Why AuthenticationManager is throwing StackOverflowError?

Asked 28/10, 2019 at 21:8 Answered 25/5, 2024 at 19:46

Solved spring spring-boot spring-security jwt

I am getting StackOverflowError while calling authenticationManger.authenticate()

java.lang.StackOverflowError: null at org.apache.commons.logging.LogAdapter$Slf4jLog.isDebugEnabled(LogAdapter.java:300) ~[spring-jcl-5.1.10.RELEASE.jar:5.1.10.RELEASE] at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:162) ~[spring-security-core-5.1.6.RELEASE.jar:5.1.6.RELEASE] at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter$AuthenticationManagerDelegator.authenticate(WebSecurityConfigurerAdapter.java:503) ~[spring-security-config-5.1.6.RELEASE.jar:5.1.6.RELEASE]

I am trying to implement JWT in my application. I have created JWTTOkenUtil, Filter, Controller. But only Authentication manager is not working. I have tried with CustomAuthenticationManger as well but same error.

File AppConfig.java

    @Configuration
    @EnableWebSecurity
    @EnableGlobalMethodSecurity(prePostEnabled = true)
    public class AppConfig  extends WebSecurityConfigurerAdapter{

    @Autowired
    private JwtUserDetailService jwtUserDetailService;

    @Autowired
    private JwtAuthenticationProvider jwtAuthenticationProvider;

    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth.authenticationProvider(jwtAuthenticationProvider);

     //auth.userDetailsService(jwtUserDetailService).passwordEncoder(passwordEncoder());
    }

    @Bean
    @Override
    public AuthenticationManager authenticationManager() throws Exception {
        return super.authenticationManagerBean();
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.csrf().disable()
            .authorizeRequests().antMatchers("/version").permitAll()
            .anyRequest().authenticated()
            .and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
        http.addFilterBefore(jwtRequestFilter(), UsernamePasswordAuthenticationFilter.class);
    }

    @Bean
    public JwtRequestFilter jwtRequestFilter() {
            return new JwtRequestFilter();
    }
}

Stab answered 28/10, 2019 at 21:8 Comment(6)

WebSecurityConfigurerAdapter.java:503 line number delegate.authenticate(authentication); where delegate is declared as private AuthenticationManager delegate; And you have not given complete logs, even not good formatted logs. But in logs i didn't see null pointer, but it shows java.lang.StackOverflowError: null at this much i can figure out. As you have not provided code of JwtAuthenticationProvider question seems to be have incomplete information. – Faradism 29/10, 2019 at 18:59

You could just not override AuthenticationManager authenticationManager() method. authenticationManager() and authenticationManagerBean() of WebSecurityConfigurerAdapter are two different methods, and you are calling authenticationManagerBean() method of your super class, which, as far as I know, depends on authenticationManager() method. This, in return creates a cyclic calls of methods. – Stella 29/10, 2019 at 19:2

@Hasan exactly that will be source of stack overflow error. authenticationManager method should return an implementation of AuthenticationManager by overriding authenticate method. – Faradism 29/10, 2019 at 19:4

Thanks. You are right. I should call super method of what i am overriding. either authenticateManager() or authenticateManagerBean(). – Stab 30/10, 2019 at 0:37

@HasanCanSaral you should post as an answer for acknowledgement. Often times comments go unread by those skimming for the selected/upvoted answer. Your explanation helped me with the same issue. Thanks – Sigismondo 4/1, 2020 at 20:18

@Sigismondo You're right, I just didn't know if it helped to the OP. Just in case, though. – Stella 5/1, 2020 at 15:36

authenticationManager() and authenticationManagerBean() of WebSecurityConfigurerAdapter are two different methods, and you are calling authenticationManagerBean() method of your super class, which, as far as I know, depends on authenticationManager() method. This, in return creates a cyclic calls of methods, which finally results in StackOverflowError exception.

You could try just not override AuthenticationManager authenticationManager() method, or return a solid implementation when doing so.

Stella answered 5/1, 2020 at 15:38 Comment(0)

You are overiding the wrong method authenticationManager(), it should be authenticationManagerBean() instead.

Selfconceit answered 2/6, 2021 at 19:19 Comment(0)

Instead overriding authenticationManager() method, you need to override authenticationManagerBean() method of WebSecurityConfigurerAdapter class.

This is a working configuration for me.

@RequiredArgsConstructor
@EnableWebSecurity
public class SecurityConfigurer extends WebSecurityConfigurerAdapter {

    private final CustomUserDetailsService customUserDetailsService;

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(customUserDetailsService);
    }

    @Override
    protected void configure (HttpSecurity http) throws Exception{
        http
                .csrf()
                .disable()
                .authorizeRequests()
                .antMatchers("/authenticate").permitAll()
                .anyRequest().authenticated();
    }

    @Override
    @Bean
    public AuthenticationManager authenticationManagerBean() throws Exception{
        return super.authenticationManagerBean();
    }


    @Bean
    public PasswordEncoder passwordEncoder(){
        return NoOpPasswordEncoder.getInstance();
    }
}

Estas answered 24/7, 2021 at 15:0 Comment(0)

I too ran into this issue,while trying to implement jwt based authentication in my application.

while implementing the WebSecurityConfigurerAdapter, my code was as below

public class JwtSecurityConfiguration extends WebSecurityConfigurerAdapter{

    ...

    @Bean
    @Override
    public AuthenticationManager authenticationManager() throws Exception {
        return super.authenticationManager**Bean**();
    }
}

causing the same StackOverflow :-) exception:

java.lang.StackOverflowError: null
    at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:172) ~[spring-security-core-5.7.2.jar:5.7.2]
    at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter$AuthenticationManagerDelegator.authenticate(WebSecurityConfigurerAdapter.java:514) ~[spring-security-config-5.7.2.jar:5.7.2]

As pointed out by @Hasan Can Saral

I had a typo/wrong implementation of authenticationManager() Here is the correct version,and the exception is fixed

@Bean
@Override
public AuthenticationManager authenticationManager() throws Exception {
    return super.authenticationManager();
}

Hamsun answered 25/5, 2024 at 19:46 Comment(1)

WebSecurityConfigurerAdapter is deprecated: spring.io/blog/2022/02/21/… – Whitener 30/5, 2024 at 12:40

Recommended topics

Hot tags