Create an account

Very important

  • To access the important data of the forums, you must be active in each forum and especially in the leaks and database leaks section, send data and after sending the data and activity, data and important content will be opened and visible for you.
  • You will only see chat messages from people who are at or below your level.
  • More than 500,000 database leaks and millions of account leaks are waiting for you, so access and view with more activity.
  • Many important data are inactive and inaccessible for you, so open them with activity. (This will be done automatically)

0Day Forums Coding FrameWork Spring Spring Security Configuration @Order not unique exception

Thread Rating:
  • 887 Vote(s) - 3.53 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Options
Spring Security Configuration @Order not unique exception

Offline calorimeterss


Valued member
***
Valued member
Posts: 0
Threads: 0
Joined: Apr 2021
Reputation: 0
Level: inf [Level]
Total Points: inf
Rank nan / 1
100% to upload Level
Rank
Activity inf / 1
99% to upload your Rank
Activity
Experience nan
100% to upload Experience
Experience

Points: 50
#11
08-02-2023, 04:45 PM
Putting @Order(1000) on the second WebSecurityConfigurerAdapter worked for me
Reply

Offline raydonqx


Luxury
*****
Luxury
Posts: 0
Threads: 0
Joined: Mar 2018
Reputation: 0
Level: inf [Level]
Total Points: inf
Rank nan / 1
100% to upload Level
Rank
Activity inf / 1
99% to upload your Rank
Activity
Experience nan
100% to upload Experience
Experience

Points: 50
#12
08-02-2023, 04:45 PM
It is because Spring security uses [WebSecurityConfigurerAdapter][1] under the hood and this adaptor is using order(100), hence spring won't allow duplicate order sequence.


[1]:

[To see links please register here]

Reply

Offline distinctly130


Member
*
Member
Posts: 0
Threads: 0
Joined: Mar 2020
Reputation: 0
Level: inf [Level]
Total Points: inf
Rank nan / 1
100% to upload Level
Rank
Activity inf / 1
99% to upload your Rank
Activity
Experience nan
100% to upload Experience
Experience

Points: 50
#13
08-02-2023, 04:45 PM
In my case, I had put the `@EnableOAuth2Sso` annotation on the class annotated with `@SpringBootApplication`, but I also had a separate class extending `WebSecurityConfigurerAdapter`. As the documentation of `@EnableOAuth2Sso` says:

> If there is an existing WebSecurityConfigurerAdapter provided by the user and annotated with @EnableOAuth2Sso, it is enhanced by adding an authentication filter and an authentication entry point. If the user only has @EnableOAuth2Sso but not on a WebSecurityConfigurerAdapter **then one is added** with all paths secured.

Since a default adapter was being added, I ended up with two, which caused the exception.
The solution was of course to move the `@EnableOAuth2Sso` annotation to the class which extended `WebSecurityConfigurerAdapter`.
Reply

Offline Mrkangarooer221


Valued member
***
Valued member
Posts: 0
Threads: 0
Joined: Jul 2018
Reputation: 0
Level: inf [Level]
Total Points: inf
Rank nan / 1
100% to upload Level
Rank
Activity inf / 1
99% to upload your Rank
Activity
Experience nan
100% to upload Experience
Experience

Points: 50
#14
08-02-2023, 04:45 PM
In my case, I had 2 tags `@EnableWebSecurity` and
`@EnableGlobalMethodSecurity(securedEnabled = true)`. When I removed `@EnableWebSecurity` tag the problem got solved.
Reply

Offline unprocured679638


Member
*
Member
Posts: 0
Threads: 0
Joined: Apr 2021
Reputation: 0
Level: inf [Level]
Total Points: inf
Rank nan / 1
100% to upload Level
Rank
Activity inf / 1
99% to upload your Rank
Activity
Experience nan
100% to upload Experience
Experience

Points: 50
#15
08-02-2023, 04:45 PM
In my case, there was another security config class that is established in the parent project. I used excludeFilters tag to exclude the parent security config class and I add my config class spring directly use that config class.

@ComponentScan(basePackages = {
"com.example.parentProject", // this is the package that have securit config staff

},
excludeFilters = {@ComponentScan.Filter(
type = FilterType.ASSIGNABLE_TYPE,
value = {
SecurityConfig.class //which is inhareted from the parent package
})
})

public class SpringApp{
.....

}
Reply

Offline nessiew


Member
*
Member
Posts: 0
Threads: 0
Joined: Sep 2017
Reputation: 0
Level: inf [Level]
Total Points: inf
Rank nan / 1
100% to upload Level
Rank
Activity inf / 1
99% to upload your Rank
Activity
Experience nan
100% to upload Experience
Experience

Points: 50
#16
08-02-2023, 04:45 PM
All enabling features should be in main SpringApplication.run(Myclass.class, args);

In my case, I have ZuluConfiguration and KeyCloakConfiguration so I have enabled those configurations under the main class of springbootapplication annotation. it resolved my problem.


@SpringBootApplication
@EnableZuulProxy
@KeycloakConfiguration
Reply

« Next Oldest
Next Newest »


Forum Jump:


Users browsing this thread:
1 Guest(s)

©0Day  2016 - 2023 | All Rights Reserved.  Made with    for the community. Connected through