Spring Security Config: AlreadyBuiltException: This object has already been built

Question

I'm teaching myself Spring Security. I currently have two java files and the pom file. For some reason, when I override the protected void configure(HttpSecurity http) method in WebSecurityConfigurerAdapter it gives an AlreadyBuiltException. If I remove the overridden method it will run with no errors. My code is below:

IntegrationTest.java

@SpringBootApplication
@EnableAutoConfiguration(exclude={DataSourceAutoConfiguration.class})
@ComponentScan({"com.socialsignin", "test.com.socialsignin"})
public class IntegrationTest {
    public static void main(String[] args) {
        ConfigurableApplicationContext context = SpringApplication.run(IntegrationTest.class, args);
    }
}

SecurityConfig.java

package com.socialsignin.config;

@EnableWebSecurity
@Component
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth
            .inMemoryAuthentication()
                .withUser("user").password("password").roles("USER");
    }

    @Override
    public void configure(WebSecurity web) throws Exception {
        web
          .ignoring()
             .antMatchers("/resources/**"); 
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {

        http
            .formLogin()
                .loginPage("/signin")
                .loginProcessingUrl("/signin/authenticate")
                .failureUrl("/signin?param.error=bad_credentials")
            .and()
                .logout()
                .logoutUrl("/signout")
                    .deleteCookies("JSESSIONID")
            .and()
                .authorizeRequests()
                .antMatchers("/admin/**", "/favicon.ico", "/resources/**", "/auth/**", "/signin/**", "/signup/**", "/disconnect/facebook").permitAll()
                .antMatchers("/**").authenticated()
            .and()
                .rememberMe()
            .and()
                .apply(new SpringSocialConfigurer());
    }

}

Logs

org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'springSecurityFilterChain' defined in class path resource [org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [javax.servlet.Filter]: Factory method 'springSecurityFilterChain' threw exception; nested exception is java.lang.IllegalStateException: SpringSocialConfigurer depends on org.springframework.social.connect.UsersConnectionRepository. No single bean of that type found in application context.
at org.springframework.beans.factory.support.ConstructorResolver.instantiateUsingFactoryMethod(ConstructorResolver.java:599) ~[spring-beans-4.2.7.RELEASE.jar:4.2.7.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.instantiateUsingFactoryMethod(AbstractAutowireCapableBeanFactory.java:1123) ~[spring-beans-4.2.7.RELEASE.jar:4.2.7.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1018) ~[spring-beans-4.2.7.RELEASE.jar:4.2.7.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:510) ~[spring-beans-4.2.7.RELEASE.jar:4.2.7.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:482) ~[spring-beans-4.2.7.RELEASE.jar:4.2.7.RELEASE]
at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:306) ~[spring-beans-4.2.7.RELEASE.jar:4.2.7.RELEASE]
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230) ~[spring-beans-4.2.7.RELEASE.jar:4.2.7.RELEASE]
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:302) ~[spring-beans-4.2.7.RELEASE.jar:4.2.7.RELEASE]
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:202) ~[spring-beans-4.2.7.RELEASE.jar:4.2.7.RELEASE]
at org.springframework.context.support.AbstractApplicationContext.getBean(AbstractApplicationContext.java:1060) ~[spring-context-4.2.7.RELEASE.jar:4.2.7.RELEASE]
at org.springframework.web.filter.DelegatingFilterProxy.initDelegate(DelegatingFilterProxy.java:326) ~[spring-web-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.springframework.web.filter.DelegatingFilterProxy.initFilterBean(DelegatingFilterProxy.java:235) ~[spring-web-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.springframework.web.filter.GenericFilterBean.init(GenericFilterBean.java:199) ~[spring-web-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.apache.catalina.core.ApplicationFilterConfig.initFilter(ApplicationFilterConfig.java:279) ~[tomcat-embed-core-8.0.36.jar:8.0.36]
at org.apache.catalina.core.ApplicationFilterConfig.<init>(ApplicationFilterConfig.java:109) ~[tomcat-embed-core-8.0.36.jar:8.0.36]
at org.apache.catalina.core.StandardContext.filterStart(StandardContext.java:4689) [tomcat-embed-core-8.0.36.jar:8.0.36]
at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5329) [tomcat-embed-core-8.0.36.jar:8.0.36]
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:147) [tomcat-embed-core-8.0.36.jar:8.0.36]
at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1407) [tomcat-embed-core-8.0.36.jar:8.0.36]
at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1397) [tomcat-embed-core-8.0.36.jar:8.0.36]
at java.util.concurrent.FutureTask.run(FutureTask.java:266) [na:1.8.0_66]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [na:1.8.0_66]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [na:1.8.0_66]
at java.lang.Thread.run(Thread.java:745) [na:1.8.0_66]

Caused by: org.springframework.beans.BeanInstantiationException: Failed to instantiate [javax.servlet.Filter]: Factory method 'springSecurityFilterChain' threw exception; nested exception is java.lang.IllegalStateException: SpringSocialConfigurer depends on org.springframework.social.connect.UsersConnectionRepository. No single bean of that type found in application context. at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:189) ~[spring-beans-4.2.7.RELEASE.jar:4.2.7.RELEASE] at org.springframework.beans.factory.support.ConstructorResolver.instantiateUsingFactoryMethod(ConstructorResolver.java:588) ~[spring-beans-4.2.7.RELEASE.jar:4.2.7.RELEASE] ... 23 common frames omitted Caused by: java.lang.IllegalStateException: SpringSocialConfigurer depends on org.springframework.social.connect.UsersConnectionRepository. No single bean of that type found in application context. at org.springframework.social.security.SpringSocialConfigurer.getDependency(SpringSocialConfigurer.java:117) ~[spring-social-security-1.1.4.RELEASE.jar:1.1.4.RELEASE] at org.springframework.social.security.SpringSocialConfigurer.configure(SpringSocialConfigurer.java:71) ~[spring-social-security-1.1.4.RELEASE.jar:1.1.4.RELEASE] at org.springframework.social.security.SpringSocialConfigurer.configure(SpringSocialConfigurer.java:44) ~[spring-social-security-1.1.4.RELEASE.jar:1.1.4.RELEASE] at org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder.configure(AbstractConfiguredSecurityBuilder.java:383) ~[spring-security-config-4.0.4.RELEASE.jar:4.0.4.RELEASE] at org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder.doBuild(AbstractConfiguredSecurityBuilder.java:329) ~[spring-security-config-4.0.4.RELEASE.jar:4.0.4.RELEASE] at org.springframework.security.config.annotation.AbstractSecurityBuilder.build(AbstractSecurityBuilder.java:41) ~[spring-security-config-4.0.4.RELEASE.jar:4.0.4.RELEASE] at org.springframework.security.config.annotation.web.builders.WebSecurity.performBuild(WebSecurity.java:289) ~[spring-security-config-4.0.4.RELEASE.jar:4.0.4.RELEASE] at org.springframework.security.config.annotation.web.builders.WebSecurity.performBuild(WebSecurity.java:74) ~[spring-security-config-4.0.4.RELEASE.jar:4.0.4.RELEASE] at org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder.doBuild(AbstractConfiguredSecurityBuilder.java:333) ~[spring-security-config-4.0.4.RELEASE.jar:4.0.4.RELEASE] at org.springframework.security.config.annotation.AbstractSecurityBuilder.build(AbstractSecurityBuilder.java:41) ~[spring-security-config-4.0.4.RELEASE.jar:4.0.4.RELEASE] at org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration.springSecurityFilterChain(WebSecurityConfiguration.java:105) ~[spring-security-config-4.0.4.RELEASE.jar:4.0.4.RELEASE] at org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration$$EnhancerBySpringCGLIB$$2ba5cd93.CGLIB$springSecurityFilterChain$3() ~[spring-security-config-4.0.4.RELEASE.jar:4.0.4.RELEASE] at org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration$$EnhancerBySpringCGLIB$$2ba5cd93$$FastClassBySpringCGLIB$$164abca.invoke() ~[spring-security-config-4.0.4.RELEASE.jar:4.0.4.RELEASE] at org.springframework.cglib.proxy.MethodProxy.invokeSuper(MethodProxy.java:228) ~[spring-core-4.2.7.RELEASE.jar:4.2.7.RELEASE] at org.springframework.context.annotation.ConfigurationClassEnhancer$BeanMethodInterceptor.intercept(ConfigurationClassEnhancer.java:356) ~[spring-context-4.2.7.RELEASE.jar:4.2.7.RELEASE] at org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration$$EnhancerBySpringCGLIB$$2ba5cd93.springSecurityFilterChain() ~[spring-security-config-4.0.4.RELEASE.jar:4.0.4.RELEASE] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_66] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:1.8.0_66] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_66] at java.lang.reflect.Method.invoke(Method.java:497) ~[na:1.8.0_66] at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:162) ~[spring-beans-4.2.7.RELEASE.jar:4.2.7.RELEASE] ... 24 common frames omitted Caused by: org.springframework.beans.factory.NoSuchBeanDefinitionException: No qualifying bean of type [org.springframework.social.connect.UsersConnectionRepository] is defined at org.springframework.beans.factory.support.DefaultListableBeanFactory.getBean(DefaultListableBeanFactory.java:372) ~[spring-beans-4.2.7.RELEASE.jar:4.2.7.RELEASE] at org.springframework.beans.factory.support.DefaultListableBeanFactory.getBean(DefaultListableBeanFactory.java:332) ~[spring-beans-4.2.7.RELEASE.jar:4.2.7.RELEASE] at org.springframework.context.support.AbstractApplicationContext.getBean(AbstractApplicationContext.java:1066) ~[spring-context-4.2.7.RELEASE.jar:4.2.7.RELEASE] at org.springframework.social.security.SpringSocialConfigurer.getDependency(SpringSocialConfigurer.java:114) ~[spring-social-security-1.1.4.RELEASE.jar:1.1.4.RELEASE] ... 44 common frames omitted

2016-07-27 12:13:30.582 ERROR 3869 --- [ost-startStop-1] o.apache.catalina.core.StandardContext : One or more Filters failed to start. Full details will be found in the appropriate container log file 2016-07-27 12:13:30.583 ERROR 3869 --- [ost-startStop-1] o.apache.catalina.core.StandardContext : Context [] startup failed due to previous errors 2016-07-27 12:13:30.627 WARN 3869 --- [ main] ationConfigEmbeddedWebApplicationContext : Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'springSecurityFilterChain' defined in class path resource [org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [javax.servlet.Filter]: Factory method 'springSecurityFilterChain' threw exception; nested exception is org.springframework.security.config.annotation.AlreadyBuiltException: This object has already been built 2016-07-27 12:13:30.632 INFO 3869 --- [ main] o.apache.catalina.core.StandardService : Stopping service Tomcat 2016-07-27 12:13:30.638 ERROR 3869 --- [ main] o.s.boot.SpringApplication : Application startup failed

org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'springSecurityFilterChain' defined in class path resource [org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [javax.servlet.Filter]: Factory method 'springSecurityFilterChain' threw exception; nested exception is org.springframework.security.config.annotation.AlreadyBuiltException: This object has already been built at org.springframework.beans.factory.support.ConstructorResolver.instantiateUsingFactoryMethod(ConstructorResolver.java:599) ~[spring-beans-4.2.7.RELEASE.jar:4.2.7.RELEASE] at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.instantiateUsingFactoryMethod(AbstractAutowireCapableBeanFactory.java:1123) ~[spring-beans-4.2.7.RELEASE.jar:4.2.7.RELEASE] at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1018) ~[spring-beans-4.2.7.RELEASE.jar:4.2.7.RELEASE] at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:510) ~[spring-beans-4.2.7.RELEASE.jar:4.2.7.RELEASE] at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:482) ~[spring-beans-4.2.7.RELEASE.jar:4.2.7.RELEASE] at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:306) ~[spring-beans-4.2.7.RELEASE.jar:4.2.7.RELEASE] at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230) ~[spring-beans-4.2.7.RELEASE.jar:4.2.7.RELEASE] at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:302) ~[spring-beans-4.2.7.RELEASE.jar:4.2.7.RELEASE] at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:197) ~[spring-beans-4.2.7.RELEASE.jar:4.2.7.RELEASE] at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:296) ~[spring-beans-4.2.7.RELEASE.jar:4.2.7.RELEASE] at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:197) ~[spring-beans-4.2.7.RELEASE.jar:4.2.7.RELEASE] at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:772) ~[spring-beans-4.2.7.RELEASE.jar:4.2.7.RELEASE] at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:839) ~[spring-context-4.2.7.RELEASE.jar:4.2.7.RELEASE] at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:538) ~[spring-context-4.2.7.RELEASE.jar:4.2.7.RELEASE] at org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.refresh(EmbeddedWebApplicationContext.java:118) ~[spring-boot-1.3.6.RELEASE.jar:1.3.6.RELEASE] at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:760) [spring-boot-1.3.6.RELEASE.jar:1.3.6.RELEASE] at org.springframework.boot.SpringApplication.createAndRefreshContext(SpringApplication.java:360) [spring-boot-1.3.6.RELEASE.jar:1.3.6.RELEASE] at org.springframework.boot.SpringApplication.run(SpringApplication.java:306) [spring-boot-1.3.6.RELEASE.jar:1.3.6.RELEASE] at org.springframework.boot.SpringApplication.run(SpringApplication.java:1185) [spring-boot-1.3.6.RELEASE.jar:1.3.6.RELEASE] at org.springframework.boot.SpringApplication.run(SpringApplication.java:1174) [spring-boot-1.3.6.RELEASE.jar:1.3.6.RELEASE] at test.com.socialsignin.app.IntegrationTest.main(IntegrationTest.java:15) [test-classes/:na] Caused by: org.springframework.beans.BeanInstantiationException: Failed to instantiate [javax.servlet.Filter]: Factory method 'springSecurityFilterChain' threw exception; nested exception is org.springframework.security.config.annotation.AlreadyBuiltException: This object has already been built at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:189) ~[spring-beans-4.2.7.RELEASE.jar:4.2.7.RELEASE] at org.springframework.beans.factory.support.ConstructorResolver.instantiateUsingFactoryMethod(ConstructorResolver.java:588) ~[spring-beans-4.2.7.RELEASE.jar:4.2.7.RELEASE] ... 20 common frames omitted Caused by: org.springframework.security.config.annotation.AlreadyBuiltException: This object has already been built at org.springframework.security.config.annotation.AbstractSecurityBuilder.build(AbstractSecurityBuilder.java:44) ~[spring-security-config-4.0.4.RELEASE.jar:4.0.4.RELEASE] at org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration.springSecurityFilterChain(WebSecurityConfiguration.java:105) ~[spring-security-config-4.0.4.RELEASE.jar:4.0.4.RELEASE] at org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration$$EnhancerBySpringCGLIB$$2ba5cd93.CGLIB$springSecurityFilterChain$3() ~[spring-security-config-4.0.4.RELEASE.jar:4.0.4.RELEASE] at org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration$$EnhancerBySpringCGLIB$$2ba5cd93$$FastClassBySpringCGLIB$$164abca.invoke() ~[spring-security-config-4.0.4.RELEASE.jar:4.0.4.RELEASE] at org.springframework.cglib.proxy.MethodProxy.invokeSuper(MethodProxy.java:228) ~[spring-core-4.2.7.RELEASE.jar:4.2.7.RELEASE] at org.springframework.context.annotation.ConfigurationClassEnhancer$BeanMethodInterceptor.intercept(ConfigurationClassEnhancer.java:356) ~[spring-context-4.2.7.RELEASE.jar:4.2.7.RELEASE] at org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration$$EnhancerBySpringCGLIB$$2ba5cd93.springSecurityFilterChain() ~[spring-security-config-4.0.4.RELEASE.jar:4.0.4.RELEASE] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_66] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:1.8.0_66] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_66] at java.lang.reflect.Method.invoke(Method.java:497) ~[na:1.8.0_66] at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:162) ~[spring-beans-4.2.7.RELEASE.jar:4.2.7.RELEASE] ... 21 common frames omitted

Could try to use @Configuration annotation for your SecurityConfig class? — Unknown
Yes I should be using that. Just changed it to @Configuration but still get the same error :( — user1011376

Rob Baily Rob Baily · Accepted Answer · 2016-09-02T14:45:17

I was having this error as well without any change that I could detect. Maybe when I upgraded to Spring Boot 1.4 but not sure. What was frustrating is that running from my IDE did not show the error, it only happened when deployed on Heroku. The change I made to resolve was to add the "@Order(0)" to an inner class, see code example below. Setting up the security configuration is very confusing so I am not clear on why this works but perhaps it can help someone else out as something to try.

Also for the case where the configureGlobal is used check out https://github.com/spring-projects/spring-security/issues/3042 and Can not apply DaoAuthenticationConfigurer to already built object as they may also be relevant.

@Configuration
@EnableWebSecurity
@Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)
public class SpringSecurityConfigurer {

    @Configuration
    @Order(1)
    public static class ApiWebSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter {

        /** We expect that the URLs secured here are called as part of the application or via websocket. */
        protected void configure(HttpSecurity http) throws Exception {
            http
                    .requestMatchers().antMatchers("/restapi/requests/**", "/simulation/**", "/api/**", "/wsconnect/**").and()
                    .authorizeRequests()
                    .anyRequest().authenticated()
                    .and()
                    .httpBasic()
                    .and()
                    .csrf().disable();
        }
    }

    @Configuration
    @Order(2)
    public static class StatelessApiWebSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter {

        /** We expect that the URLs secured here are called called externally. */
        protected void configure(HttpSecurity http) throws Exception {
            http
                    .requestMatchers().antMatchers("/restapi/**").and()
                    .authorizeRequests()
                    .anyRequest().authenticated()
                    .and()
                    .httpBasic()
                    .and()
                    .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
                    .and()
                    .csrf().disable();
        }
    }

    @Configuration
    @Order(3)
    public static class SubscriptionWebSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter {

        protected void configure(HttpSecurity http) throws Exception {
            http
                    .requestMatchers().antMatchers("/subscribe**","/subscribe/**").and()
                    .addFilterBefore(new ApplicationSecurityTokenFilter(), UsernamePasswordAuthenticationFilter.class)
                    .authorizeRequests()
                    .anyRequest().authenticated()
                    .and()
                    .httpBasic()
                    .and()
                    .csrf().disable();
        }
    }

    @Configuration
    @Order(0)
    protected static class ApplicationSecurity extends WebSecurityConfigurerAdapter {

        @Autowired
        ApplicationUserDetailsManager applicationUserDetailsManager;

        @Autowired // need Autowired instead of Override here, not clear why!
        public void configure(AuthenticationManagerBuilder auth) throws Exception {
            // configure the repository user details service
//            PasswordEncoder encoder = new BCryptPasswordEncoder();
            auth.userDetailsService(applicationUserDetailsManager);
            // make sure we have the default user if it is not there
            if(!applicationUserDetailsManager.userExists("user")) {
                ApplicationUser defaultApplicationUser = new ApplicationUser();
                defaultApplicationUser.setUsername("user");
                defaultApplicationUser.setPassword("password");
                defaultApplicationUser.setEnabled(true);
                applicationUserDetailsManager.createUser(new ApplicationUserDetails(defaultApplicationUser));
            }
        }

        @Override
        protected void configure(HttpSecurity http) throws Exception {
            // configure our web security that uses a form login
            http
                    .authorizeRequests()
                        .anyRequest().authenticated()
                        .and()
                    .formLogin()
                        .loginPage("/login")
                        .permitAll()
                        .and()
                    .logout()
                        .permitAll()
                        // note that this overrides CSRF for logout as it allows a GET to logout
                    .logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
                        .and()
                    .rememberMe();
        }

        @Override
        public void configure(WebSecurity web) throws Exception {
            web
                    .ignoring()
                    // Spring Security should completely ignore URLs starting with /icons/ and /images/
                    .antMatchers("/icons/**")
                    .antMatchers("/images/**")
                    .antMatchers("/favicon.ico");
        }
    }
}

Spring Security Config: AlreadyBuiltException: This object has already been built

2 Answers