how to use a setter instead of New JWTAuthenticationFilter in SecurityConfig.java

Question

I'm working with spring-boot (using JWT and spring security ) and i have a class configSecurity in spring-boot with this code :

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)

public class SecurityConfig extends WebSecurityConfigurerAdapter { 

    protected void configure(HttpSecurity http) throws Exception {
        http.csrf().disable();
        http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
        http.authorizeRequests().antMatchers("/login/**").permitAll();
        http.authorizeRequests().antMatchers(HttpMethod.GET,"/ListProjects/**").hasAuthority("ADMIN");
        http.authorizeRequests().anyRequest().authenticated()
                .and()
                .exceptionHandling().authenticationEntryPoint(authenticationEntryPoint());
        http.authorizeRequests().antMatchers(HttpMethod.OPTIONS, "/**").permitAll(); //allow CORS option calls
       http.addFilter(new JWTAuthenticationFilter(authenticationManager()));
 http.addFilterBefore(new JWTAutorizationFilter(), UsernamePasswordAuthenticationFilter.class);
    }

And a class : JWTAuthenticationFilter.java which containts the contsructor :

 @Autowired
 public JWTAuthenticationFilter(AuthenticationManager authenticationManager)
  {
      this.authenticationManager = authenticationManager;
  }

My goal is to change the line in securityConfig:

  http.addFilter(new JWTAuthenticationFilter(authenticationManager())); 

into somthing like this :

http.addFilter(jwtAuthenticationFilter.SetJWTAuthenticationFilter(authenticationManager());

So i have added the Annocation @Autoweird in class SecurityConfig as This :

@Autowired
private JWTAuthenticationFilter jwtAuthenticationFilter;

So i didn't know how to make this method in JWTAuthenticationFilter.java , i did somthing like this :

          @Autowired
          public JWTAuthenticationFilter SetJWTAuthenticationFilter(AuthenticationManager authenticationManager) {
          this.authenticationManager = authenticationManager;
          return  // (1)
       }

(1) : So what should i return in this case? i don't want to use somthing like new JWTAuthenticationFilter () .. , Any idea ? or i'm not doing this in the right way .. ?

EDIT

after adding these changes , i'm not able to authenticate users , so not able to get the token of each user , i think the problem goes with the new class i have added it implements a method that returns null

 import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;

@Configuration
public class CustomAuthManager implements AuthenticationManager {

    @Override
    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        return null;
    }


}

Any idea ??

Answer 1

That part of code

 @Autowired
 public JWTAuthenticationFilter(AuthenticationManager authenticationManager) {
      this.authenticationManager = authenticationManager;
  }

means that if you create JWTAuthenticationFilter as a Spring component(not via calling new) AuthenticationManager will be automatically autowired into that class and you do not need to run any kind of setters.

What your authenticationManager() method is doing? If you just create a new @Bean of AuthenticationManager you may just do it in a separate class and It will be automatically autowired to JWTAuthenticationFilter.

Possible solution:
1. Create class:

@Configuration
public class CustomAuthManager implements AuthenticationManager {
...
}

2. Add to SecurityConfig:

@Autowired
private JWTAuthenticationFilter jwtAuthenticationFilter;

and use http.addFilter(jwtAuthenticationFilter);
3. Stay JWTAuthenticationFilter as is.