search

spring-projects / spring-security

Spring Security
http://spring.io/projects/spring-security
Apache License 2.0
8.45k stars 5.76k forks source link

InMemoryUserDetailsManager Setting User Roles in Official Documentation Example Causes Error #14965

Closed Hongmiao0207 closed 3 weeks ago

Hongmiao0207 commented 3 weeks ago

In the Spring Security official documentation, there is an example code snippet under the "Spring Boot Security Auto Configuration" section that demonstrates how to configure an InMemoryUserDetailsManager bean. However, when using this example code, it causes an error when running the application.

Example Code:

@Bean @ConditionalOnMissingBean(UserDetailsService.class) InMemoryUserDetailsManager inMemoryUserDetailsManager() { String generatedPassword = // ...; return new InMemoryUserDetailsManager(User.withUsername("user") .password(generatedPassword).roles("ROLE_USER").build()); }

Error Log:

org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration': Unsatisfied dependency expressed through field 'httpSecurity': Error creating bean with name 'org.springframework.security.config.annotation.web.configuration.HttpSecurityConfiguration.httpSecurity' defined in class path resource [org/springframework/security/config/annotation/web/configuration/HttpSecurityConfiguration.class]: Failed to instantiate [org.springframework.security.config.annotation.web.builders.HttpSecurity]: Factory method 'httpSecurity' threw exception with message: Error creating bean with name 'inMemoryUserDetailsManager' defined in class path resource [com/brian/security/config/SecurityConfig.class]: Failed to instantiate [org.springframework.security.provisioning.InMemoryUserDetailsManager]: Factory method 'inMemoryUserDetailsManager' threw exception with message: ROLE_USER cannot start with ROLE_ (it is automatically added) ... Caused by: java.lang.IllegalArgumentException: ROLE_USER cannot start with ROLE_ (it is automatically added)

The error indicates that when defining user roles with the roles() method, the prefix "ROLE_" should not be included as it is automatically added by Spring Security. Environment:

Spring Boot 3.2.5 Spring Security 6.2.4 Java 17 MacOS 13.2

To resolve this issue, the roles("ROLE_USER") part in the example code needs to be changed to roles("USER"). It would be helpful if the documentation could be updated to reflect this requirement and avoid confusion for developers following the provided examples. Please let me know if you need any further information or if I can provide a minimal reproducible sample project to help investigate this issue.

jzheaux commented 3 weeks ago

Thanks, @Hongmiao0207! I've corrected the documentation.