Hyland Connect

nuthan · ‎07-11-2016

Hi , we have an existing spring boot application with our custom authentication, when we try to add activiti rest api we are getting below error .

@Order on WebSecurityConfigurers must be unique. Order of 100 was already used, so it cannot be used on org.activiti.spring.boot.SecurityAutoConfiguration$SecurityConfiguration$$EnhancerBySpringCGLIB$$48a22b60@6e442c8a too.

My Security config file

/**
* The SecurityConfiguration program initilized security configuration for
* Parts Hub Application
*
* @author Nuthan Kumar
* @version 1.0
* @since   6/27/2016
* ***************************************************************************
* History : 6/27/2016 Created with default configure method with csrf filters
*          6/28/2016 added Rest Auth success and error handlers
*          6/29/2016 added remind me feature
* **************************************************************************
* TODO : 1) update/replace configureGlobal with actula authentication
* **************************************************************************
*/

package com.globalfoundries.partshub.configuration;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.web.access.AccessDeniedHandler;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.authentication.logout.HttpStatusReturningLogoutSuccessHandler;

import com.globalfoundries.partshub.security.RememberMeServices;
import com.globalfoundries.partshub.security.RestUnauthorizedEntryPoint;
@Configuration
@EnableWebSecurity
@EnableAutoConfiguration(exclude = {
        org.activiti.spring.boot.RestApiAutoConfiguration.class,
        org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration.class,
        org.activiti.spring.boot.SecurityAutoConfiguration.class})

@ComponentScan(basePackages = {"com.globalfoundries.partshub.security"})
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

   private static final Logger logger = LoggerFactory.getLogger(SecurityConfiguration.class);

    public static final String REMEMBER_ME_KEY = "rememberme_key";


    public SecurityConfiguration() {
        super();
        logger.info("loading SecurityConfig ………………………………………… ");
    }


    @Autowired
    private UserDetailsService userDetailsService;

    @Autowired
    private RestUnauthorizedEntryPoint restAuthenticationEntryPoint;

    @Autowired
    private AccessDeniedHandler restAccessDeniedHandler;

//    @Autowired
// private RememberMeServices rememberMeServices;

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailsService);
    }


    @Override
       public void configure(WebSecurity web) throws Exception {
           web.ignoring().antMatchers("/resources/**", "/index.html", "/login.html",
                   "/partials/**", "/template/**", "/", "/error/**","/resources/img/**");
       }


    @Override
       protected void configure(HttpSecurity http) throws Exception {
           http
               .headers().disable()
               .csrf().disable()
               .authorizeRequests()
                   .antMatchers("/failure").permitAll()
                   .antMatchers("/users/**").hasAnyAuthority("admin")
                   .anyRequest().authenticated()
                   .and()
               .exceptionHandling()
                   .authenticationEntryPoint(restAuthenticationEntryPoint)
                   .accessDeniedHandler(restAccessDeniedHandler)
                   .and()
               .formLogin()
                   .loginProcessingUrl("/authenticate")
                   .successHandler(restAuthenticationSuccessHandler)
                   .failureHandler(restAuthenticationFailureHandler)
                   .usernameParameter("username")
                   .passwordParameter("password")
                   .permitAll()
                   .and()
               .logout()
                   .logoutUrl("/logout")
                   .logoutSuccessHandler(new HttpStatusReturningLogoutSuccessHandler())
                   .deleteCookies("JSESSIONID")
                   .permitAll()
                   .and();
            //   .rememberMe()
              //     .rememberMeServices(rememberMeServices)
                //   .key(REMEMBER_ME_KEY)
                  // .and();
       }

   @Autowired
    private AuthenticationSuccessHandler restAuthenticationSuccessHandler;

    @Autowired
    private AuthenticationFailureHandler restAuthenticationFailureHandler;

}

Any idea on how to fix this ..?

ritesh_nailwal · ‎05-18-2017

Issue is because order is conflicting between rest Security adapter and spring security adapter, I had the same issue I just annotated out spring security configuration with

@Configuration
@EnableWebSecurity
@Order(99)
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {

}

hope it helps

Hyland Connect

Disable Activiti Rest secuirity