How to load a custom DaoAuthenticationProvider into the Spring Context?

java spring spring-mvc spring-security spring-aspects
Alessandro C picture Alessandro C · Apr 21, 2016 · Viewed 18.2k times · Source

I have this issue with Spring Security.

I have a java-config implementation with a SecurityConfig class, that extends WebSecurityConfigurerAdapter.

In this class I want to override the method "configure()"

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true, proxyTargetClass = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter{

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        MyDaoAuthenticationProvider provider = new MyDaoAuthenticationProvider();
        provider.setPasswordEncoder(passwordEncoder());
        provider.setUserDetailsService(securityService);
        auth.authenticationProvider(provider);
    }

    //...

}

All is OK and it works.

The problem is that "MyDaoAuthenticationProvider" component is not loaded on the Spring Context. So I can't inject or Autowired any components in this class:

public class MyDaoAuthenticationProvider extends DaoAuthenticationProvider {

    @Autowired
    AuthenticationHandler authenticationHandler;    // <- authenticationHandler is null, is not resolved

    @Override
    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        authenticationHandler.authenticate(authentication);    // <- NullPointerException in this point
    }

}

This is the AuthenticationHandler class:

@Component
public class AuthenticationHandler {

    public void authenticate (Authentication authentication) {
        // do stuff
    }

}

If I put the @Component on the MyDaoAuthenticationProvider class and I add the @Autowired annotation in the SecurityConfig class:

@Autowired
MyDaoAuthenticationProvider provider;

the application crash on the start with this error:

org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'myDaoAuthenticationProvider' defined in file [...\MyDaoAuthenticationProvider.class]: Invocation of init method failed; nested exception is java.lang.IllegalArgumentException: A UserDetailsService must be set
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1578)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:545)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:482)
    at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:306)
    at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
    at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:302)
    at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:197)
    at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:772)
    at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:839)
    at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:538)
    at org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext(ContextLoader.java:446)
    at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:328)
    at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:107)
    at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4812)
    at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5255)
    at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
    at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1408)
    at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1398)
    at java.util.concurrent.FutureTask.run(FutureTask.java:266)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
    at java.lang.Thread.run(Thread.java:745)
Caused by: java.lang.IllegalArgumentException: A UserDetailsService must be set
    at org.springframework.util.Assert.notNull(Assert.java:115)
    at org.springframework.security.authentication.dao.DaoAuthenticationProvider.doAfterPropertiesSet(DaoAuthenticationProvider.java:105)
    at org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider.afterPropertiesSet(AbstractUserDetailsAuthenticationProvider.java:122)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1637)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1574)
    ... 21 more

What I have to do to resolve this issue? Thanks.

EDIT

SOLUTION

Thanks to OrangeDog, I fixed the problem with this implementation:

@Bean
public MyDaoAuthenticationProvider myAuthProvider() throws Exception {
    MyDaoAuthenticationProvider provider = new MyDaoAuthenticationProvider();
    provider.setPasswordEncoder(passwordEncoder());
    provider.setUserDetailsService(securityService);
    return provider;
}

@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
    auth.authenticationProvider(myAuthProvider());
}

With this configuration, the bean is correctly initialized and there's no more the error "java.lang.IllegalArgumentException: A UserDetailsService must be set".

Furthermore, the bean is loaded into the Spring Context, so all the injected components in the DaoAuthenticationProvider are correctly resolved.

Answer

OrangeDog picture OrangeDog · Apr 21, 2016

Error creating bean with name 'myDaoAuthenticationProvider' [...] A UserDetailsService must be set

Your MyDaoAuthenticationProvider doesn't have a UserDetailsService. You must implement, inject, and/or set one. For example, without using @Component:

@Bean
public MyDaoAuthenticationProvider myAuthProvider() {
    MyDaoAuthenticationProvider provider = new MyDaoAuthenticationProvider();
    provider.setPasswordEncoder(passwordEncoder());
    provider.setUserDetailsService(securityService);
    return provider;
}

You then need to stop creating another one in your configure method.

If you don't think that you need one, then you probably shouldn't be implementing a DaoAuthenticationProvider. Perhaps you actually want to implement a generic AuthenticationProvider, or use of its other implementing classes.

Related questions

How to fix Hibernate LazyInitializationException: failed to lazily initialize a collection of roles, could not initialize proxy - no Session

In the custom AuthenticationProvider from my spring project, I am trying read the list of authorities of the logged user, but I am facing the following error: org.hibernate.LazyInitializationException: failed to lazily initialize a collection of role: com.horariolivre.…

Read More
When using Spring Security, what is the proper way to obtain current username (i.e. SecurityContext) information in a bean?

I have a Spring MVC web app which uses Spring Security. I want to know the username of the currently logged in user. I'm using the code snippet given below . Is this the accepted way? I don't like having a …

Read More
How to disable spring security for particular url

I am using stateless spring security,but in case of signup i want to disable spring security.I disabled using antMatchers("/api/v1/signup").permitAll(). but it is not working,i am getting error below: message=An Authentication object was …

Read More