I'm trying to add Spring Security to my Spring Boot application. I've created new SecurityConfig class and I've added the code below:
@Configuration
@EnableWebSecurity
public class SecurityConfig {
@Bean
public SecurityWebFilterChain configSecurity(ServerHttpSecurity http) {
return http
.authorizeExchange(exchange -> exchange.matchers(EndpointRequest.toAnyEndpoint()).permitAll().anyExchange().authenticated())
.oauth2ResourceServer(ServerHttpSecurity.OAuth2ResourceServerSpec::jwt)
.build();
}
}
When I try to start the application I get the error:
2021-04-08 08:58:47.828 INFO 3040 --- [ main] o.s.s.web.DefaultSecurityFilterChain : Will secure any request with [org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@6089c1e3, org.springframework.security.web.context.SecurityContextPersistenceFilter@4bba628, org.springframework.security.web.header.HeaderWriterFilter@47b4fcd5, org.springframework.security.web.csrf.CsrfFilter@439acac0, org.springframework.security.web.authentication.logout.LogoutFilter@6af447b6, org.springframework.security.oauth2.server.resource.web.BearerTokenAuthenticationFilter@5679e464, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@4420f4d4, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@517594dd, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@67231d8d, org.springframework.security.web.session.SessionManagementFilter@59b5251d, org.springframework.security.web.access.ExceptionTranslationFilter@7d6b0636, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@4b50ebea]
2021-04-08 08:58:47.883 WARN 3040 --- [ main] ConfigServletWebServerApplicationContext : Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'configSecurity' defined in class path resource [it/config/SecurityConfig.class]: Unsatisfied dependency expressed through method 'configSecurity' parameter 0; nested exception is org.springframework.beans.factory.NoSuchBeanDefinitionException: No qualifying bean of type 'org.springframework.security.config.web.server.ServerHttpSecurity' available: expected at least 1 bean which qualifies as autowire candidate. Dependency annotations: {}
And:
APPLICATION FAILED TO START
Description: Parameter 0 of method configSecurity in it.config.SecurityConfig required a bean of type 'org.springframework.security.config.web.server.ServerHttpSecurity' that could not be found.
Action: Consider defining a bean of type 'org.springframework.security.config.web.server.ServerHttpSecurity' in your configuration.
Do you know how to solve?
Below my dependecy:
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-oauth2-resource-server</artifactId>
</dependency>
I've solved using HttpSecurity instead of ServerHttpSecurity. Below my new code:
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests(authorizeRequests -> authorizeRequests.anyRequest().authenticated()).oauth2ResourceServer(OAuth2ResourceServerConfigurer::jwt);
}
}