I am trying to update our Spring Boot project. The problem is that as soon as I do this the following error occurs that we can’t get fixed:
Parameter 0 of constructor in com.test.app.configuration.WebAppSecurityConfig required a bean of type 'org.springframework.security.oauth2.client.userinfo.OAuth2UserService' that could not be found.
You can also already see it red underlined in IntelliJ. Before the update it worked fine like it is.
@Configuration
@Order(2)
public class WebAppSecurityConfig extends WebSecurityConfigurerAdapter {
private final OAuth2UserService<OidcUserRequest, OidcUser> oidcUserService;
@Autowired
public WebAppSecurityConfig(OAuth2UserService<OidcUserRequest, OidcUser> oidcUserService) {
this.oidcUserService = oidcUserService;
}
@Override
protected void configure(HttpSecurity http) throws Exception {
// authenticate user through azure AD
http.authorizeRequests()
.regexMatchers(
"/app/(cockpit|admin|tasklist|welcome)/([^/]+)/",
"/rest/([^/]+)")
.authenticated()
.and()
.oauth2Login()
.userInfoEndpoint()
.oidcUserService(oidcUserService);
}
/** Register camunda filter for authentication */
@Bean
public FilterRegistrationBean<ContainerBasedAuthenticationFilter>
containerBasedAuthenticationFilter() {
FilterRegistrationBean<ContainerBasedAuthenticationFilter> filterRegistration =
new FilterRegistrationBean<>();
filterRegistration.setFilter(new ContainerBasedAuthenticationFilter());
filterRegistration.setInitParameters(
Collections.singletonMap(
"authentication-provider",
"com.test.app.filter.SpringSecurityAuthenticationProvider"));
filterRegistration.setOrder(
101); // make sure the filter is registered after the Spring Security Filter Chain
filterRegistration.addUrlPatterns("/app/*");
filterRegistration.addUrlPatterns("/rest/*");
return filterRegistration;
}
}
Action:
Consider defining a bean of type 'org.springframework.security.oauth2.client.userinfo.OAuth2UserService' in your configuration.
Our current Spring Boot version is 2.3.12.RELEASE and we want to update to 2.5.x.
If we just do new OidcUserService() for the .oidcUserService the application is able to run but the login page only forewards to an empty Login with OAuth 2.0 page instead of redirecting to the Microsoft login page.
We already tried to disable some dependencies like other similar questions did. Does anybody have an idea what happenend that the bean cannot be found?
The updated pom.xml looks like this (we had to switch from azure-active-directory-spring-boot-starter to spring-cloud-azure-starter-active-directory):
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.5.14</version>
<relativePath/>
</parent>
<properties>
<version.camunda>7.16.0-ee</version.camunda>
<springBoot.version>2.5.14</springBoot.version>
<java.version>11</java.version>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<log4j2.version>2.17.2</log4j2.version>
<org.mapstruct.version>1.5.2.Final</org.mapstruct.version>
</properties>
<groupId>com.test.app</groupId>
<artifactId>application</artifactId>
<version>1.0.0-SNAPSHOT</version>
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.camunda.bpm</groupId>
<artifactId>camunda-bom</artifactId>
<scope>import</scope>
<type>pom</type>
<version>${version.camunda}</version>
</dependency>
</dependencies>
</dependencyManagement>
<dependencies>
<dependency>
<groupId>org.camunda.bpm</groupId>
<artifactId>camunda-engine</artifactId>
<exclusions>
<exclusion>
<groupId>org.camunda.connect</groupId>
<artifactId>camunda-connect-connectors-all</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.camunda.connect</groupId>
<artifactId>camunda-connect-http-client</artifactId>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.camunda.bpm</groupId>
<artifactId>camunda-engine-plugin-spin</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.camunda.spin</groupId>
<artifactId>camunda-spin-dataformat-json-jackson</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.camunda.bpm.springboot</groupId>
<artifactId>camunda-bpm-spring-boot-starter-rest</artifactId>
</dependency>
<dependency>
<groupId>org.camunda.bpm.springboot</groupId>
<artifactId>camunda-bpm-spring-boot-starter-webapp-ee</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-mail</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-aop</artifactId>
</dependency>
<dependency>
<groupId>com.h2database</groupId>
<artifactId>h2</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-jpa</artifactId>
</dependency>
<dependency>
<groupId>com.azure</groupId>
<artifactId>azure-messaging-eventhubs</artifactId>
<version>5.12.1</version>
</dependency>
<dependency>
<groupId>com.googlecode.json-simple</groupId>
<artifactId>json-simple</artifactId>
<version>1.1.1</version>
</dependency>
<dependency>
<groupId>net.sf.supercsv</groupId>
<artifactId>super-csv</artifactId>
<version>2.4.0</version>
</dependency>
<dependency>
<groupId>org.json</groupId>
<artifactId>json</artifactId>
<version>20220924</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
<!-- <version>${springBoot.version}</version>-->
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-actuator</artifactId>
<!-- <version>${springBoot.version}</version>-->
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-configuration-processor</artifactId>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-oauth2-client</artifactId>
<version>5.7.3</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-oauth2-jose</artifactId>
</dependency>
<dependency>
<groupId>com.azure.spring</groupId>
<artifactId>spring-cloud-azure-starter-active-directory</artifactId>
<version>4.4.0</version>
</dependency>
<dependency>
<groupId>org.springframework.security.oauth</groupId>
<artifactId>spring-security-oauth2</artifactId>
<version>2.5.2.RELEASE</version>
</dependency>
<dependency>
<groupId>com.microsoft.graph</groupId>
<artifactId>microsoft-graph</artifactId>
<version>1.2.0</version>
</dependency>
<dependency>
<groupId>org.apache.pdfbox</groupId>
<artifactId>pdfbox</artifactId>
<version>2.0.27</version>
</dependency>
<dependency>
<groupId>com.github.java-json-tools</groupId>
<artifactId>json-patch</artifactId>
<version>1.13</version>
</dependency>
<dependency>
<groupId>jakarta.json</groupId>
<artifactId>jakarta.json-api</artifactId>
<version>2.1.1</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.dataformat</groupId>
<artifactId>jackson-dataformat-csv</artifactId>
<version>2.13.3</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.datatype</groupId>
<artifactId>jackson-datatype-jsr310</artifactId>
</dependency>
<dependency>
<groupId>org.apache.poi</groupId>
<artifactId>poi</artifactId>
<version>5.2.2</version>
</dependency>
<dependency>
<groupId>org.apache.poi</groupId>
<artifactId>poi-ooxml</artifactId>
<version>5.2.2</version>
</dependency>
<dependency>
<groupId>com.microsoft.azure</groupId>
<artifactId>azure-servicebus</artifactId>
<version>3.6.6</version>
</dependency>
<dependency>
<groupId>org.junit.jupiter</groupId>
<artifactId>junit-jupiter</artifactId>
<version>5.8.2</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.skyscreamer</groupId>
<artifactId>jsonassert</artifactId>
<version>1.5.1</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.codehaus.groovy</groupId>
<artifactId>groovy-all</artifactId>
<version>3.0.13</version>
<type>pom</type>
</dependency>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>4.13.2</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<version>2.7.4</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<version>1.18.24</version>
<scope>provided</scope>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
<version>${project.parent.version}</version>
</plugin>
<plugin>
<artifactId>maven-surefire-plugin</artifactId>
<version>2.22.2</version>
<dependencies>
<dependency>
<groupId>org.junit.platform</groupId>
<artifactId>junit-platform-surefire-provider</artifactId>
<version>1.3.2</version>
</dependency>
<dependency>
<groupId>org.junit.jupiter</groupId>
<artifactId>junit-jupiter-engine</artifactId>
<version>5.9.0-M1</version>
</dependency>
</dependencies>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>3.10.1</version>
<configuration>
<annotationProcessorPaths>
<path>
<groupId>org.mapstruct</groupId>
<artifactId>mapstruct-processor</artifactId>
<version>${org.mapstruct.version}</version>
</path>
<path>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<version>1.18.24</version>
</path>
<!-- other annotation processors -->
</annotationProcessorPaths>
</configuration>
</plugin>
</plugins>
</build>
</project>
An excerpt from the application.yml:
spring:
jersey: application-path=/rest
profiles:
active: dev
datasource:
url: jdbc:h2:file:./camunda-h2-database
security:
oauth2:
client:
provider:
azure-oauth-provider:
authorization-uri: https://login.microsoftonline.com/${spring.cloud.azure.active-directory.profile.tenant-id}/oauth2/authorize
token-uri: https://login.microsoftonline.com/${spring.cloud.azure.active-directory.profile.tenant-id}/oauth2/token
user-info-uri: https://login.microsoftonline.com/${spring.cloud.azure.active-directory.profile.tenant-id}/openid/userinfo
jwk-set-uri: https://login.microsoftonline.com/${spring.cloud.azure.active-directory.profile.tenant-id}/discovery/keys
registration:
azure:
client-id: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
client-secret: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
provider: azure-oauth-provider
authorization-grant-type: client_credentials
cloud:
azure:
active-directory:
profile:
tenant-id: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
user-group:
allowed-group-names: Users
server:
forward-headers-strategy: native # correctly handle X-Forwarded-Proto header to properly construct Azure AD redirect url
default:
baseUrl: http://localhost:8080/
2
Answers
try this dependency because in your application.yml file you have mentioned that auth-provider (authorization-uri: https://login.microsoftonline.com/${spring.cloud.azure.active-directory.profile.tenant-id}/oauth2/authorize) so it might help:
Here is a working example using Spring 2.6.7:
https://github.com/rob2universe/azure-active-directory-oauth-spring-boot
Your problem may be that you are not letting the framework inject the oicdUserService as shown here:
https://github.com/rob2universe/azure-active-directory-oauth-spring-boot/blob/6db04d4f5a15f1d2f8f59365ef54c3da992c6d78/src/main/java/com/example/aad/AADOAuth2LoginSecurityConfig.java#L18
Also note the MS resources referenced in the readme.