Spring-security: SEC-2515: Stackoverflow with @Bean AuthenticationManager

Created on 10 Mar 2014  路  3Comments  路  Source: spring-projects/spring-security

Dave Syer (Migrated from SEC-2515) said:

This comes from an invalid configuration that tries to expose the AuthenticationManager as a Bean when no authentication has been configured. For example:

@EnableWebSecurity
@Configuration
public class StackOverflowSecurityConfig extends WebSecurityConfigurerAdapter {
    @Override
    @Bean
    public AuthenticationManager authenticationManagerBean()
            throws Exception {
        return super.authenticationManagerBean();
    }
}

The stacktrace when trying to authenticate is this:

Exception in thread "http-nio-8080-exec-1" java.lang.StackOverflowError
    at ch.qos.logback.classic.Logger.isDebugEnabled(Logger.java:490)
    at ch.qos.logback.classic.Logger.isDebugEnabled(Logger.java:486)
    at org.apache.commons.logging.impl.SLF4JLocationAwareLog.isDebugEnabled(SLF4JLocationAwareLog.java:67)
    at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:144)
    at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter$AuthenticationManagerDelegator.authenticate(WebSecurityConfigurerAdapter.java:421)
    at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:177)
    at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter$AuthenticationManagerDelegator.authenticate(WebSecurityConfigurerAdapter.java:421)
    at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:177)
    at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter$AuthenticationManagerDelegator.authenticate(WebSecurityConfigurerAdapter.java:421)
    at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:177)
    at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter$AuthenticationManagerDelegator.authenticate(WebSecurityConfigurerAdapter.java:421)
    at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:177)
    at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter$AuthenticationManagerDelegator.authenticate(WebSecurityConfigurerAdapter.java:421)
    at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:177)
    at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter$AuthenticationManagerDelegator.authenticate(WebSecurityConfigurerAdapter.java:421)
    at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:177)
    at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter$AuthenticationManagerDelegator.authenticate(WebSecurityConfigurerAdapter.java:421)
    at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:177)
    at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter$AuthenticationManagerDelegator.authenticate(WebSecurityConfigurerAdapter.java:421)
    at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:177)
    at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter$AuthenticationManagerDelegator.authenticate(WebSecurityConfigurerAdapter.java:421)
    at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:177)

...

Here's an example project: https://github.com/scratches/sparklr-boot/tree/feature/password

We should provide a better error message when this is misconfigured.

config bug jira
Source
picture spring-issuemaster

Most helpful comment

@idallas456 if you never found the answer, it's here on this stack overflow
https://stackoverflow.com/questions/21633555/how-to-inject-authenticationmanager-using-java-configuration-in-a-custom-filter

The problem was it should be: @Bean(name = BeanIds.AUTHENTICATION_MANAGER)

picture gsugambit on 8 Mar 2018
👍21

All 3 comments

I'm currently seeing this issue. Can someone please help me understand what the correct way to configure this is? I don't understand why this is an invalid configuration and the whole "no authentication has been configured" part.

idallas456 picture idallas456 on 14 Nov 2016

Can someone answer @idallas456 ???

gsugambit picture gsugambit on 8 Mar 2018

@idallas456 if you never found the answer, it's here on this stack overflow
https://stackoverflow.com/questions/21633555/how-to-inject-authenticationmanager-using-java-configuration-in-a-custom-filter

The problem was it should be: @Bean(name = BeanIds.AUTHENTICATION_MANAGER)

gsugambit picture gsugambit on 8 Mar 2018
👍21
Was this page helpful?
0 / 5 - 0 ratings

Related issues

muzuro picture muzuro  路  3Comments
adolfoweloy picture adolfoweloy  路  3Comments
unlimitedsola picture unlimitedsola  路  4Comments
ankurpathak picture ankurpathak  路  4Comments
kazuki43zoo picture kazuki43zoo  路  4Comments