Spring Boot: Cycle in SecurityConfiguration.java?

Support
#1

Dear Forum,

Spring Boot complains about a cycle in SecurityConfiguration.java (breaking):

2022-02-15 17:48:23.357 ERROR 51635 — [ main] o.s.b.web.embedded.tomcat.TomcatStarter : Error starting Tomcat context. Exception: org.springframework.beans.factory.UnsatisfiedDependencyException. Message: Error creating bean with name ‘io.jmix.security.SecurityConfiguration’: Unsatisfied dependency expressed through field ‘sessionRegistry’; nested exception is org.springframework.beans.factory.BeanCurrentlyInCreationException: Error creating bean with name ‘io.jmix.security.SecurityConfiguration’: Requested bean is currently in creation: Is there an unresolvable circular reference?

The dependencies of some of the beans in the application context form a cycle:

┌──->──┐
| io.jmix.security.SecurityConfiguration (field private org.springframework.security.core.session.SessionRegistry io.jmix.security.SecurityConfiguration.sessionRegistry)
└──<-──┘

My versions are:

io.jmix.security/jmix-security/1.1.3/aae5fd5e8de8c3725ee25d16c8c8320dcb5c303a/jmix-security- 1.1.3-sources.jar!/io/jmix/security/SecurityConfiguration.java

Looking at the code I find:

public class SecurityConfiguration {

@Autowired private SessionRegistry sessionRegistry;

@Bean(name = “sec_SessionRegistry”)
public SessionRegistry sessionRegistry() {
return new SessionRegistryImpl();
}

So indeed this looks like a cycle. Am I missing something?

Thank you very much

Martin

#2

Update:

It turns out, the error is caused by a recent spring boot version:

build.gradle
implementation("org.springframework.boot:spring-boot-starter-web:2.6.3") → FAIL (cycle)
implementation(“org.springframework.boot:spring-boot-starter-web:2.5.9”) → SUCCESS (no cycle)

Version 2.5.9 is the default, when no version is specified.

#3

Hi Martin,

We are going to fix all circular dependencies in Jmix beans in the next feature release (June 2022), see https://github.com/Haulmont/jmix-core/issues/287.
In the upcoming release 1.2, which is based on Spring Boot 2.6, we just enable circular dependencies as it was before.

Regards,
Konstantin

#4

Thank you @krivopustov

Sometimes thoses newer versions sneak in. I was using the spring-dependency-management dependency, which pulled in the newest spring boot and crashed the program.

Let’s just document this for other developers here.