<init>(SimpleMetadataReader.java:48) ~[spring-core-6.0.11.jar:6.0.11]
at org.springframework.core.type.classreading.SimpleMetadataReaderFactory.getMetadataReader(SimpleMetadataReaderFactory.java:103) ~[spring-core-6.0.11.jar:6.0.11]
at org.springframework.boot.type.classreading.ConcurrentReferenceCachingMetadataReaderFactory.createMetadataReader(ConcurrentReferenceCachingMetadataReaderFactory.java:86) ~[spring-boot-3.1.2.jar:3.1.2]
at org.springframework.boot.type.classreading.ConcurrentReferenceCachingMetadataReaderFactory.getMetadataReader(ConcurrentReferenceCachingMetadataReaderFactory.java:73) ~[spring-boot-3.1.2.jar:3.1.2]
at org.springframework.core.type.classreading.SimpleMetadataReaderFactory.getMetadataReader(SimpleMetadataReaderFactory.java:81) ~[spring-core-6.0.11.jar:6.0.11]
at org.springframework.context.annotation.ConfigurationClassParser.asSourceClass(ConfigurationClassParser.java:610) ~[spring-context-6.0.11.jar:6.0.11]
at org.springframework.context.annotation.ConfigurationClassParser$SourceClass.getSuperClass(ConfigurationClassParser.java:923) ~[spring-context-6.0.11.jar:6.0.11]
at org.springframework.context.annotation.ConfigurationClassParser.doProcessConfigurationClass(ConfigurationClassParser.java:334) ~[spring-context-6.0.11.jar:6.0.11]
at org.springframework.context.annotation.ConfigurationClassParser.processConfigurationClass(ConfigurationClassParser.java:243) ~[spring-context-6.0.11.jar:6.0.11]
at org.springframework.context.annotation.ConfigurationClassParser.parse(ConfigurationClassParser.java:188) ~[spring-context-6.0.11.jar:6.0.11]
at org.springframework.context.annotation.ConfigurationClassParser.doProcessConfigurationClass(ConfigurationClassParser.java:297) ~[spring-context-6.0.11.jar:6.0.11]
at org.springframework.context.annotation.ConfigurationClassParser.processConfigurationClass(ConfigurationClassParser.java:243) ~[spring-context-6.0.11.jar:6.0.11]
at org.springframework.context.annotation.ConfigurationClassParser.parse(ConfigurationClassParser.java:196) ~[spring-context-6.0.11.jar:6.0.11]
at org.springframework.context.annotation.ConfigurationClassParser.parse(ConfigurationClassParser.java:164) ~[spring-context-6.0.11.jar:6.0.11]
... 13 more
Comment From: wilkinsona
You have a class in your application or in one of your application's dependencies that extends WebSecurityConfigurerAdapter. WebSecurityConfigurerAdapter was removed in Spring Security 6.0 making the extending class incompatible with Spring Security 6 and therefore with Spring Boot 3.
Check you application and its dependencies for use of WebSecurityConfigurerAdapter. You should be able to identify the class involved by debugging your application with a breakpoint for the FileNotFoundException. When it's thrown you should be able to look at the state of ConfigurationClassParser to identify the offending class whose super-class is being processed.
I've opened https://github.com/spring-projects/spring-framework/issues/31146 to see if Spring Framework's diagnostics could be improved to include more information in the messages that it logs.
Comment From: cah-sandesh-gadhave
we have removed WebSecurityConfigurerAdapter from our WebsecurityConfig file. And we are not using WebSecurityConfigurerAdapter anywhere in our project.
@Configuration
@EnableWebSecurity
public class WebSecurityConfig
And using SecurityFilterChain in our code.
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
Comment From: wilkinsona
Are you saying that you've just made these changes and solved the problem or that you had already made those changes and don't understand why the problem remains? If it's the latter, please follow my advice about using the debugger to identify the @Configuration class that extends WebSecurityConfigurerAdapter.
Comment From: cah-sandesh-gadhave
Sorry for confusion.. When we started the migration of the spring boot 3 that time I removed WebSecurityConfigurerAdapter from my @configuration class. And instead of I am using SecurityFilterChain . We have removed WebSecurityConfigurerAdapter references from our project.. I have done all changes which are mentioned in official spring boot and security migration docs.
I am not able to start the local server beacuse of this issue
Comment From: wilkinsona
Something on your application's classpath is still using WebSecurityConfigurerAdapter. The error would not occur if that was not the case. The offending class is almost certainly in one of your application's dependencies rather than in the application itself, otherwise it would not have compiled. As I said above, you can use the debugger to identify it.
Comment From: cah-sandesh-gadhave
Hi wikinsona, Thanks for quick response. Yes our issue has been resolved. Gradle caches is not taking updated snapshot version from my local .m2 folder. That's why its taking WebSecurityConfigurerAdapter from the respective jar. So I have taken latest snapshot version from .m2 and added manually in to Gradle's cache. So I am figuring out why gradle cache not taking latest snapshot from .m2.