Reputation: 445
Could not autowire authentication manager in Spring Boot 2.0.0
So I've been trying to implement oAuth2 in a simple Spring MVC app.
In the guide I was following, in their AuthorizationServerConfigurerAdapter they @Autowired an AuthenticationManager. They used Spring Boot version 1.5.2.
I wanted to use Spring Boot 2.0.0 as this is the latest version so I wanted to learn the latest practices. However, in my pom.xml when I change:
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>1.5.2.RELEASE</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
to:
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.0.0.RELEASE</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
All of a sudden, I can't autowire AuthenticationManager.
Could not autowire. No beans of 'AuthenticationManager' type found.
Could someone come up with a solution to this?
Thanks!
Upvotes: 25
Views: 29559
Answers (2)
Reputation: 10142
In latest version of Spring Boot 2.7.2 , class WebSecurityConfigurerAdapter is deprecated and you have to use new style to write security configurations ,
Spring Security without the WebSecurityConfigurerAdapter
With that being said , something like below works for me with Spring Boot 2.7.2 .
I have a JWT token filter that required plugged in to verify incoming JWT Tokens.
Trying to highlight the usage of - SecurityFilterChain & AuthenticationConfiguration
import java.util.List;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
import org.springframework.security.web.util.matcher.RequestMatcher;
//import my custom jwt class package;
import lombok.RequiredArgsConstructor;
@Configuration
@EnableWebSecurity
@RequiredArgsConstructor
public class WebSecurityConfig {
private final AuthenticationConfiguration authConfiguration;
@Bean
public AuthenticationManager authenticationManager() throws Exception {
return authConfiguration.getAuthenticationManager();
}
@Autowired
public void configure(AuthenticationManagerBuilder builder, AuthenticationProvider jwtAuthenticationProvider) {
builder.authenticationProvider(jwtAuthenticationProvider);
}
@Bean
public SecurityFilterChain configure(HttpSecurity http, AuthenticationEntryPoint authenticationEntryPoint,
RequestMatcher requestMatcher)
throws Exception {
http.cors().and().csrf().disable().exceptionHandling().authenticationEntryPoint(authenticationEntryPoint).and()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and().authorizeRequests()
.antMatchers(HttpMethod.OPTIONS, "/**").permitAll()
.antMatchers(HttpMethod.GET, List.of("/favicon.ico", "/**/*.html").toArray(new String[0])).permitAll();
AbstractAuthenticationProcessingFilter jwtFilter = new MyCustomClass(requestMatcher);
jwtFilter.setAuthenticationManager(authenticationManager());
http.addFilterBefore(jwtFilter, BasicAuthenticationFilter.class);
return http.build();
}
}
Upvotes: 11
Reputation: 1735
If you want to continue with boot starter packages, according to release notes you need to override authanticationManagerBean method inside the WebSecurityConfigurerAdapter .
Here code sample :
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
}
Upvotes: 81
Related Questions
- Could not autowire field: private org.springframework.security.authentication.AuthenticationManager
- Spring boot 2.0.3 + Security + Oauth2 autoconfigure
- spring-security-oauth2-autoconfigure usage
- Spring boot Security Config - authenticationManager must be specified
- autowired for authentication manager
- @Autowire is not working in Spring security Custom Authentication provider
- Spring Security - Autowired not working
- Spring-boot OAuth2 implementation: NoSuchBeanDefinitionException: No qualifying bean of type AuthenticationManager
- Could not autowire, there is more than one bean error
- Spring Oauth2 provider PreAuthorize failed to inject autowired