Сервер авторизации Spring выдал исключение с сообщением: DelegatingAuthenticationConverter ⇐ JAVA

[Anonymous]

Я не понимаю, что вызывает эту ошибку. Впервые я начал замечать это, когда перешел с версии 1.2 на 1.4 сервера авторизации Spring oauth2. Ниже вы найдете соответствующие файлы, которые помогут устранить проблему.
Вывод ошибки при попытке запустить ./gradlw bootRun. Не удается собрать
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'authorizationServerSecurityFilterChain' defined in class path resource [com/something/auth_service/configuration/OAuth2SecurityConfig.class]: Failed to instantiate [org.springframework.security.web.SecurityFilterChain]: Factory method 'authorizationServerSecurityFilterChain' threw exception with message: org/springframework/security/web/authentication/DelegatingAuthenticationConverter


Когда я пытался использовать сервер Spring-boot-starter-oauth2-authorization-server, он использовал более старую зависимость Spring-security-oauth2-authorization-server: 1.2.1 вместо 1.4.1 . Не знаю, почему это произошло, но просто решил явно указать зависимости.
Build.Gradle
plugins {
id 'java'
id 'org.springframework.boot' version '3.2.0'
id 'io.spring.dependency-management' version '1.1.4'
id 'application'

}

group = 'com.something'
version = '0.0.1-SNAPSHOT'

application {
mainClass = 'com.something.auth_service.AuthApplication'
}

java {
sourceCompatibility = '17'
}

configurations {
compileOnly {
extendsFrom annotationProcessor
}
all {
exclude group: 'commons-logging', module: 'commons-logging'
}
}

repositories {
mavenCentral()
}

bootRun {
args = ["--spring.profiles.active=dev"]
}

bootTestRun {
args = ["--spring.profiles.active=dev"]
}

dependencies {
implementation 'com.fasterxml.jackson.datatype:jackson-datatype-jsr310:2.18.0'

implementation 'software.amazon.awssdk:ses:2.28.20'
implementation 'software.amazon.awssdk:sdk-core:2.28.20'
implementation 'software.amazon.awssdk:auth:2.28.20'
implementation 'software.amazon.awssdk:s3:2.28.20'
implementation 'software.amazon.awssdk:regions:2.28.20'
implementation 'software.amazon.awssdk:utils:2.28.20'
implementation 'software.amazon.awssdk:services:2.28.20'
implementation 'software.amazon.awssdk:aws-core:2.28.20'
implementation 'jakarta.mail:jakarta.mail-api:2.1.3'
implementation 'software.amazon.awssdk:sesv2:2.28.20'
implementation 'software.amazon.awssdk:auth:2.28.20'

implementation 'org.springframework.boot:spring-boot-starter-data-mongodb'
implementation 'org.springframework.boot:spring-boot-starter-security:3.4.1'
implementation 'org.springframework.boot:spring-boot-starter-web:3.4.1'
implementation 'org.springframework.boot:spring-boot-starter-data-redis'
implementation 'redis.clients:jedis:5.1.2'

implementation 'com.sun.mail:javax.mail:1.6.0'
implementation 'javax.mail:javax.mail-api:1.6.2'
implementation 'org.hibernate.validator:hibernate-validator'
implementation 'io.jsonwebtoken:jjwt-api:0.12.3'

implementation 'org.springframework.security:spring-security-oauth2-authorization-server:1.4.1'
runtimeOnly 'io.jsonwebtoken:jjwt-impl:0.12.3'
runtimeOnly 'io.jsonwebtoken:jjwt-jackson:0.12.3'
implementation 'javax.servlet:servlet-api:2.5'
implementation 'jakarta.annotation:jakarta.annotation-api:2.1.1'
compileOnly 'org.projectlombok:lombok'
annotationProcessor 'org.projectlombok:lombok'
testImplementation 'org.springframework.boot:spring-boot-starter-test'
testImplementation 'org.springframework.security:spring-security-test'

}

tasks.named('test') {
useJUnitPlatform()
}


Это моя конфигурация сервера авторизации Spring, которая включает настройки входа. Я успешно наладил работу маршрутов входа и протестировал регистрацию клиента. Однако после обновления до последней версии Spring Authorization Server все начало ломаться.
Конфигурация безопасности OAuth2

package com.something.auth_service.configuration;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.Ordered;
import org.springframework.core.annotation.Order;
import org.springframework.http.HttpMethod;
import org.springframework.http.MediaType;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.ProviderManager;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.factory.PasswordEncoderFactories;
import org.springframework.security.crypto.password.DelegatingPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository;
import org.springframework.security.oauth2.server.authorization.config.annotation.web.configuration.OAuth2AuthorizationServerConfiguration;
import org.springframework.security.oauth2.server.authorization.config.annotation.web.configurers.OAuth2AuthorizationServerConfigurer;
import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
import org.springframework.security.web.util.matcher.MediaTypeRequestMatcher;

import java.util.HashMap;
import java.util.Map;
import java.util.UUID;

import java.security.interfaces.RSAPublicKey;
import java.security.interfaces.RSAPrivateKey;
import java.security.KeyPairGenerator;

import com.something.auth_service.configuration.user.CustomUserDetailsService;
import com.something.auth_service.configuration.user.UsernamePasswordAuthenticationProvider;
import com.something.auth_service.repository.UserRepository;
import com.nimbusds.jose.jwk.JWKSet;
import com.nimbusds.jose.jwk.RSAKey;
import com.nimbusds.jose.jwk.source.ImmutableJWKSet;
import com.nimbusds.jose.jwk.source.JWKSource;
import org.springframework.security.oauth2.jwt.JwtDecoder;
import com.nimbusds.jose.proc.SecurityContext;

import jakarta.servlet.http.HttpServletResponse;

import java.security.KeyPair;

@Order(Ordered.HIGHEST_PRECEDENCE)
@Configuration
public class OAuth2SecurityConfig {

@Bean
CustomUserDetailsService userDetailsService(UserRepository userRepository) {
return new CustomUserDetailsService(userRepository);
}

@Bean
public PasswordEncoder customPasswordEncoder() {
String idForEncode = "bcrypt";
Map encoders = new HashMap();
encoders.put(idForEncode, new BCryptPasswordEncoder());
return new DelegatingPasswordEncoder("bcrypt", encoders);
}

@Bean
public AuthenticationManager authenticationManager(
CustomUserDetailsService userDetailsService, PasswordEncoder sharedPasswordEncoder) {
UsernamePasswordAuthenticationProvider authenticationProvider = new UsernamePasswordAuthenticationProvider(userDetailsService, sharedPasswordEncoder);
return new ProviderManager(authenticationProvider);
}

@Bean
SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http,RegisteredClientRepository registeredClientRepository,
AuthorizationServerSettings authorizationServerSettings) throws Exception {
OAuth2AuthorizationServerConfigurer authorizationServerConfigurer =
OAuth2AuthorizationServerConfigurer.authorizationServer();

// Failed below here.
http
.securityMatcher(authorizationServerConfigurer.getEndpointsMatcher())
.with(authorizationServerConfigurer, (authorizationServer) ->
authorizationServer
.oidc((oidc) ->
oidc.clientRegistrationEndpoint((clientRegistrationEndpoint) -> oidc.clientRegistrationEndpoint(Customizer.withDefaults())
)
)
)
.cors(cors -> cors.disable())
.csrf(csrf -> csrf.disable())

.authorizeHttpRequests((authorize) ->
authorize
.requestMatchers(HttpMethod.OPTIONS, "/**").permitAll()
.requestMatchers("/create-account").permitAll()
.requestMatchers("/error").permitAll()
.requestMatchers("/oauth2/authorize").permitAll()
.requestMatchers("/login").permitAll()
.anyRequest().authenticated()
)
.formLogin(formLogin -> {
formLogin.loginPage("/login");
formLogin.usernameParameter("emailOrUsername");
formLogin.passwordParameter("password");
formLogin.successHandler((request, response, authentication) -> {
System.out.println("Login Succeeded.");
response.setStatus(HttpServletResponse.SC_OK);
response.getWriter().write("Login successful!");
response.getWriter().flush();
});

})
.logout(logout -> {
logout.logoutUrl("http://localhost:8082/logout");
logout.logoutSuccessUrl("http://localhost:8082/login");
logout.invalidateHttpSession(true);
logout.clearAuthentication(true);
logout.deleteCookies("JSESSIONID");
logout.logoutSuccessHandler((request, response, authentication) -> {
System.out.println("Logout Succeeded.");
response.setStatus(HttpServletResponse.SC_OK);
response.getWriter().write("Logout successful for "+request.getSession().getId());
response.getWriter().flush();
});
})
.oauth2ResourceServer(oauth2ResourceServer -> oauth2ResourceServer.jwt(Customizer.withDefaults()))
.exceptionHandling((exceptions) -> {
exceptions.accessDeniedHandler((request, response, accessDeniedException) -> {
request.getSession().invalidate();
System.out.println("Login Failed, Access Denied.");
response.setStatus(HttpServletResponse.SC_OK);
response.getWriter().write("Login Failed, Access Denied.");
response.getWriter().flush();
});
exceptions.defaultAuthenticationEntryPointFor(
new LoginUrlAuthenticationEntryPoint("http://localhost:8082"),
new MediaTypeRequestMatcher(MediaType.TEXT_HTML)
);
}
);

return http.build();
}

private static KeyPair generateRsaKey() {
KeyPair keyPair;
try {
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
keyPairGenerator.initialize(2048);
keyPair = keyPairGenerator.generateKeyPair();
} catch (Exception ex) {
throw new IllegalStateException(ex);
}
return keyPair;
}

@Bean
JWKSource jwkSource() {
KeyPair keyPair = generateRsaKey();
RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic();
RSAPrivateKey privateKey = (RSAPrivateKey) keyPair.getPrivate();
RSAKey rsaKey = new RSAKey.Builder(publicKey)
.privateKey(privateKey)
.keyID(UUID.randomUUID().toString())
.build();
JWKSet jwkSet = new JWKSet(rsaKey);
return new ImmutableJWKSet(jwkSet);
}

@Bean
JwtDecoder jwtDecoder(JWKSource jwkSource) {
return OAuth2AuthorizationServerConfiguration.jwtDecoder(jwkSource);
}

@Bean
AuthorizationServerSettings authorizationServerSettings() {
return AuthorizationServerSettings.builder().build();
}

}



Подробнее здесь: https://stackoverflow.com/questions/793 ... thenticati