Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] Okta Spring Starter Web doesn't properly initialize in WebFlux #761

Open
1 of 2 tasks
vibbix opened this issue Jan 8, 2025 · 0 comments
Open
1 of 2 tasks

[BUG] Okta Spring Starter Web doesn't properly initialize in WebFlux #761

vibbix opened this issue Jan 8, 2025 · 0 comments

Comments

@vibbix
Copy link

vibbix commented Jan 8, 2025
edited
Loading

I'm submitting a

  • bug report
  • feature request

Background info

When using Spring WebFlux with Okta Spring starter, the logs say that the several of the Okta Post Processor beans aren't eligible for post processing. This breaks debugging workflows reliant on AOP style checks, and creates tons of log spam.

Expected behavior

No warning log's appear when starting up in Reactive server mode.

What went wrong?

When booting up these logs appear:

logs

2025-01-08T13:03:27.399-05:00  WARN 84534 --- [siw-jquery] [  restartedMain] trationDelegate$BeanPostProcessorChecker : Bean 'com.okta.spring.boot.oauth.ReactiveOktaOAuth2ResourceServerHttpServerAutoConfig' of type [com.okta.spring.boot.oauth.ReactiveOktaOAuth2ResourceServerHttpServerAutoConfig] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying). The currently created BeanPostProcessor [oktaOAuth2ResourceServerBeanPostProcessor] is declared through a non-static factory method on that class; consider declaring it as static instead.
2025-01-08T13:03:27.418-05:00  WARN 84534 --- [siw-jquery] [  restartedMain] trationDelegate$BeanPostProcessorChecker : Bean 'spring.security.oauth2.client-org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientProperties' of type [org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientProperties] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying). Is this bean getting eagerly injected/applied to a currently created BeanPostProcessor [oktaOAuth2ResourceServerBeanPostProcessor]? Check the corresponding BeanPostProcessor declaration and its dependencies/advisors. If this bean does not have to be post-processed, declare it with ROLE_INFRASTRUCTURE.
2025-01-08T13:03:27.422-05:00  WARN 84534 --- [siw-jquery] [  restartedMain] trationDelegate$BeanPostProcessorChecker : Bean 'okta.oauth2-com.okta.spring.boot.oauth.config.OktaOAuth2Properties' of type [com.okta.spring.boot.oauth.config.OktaOAuth2Properties] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying). Is this bean getting eagerly injected/applied to a currently created BeanPostProcessor [oktaOAuth2ResourceServerBeanPostProcessor]? Check the corresponding BeanPostProcessor declaration and its dependencies/advisors. If this bean does not have to be post-processed, declare it with ROLE_INFRASTRUCTURE.
2025-01-08T13:03:27.423-05:00  WARN 84534 --- [siw-jquery] [  restartedMain] trationDelegate$BeanPostProcessorChecker : Bean 'com.okta.spring.boot.oauth.ReactiveOktaOAuth2ServerHttpServerAutoConfig' of type [com.okta.spring.boot.oauth.ReactiveOktaOAuth2ServerHttpServerAutoConfig] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying). The currently created BeanPostProcessor [authManagerServerHttpSecurityBeanPostProcessor] is declared through a non-static factory method on that class; consider declaring it as static instead.
2025-01-08T13:03:27.425-05:00  WARN 84534 --- [siw-jquery] [  restartedMain] trationDelegate$BeanPostProcessorChecker : Bean 'com.okta.spring.boot.oauth.ReactiveOktaOAuth2AutoConfig' of type [com.okta.spring.boot.oauth.ReactiveOktaOAuth2AutoConfig] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying). Is this bean getting eagerly injected/applied to a currently created BeanPostProcessor [authManagerServerHttpSecurityBeanPostProcessor]? Check the corresponding BeanPostProcessor declaration and its dependencies/advisors. If this bean does not have to be post-processed, declare it with ROLE_INFRASTRUCTURE.
2025-01-08T13:03:27.426-05:00  WARN 84534 --- [siw-jquery] [  restartedMain] trationDelegate$BeanPostProcessorChecker : Bean 'com.okta.spring.boot.oauth.AuthorityProvidersConfig' of type [com.okta.spring.boot.oauth.AuthorityProvidersConfig$$SpringCGLIB$$0] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying). Is this bean getting eagerly injected/applied to a currently created BeanPostProcessor [authManagerServerHttpSecurityBeanPostProcessor]? Check the corresponding BeanPostProcessor declaration and its dependencies/advisors. If this bean does not have to be post-processed, declare it with ROLE_INFRASTRUCTURE.
2025-01-08T13:03:27.426-05:00  WARN 84534 --- [siw-jquery] [  restartedMain] trationDelegate$BeanPostProcessorChecker : Bean 'tokenScopesAuthoritiesProvider' of type [com.okta.spring.boot.oauth.AuthorityProvidersConfig$$Lambda/0x000000080057cb18] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying). Is this bean getting eagerly injected/applied to a currently created BeanPostProcessor [authManagerServerHttpSecurityBeanPostProcessor]? Check the corresponding BeanPostProcessor declaration and its dependencies/advisors. If this bean does not have to be post-processed, declare it with ROLE_INFRASTRUCTURE.
2025-01-08T13:03:27.427-05:00  WARN 84534 --- [siw-jquery] [  restartedMain] trationDelegate$BeanPostProcessorChecker : Bean 'groupClaimsAuthoritiesProvider' of type [com.okta.spring.boot.oauth.AuthorityProvidersConfig$$Lambda/0x000000080057cd40] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying). Is this bean getting eagerly injected/applied to a currently created BeanPostProcessor [authManagerServerHttpSecurityBeanPostProcessor]? Check the corresponding BeanPostProcessor declaration and its dependencies/advisors. If this bean does not have to be post-processed, declare it with ROLE_INFRASTRUCTURE.
2025-01-08T13:03:27.507-05:00  WARN 84534 --- [siw-jquery] [  restartedMain] trationDelegate$BeanPostProcessorChecker : Bean 'oauth2UserService' of type [com.okta.spring.boot.oauth.ReactiveOktaOAuth2UserService] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying). Is this bean getting eagerly injected/applied to a currently created BeanPostProcessor [authManagerServerHttpSecurityBeanPostProcessor]? Check the corresponding BeanPostProcessor declaration and its dependencies/advisors. If this bean does not have to be post-processed, declare it with ROLE_INFRASTRUCTURE.
2025-01-08T13:03:27.510-05:00  WARN 84534 --- [siw-jquery] [  restartedMain] trationDelegate$BeanPostProcessorChecker : Bean 'oidcUserService' of type [com.okta.spring.boot.oauth.ReactiveOktaOidcUserService] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying). Is this bean getting eagerly injected/applied to a currently created BeanPostProcessor [authManagerServerHttpSecurityBeanPostProcessor]? Check the corresponding BeanPostProcessor declaration and its dependencies/advisors. If this bean does not have to be post-processed, declare it with ROLE_INFRASTRUCTURE.

Steps to reproduce

Set any of the Okta Spring Boot exampls projects to use Spring WebFlux.
For siw-jquery for example

examples/siw-jquery/src/main/java/com/okta/spring/example/ImplicitFlowApplication.java

/*
 * Copyright 2017 Okta, Inc.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package com.okta.spring.example;

import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.web.server.ServerHttpSecurity;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.server.SecurityWebFilterChain;

@SpringBootApplication
@EnableMethodSecurity(prePostEnabled = true, securedEnabled = true)
public class ImplicitFlowApplication {

    public static void main(String[] args) {
        SpringApplication.run(ImplicitFlowApplication.class, args);
    }

    @Configuration
    static class SecurityConfig {

        @Bean
        @ConditionalOnWebApplication(type = ConditionalOnWebApplication.Type.SERVLET)
        SecurityFilterChain servletFilterChain(HttpSecurity http) throws Exception {
            http.authorizeHttpRequests((requests) -> requests
                    .requestMatchers("/", "/index.html", "/sign-in-widget-config")
                    .permitAll()
                    .anyRequest()
                    .authenticated()
                )
                .oauth2ResourceServer(d -> d.jwt(f -> {}))
                .cors(f -> {});

            return http.build();
        }

        @Bean
        @ConditionalOnWebApplication(type = ConditionalOnWebApplication.Type.REACTIVE)
        SecurityWebFilterChain rxFilterChain(ServerHttpSecurity http) throws Exception {
            http.authorizeExchange((requests) -> requests
                    .pathMatchers("/", "/index.html", "/sign-in-widget-config")
                    .permitAll()
                    .anyExchange()
                    .authenticated()
                )
                .oauth2ResourceServer(d -> d.jwt(f -> {}))
                .cors(f -> {});

            return http.build();
        }
    }
}

examples/siw-jquery/src/main/resources/application.yml

okta:
 oauth2:
   issuer: "{yourOktaDomain}/oauth2/default"
   client-id: "{clientId}"
logging:
  level:
    ROOT: INFO
spring:
  main:
    web-application-type: reactive

examples/siw-jquery/pom.xml

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
     <!--........-->
    <dependencies>
        <!--........-->
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-data-rest</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-webflux</artifactId>
        </dependency>
        <!--........-->
</project>

SDK Version

This is running straight from the repository on master branch.
@vibbix vibbix changed the title [BUG] Okta Spring Starter Web doesn't properly intialize in WebFlux [BUG] Okta Spring Starter Web doesn't properly initialize in WebFlux Jan 8, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@vibbix