In the Spring Security official documentation, there is an example code snippet under the "Spring Boot Security Auto Configuration" section that demonstrates how to configure an InMemoryUserDetailsManager bean. However, when using this example code, it causes an error when running the application.
org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration': Unsatisfied dependency expressed through field 'httpSecurity': Error creating bean with name 'org.springframework.security.config.annotation.web.configuration.HttpSecurityConfiguration.httpSecurity' defined in class path resource [org/springframework/security/config/annotation/web/configuration/HttpSecurityConfiguration.class]: Failed to instantiate [org.springframework.security.config.annotation.web.builders.HttpSecurity]: Factory method 'httpSecurity' threw exception with message: Error creating bean with name 'inMemoryUserDetailsManager' defined in class path resource [com/brian/security/config/SecurityConfig.class]: Failed to instantiate [org.springframework.security.provisioning.InMemoryUserDetailsManager]: Factory method 'inMemoryUserDetailsManager' threw exception with message: ROLE_USER cannot start with ROLE_ (it is automatically added) ... Caused by: java.lang.IllegalArgumentException: ROLE_USER cannot start with ROLE_ (it is automatically added)
The error indicates that when defining user roles with the roles() method, the prefix "ROLE_" should not be included as it is automatically added by Spring Security.
Environment:
Spring Boot 3.2.5
Spring Security 6.2.4
Java 17
MacOS 13.2
To resolve this issue, the roles("ROLE_USER") part in the example code needs to be changed to roles("USER").
It would be helpful if the documentation could be updated to reflect this requirement and avoid confusion for developers following the provided examples.
Please let me know if you need any further information or if I can provide a minimal reproducible sample project to help investigate this issue.
In the Spring Security official documentation, there is an example code snippet under the "Spring Boot Security Auto Configuration" section that demonstrates how to configure an InMemoryUserDetailsManager bean. However, when using this example code, it causes an error when running the application.
Example Code:
@Bean @ConditionalOnMissingBean(UserDetailsService.class) InMemoryUserDetailsManager inMemoryUserDetailsManager() { String generatedPassword = // ...; return new InMemoryUserDetailsManager(User.withUsername("user") .password(generatedPassword).roles("ROLE_USER").build()); }
Error Log:
org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration': Unsatisfied dependency expressed through field 'httpSecurity': Error creating bean with name 'org.springframework.security.config.annotation.web.configuration.HttpSecurityConfiguration.httpSecurity' defined in class path resource [org/springframework/security/config/annotation/web/configuration/HttpSecurityConfiguration.class]: Failed to instantiate [org.springframework.security.config.annotation.web.builders.HttpSecurity]: Factory method 'httpSecurity' threw exception with message: Error creating bean with name 'inMemoryUserDetailsManager' defined in class path resource [com/brian/security/config/SecurityConfig.class]: Failed to instantiate [org.springframework.security.provisioning.InMemoryUserDetailsManager]: Factory method 'inMemoryUserDetailsManager' threw exception with message: ROLE_USER cannot start with ROLE_ (it is automatically added) ... Caused by: java.lang.IllegalArgumentException: ROLE_USER cannot start with ROLE_ (it is automatically added)
The error indicates that when defining user roles with the roles() method, the prefix "ROLE_" should not be included as it is automatically added by Spring Security. Environment:
Spring Boot 3.2.5 Spring Security 6.2.4 Java 17 MacOS 13.2
To resolve this issue, the roles("ROLE_USER") part in the example code needs to be changed to roles("USER"). It would be helpful if the documentation could be updated to reflect this requirement and avoid confusion for developers following the provided examples. Please let me know if you need any further information or if I can provide a minimal reproducible sample project to help investigate this issue.