CAS Client+ spring security 3.1 got circular references error

Hi, I'm having issue, I want to do multiple authentication 1st with CAS and 2nd with Facebook, so I updated my Spring Security to 3.1, it support multiple <http> and working as expected but when I input CAS configuration in the XML, I just got BeanCurrentlyInCreationException, because circular reference, here we go my spring security xml

Code:

---

<?xml version="1.0" encoding="UTF-8"?>
<beans
        xmlns="http://www.springframework.org/schema/beans"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xmlns:security="http://www.springframework.org/schema/security"
        xsi:schemaLocation=" 
                http://www.springframework.org/schema/beans
                http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
        http://www.springframework.org/schema/security
        http://www.springframework.org/schema/security/spring-security-3.1.xsd">
 
 

        <!-- Start Spring Security Social-->

        <security:global-method-security
                proxy-target-class="false" >
        </security:global-method-security>
       
        <bean id="accessDecisionManager" class="org.springframework.security.access.vote.UnanimousBased"
                xmlns="http://www.springframework.org/schema/beans">
                <constructor-arg>
                        <list>
                                <bean class="org.springframework.security.access.vote.RoleVoter" />
                                <bean class="org.springframework.security.access.vote.AuthenticatedVoter" />
                        </list>
                </constructor-arg>
        </bean>

        <!-- CAS HTTP TAG -->
        <security:http auto-config="true"
                use-expressions="true"
                disable-url-rewriting="true"
                xmlns="http://www.springframework.org/schema/security"
                entry-point-ref="casAuthEntryPoint"
                pattern="/news/**">

               
                <intercept-url pattern="/news/**" access="hasRole('ROLE_USER')" />

                <custom-filter ref="casAuthenticationFilter" position="CAS_FILTER" />
               
                <custom-filter ref="casSingleSignOutFilter" after="LOGOUT_FILTER"/>
               
                <logout logout-url="/logout" invalidate-session="true" logout-success-url="/?logout=true"/>
               
        <access-denied-handler ref="o4uAccessDeniedHandler"/>
        </security:http>
       
        <!-- Spring Social HTTP TAG -->
        <security:http use-expressions="true"
                          entry-point-ref="springSocialSecurityEntryPoint"
                          xmlns="http://www.springframework.org/schema/security"
                          >

                <intercept-url pattern="/protected/twitter" access="hasRole('ROLE_USER_TWITTER')" />
                <intercept-url pattern="/protected/facebook" access="hasRole('ROLE_USER_FACEBOOK')" />
                <intercept-url pattern="/protected/facebookTwitter" access="hasRole('ROLE_USER_FACEBOOK') and hasRole('ROLE_USER_TWITTER')" />
                <intercept-url pattern="/protected/**" access="hasRole('ROLE_USER')" />
               
                <intercept-url pattern="/oauthconnect.jsp" access="hasRole('ROLE_USER')" />

        <access-denied-handler ref="springSocialSecurityAccessDeniedHandler"/>


                <security:logout logout-url="/logout" />

                <anonymous />
                <security:custom-filter position="FORM_LOGIN_FILTER"
                        ref="springSocialSecurityAuthenticationFilter" />

        </security:http>
       
        <bean id="springSocialSecurityEntryPoint"
                  class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
                <property name="loginFormUrl" value="/oauthlogin.jsp"/>
        </bean>

        <!-- End Spring Security Social -->

        <!-- CAS -->
        <bean id="o4uAccessDeniedHandler" class="com.o4u.commons.security.O4uAccessDeniedHandler">
                <property name="deactiveUrl" value="#{config['members.deactiveUrl']}"/>
        </bean>
       
        <!-- AUTHENTICATION MANAGER -->
        <security:authentication-manager alias="authenticationManager">
               
                <security:authentication-provider ref="casAuthenticationProvider" />
       
        </security:authentication-manager>
       
        <bean id="casSingleSignOutFilter" class="org.jasig.cas.client.session.SingleSignOutFilter"/>
   
    <!-- AUTH ENTRY POINT -->
        <bean id="casAuthEntryPoint"
                class="org.springframework.security.cas.web.CasAuthenticationEntryPoint">
                <property name="loginUrl" value="#{config['cas.url']}" />
                <property name="serviceProperties" ref="casService" />
        </bean>
       
        <bean id="casService"
                class="org.springframework.security.cas.ServiceProperties">
                <property name="service"
                        value="#{config['cas.auth']}"></property>
        </bean>

        <!-- AUTH FILTER -->
        <bean id="casAuthenticationFilter"
                class="org.springframework.security.cas.web.CasAuthenticationFilter">
                <property name="authenticationManager" ref="authenticationManager" /> <!-- Required -->
                <property name="filterProcessesUrl" value="/auth_check" />
                <!--
                <beans:property name="authenticationSuccessHandler" ref="authenticationSuccessHandler" />
                -->
        </bean>

    <!-- Auth Provider -->
        <bean id="casAuthenticationProvider"
                class="org.springframework.security.cas.authentication.CasAuthenticationProvider">
                <property name="ticketValidator" ref="casTicketValidator" /> <!-- Required -->
                <!-- <beans:property name="ticketValidator" ref="samlTicketValidator"/> -->
                <property name="serviceProperties" ref="casService" /> <!-- Required -->
                <property name="key" value="olleh4u-cas" /> <!-- Required -->
                <property name="authenticationUserDetailsService"
                        ref="authenticationUserDetailsService" />
        </bean>
       
        <!-- CAS Ticket Validator -->
        <bean id="casTicketValidator"
                class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
                <!-- Constructor: public Cas20ServiceTicketValidator(final String casServerUrlPrefix) -->
                <constructor-arg value="#{config['cas.url']}" />
        </bean>
               
        <!-- AUTH USER DETAIL SERVICE -->       
        <bean id="authenticationUserDetailsService" class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper">
                <property name="userDetailsService" ref="jdbcUserDetailsManager"/>
        </bean>
       
        <!-- JDBC USER DETAIL MANAGER -->       
        <bean id="jdbcUserDetailsManager"
                class="org.springframework.security.provisioning.JdbcUserDetailsManager">
                <property name="authenticationManager" ref="authenticationManager" />
                <property name="dataSource" ref="dataSource-members" />
                <property name="enableGroups" value="true" />
                <property name="enableAuthorities" value="false" />
        </bean>
       
       
        <!-- SAML Ticket Validator
        <beans:bean id="samlTicketValidator" class="org.jasig.cas.client.validation.Saml11TicketValidator">
                <beans:constructor-arg value="#{config['cas.url']}" />
        </beans:bean>
          -->
        <!-- END CAS -->

        <bean id="passwordEncoder"
                class="org.springframework.security.authentication.encoding.Md5PasswordEncoder" />
</beans>

---

Got error

Code:

---

Caused by: org.springframework.beans.factory.BeanCurrentlyInCreationException: Error creating bean with name 'org.springframework.security.authenticationManager': Requested bean is currently in creation: Is there an unresolvable circular reference?
        at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.beforeSingletonCreation(DefaultSingletonBeanRegistry.java:300)
        at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:219)
        at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:291)
        at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:193)
        at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:322)

---

I'm using cas-client-core-3.1.10.jar and spring security version 3.1.2 Release, can anyone help?

Hi,

It's fairly strange as your configuration looks correct.
Can you turn on DEBUG logs on org.springframework and post your logs (as a file) ?
Thanks,
Jérôme

Hi, Mister Jérôme, thank you for your respond, I'm very proud with CAS Developer..
Before this error I'm using CAS with spring security version 3.0 and it's okay and no problem,
but when I try to update Spring Security to 3.1, I got this error..
I don't know if I miss something..
I want to update my spring security because I want to using multiple <http> tag

this is my tomcat log

http://olleh4u.com/resources/uploads/image/tomcat.log

OK. I think I see the problem :
the authenticationManager bean is built with the casAuthenticationProvider bean which is built with the authenticationUserDetailsService bean which is built with the jdbcUserDetailsManager bean which is built with the authenticationManager bean -> circular reference

I may be naive, but can't you use a JdbcDaoImpl bean to inject as userDetailsService in the authenticationUserDetailsService bean and create a new separate jdbcUserDetailsManager bean ?

Sorry for the late reply, maybe I'll try that out, I just confuse, why I don't get this circular reference error when using CAS client + Spring security version 3.0, but this error just happen when I use higher version of spring security, maybe I'm missing some update log...