I have this issue with Spring Security.
I have a java-config implementation with a SecurityConfig class, that extends WebSecurityConfigurerAdapter.
In this class I want to override the method "configure()"
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true, proxyTargetClass = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter{
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
MyDaoAuthenticationProvider provider = new MyDaoAuthenticationProvider();
provider.setPasswordEncoder(passwordEncoder());
provider.setUserDetailsService(securityService);
auth.authenticationProvider(provider);
}
//...
}
All is OK and it works.
The problem is that "MyDaoAuthenticationProvider" component is not loaded on the Spring Context. So I can't inject or Autowired any components in this class:
public class MyDaoAuthenticationProvider extends DaoAuthenticationProvider {
@Autowired
AuthenticationHandler authenticationHandler; // <- authenticationHandler is null, is not resolved
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
authenticationHandler.authenticate(authentication); // <- NullPointerException in this point
}
}
This is the AuthenticationHandler class:
@Component
public class AuthenticationHandler {
public void authenticate (Authentication authentication) {
// do stuff
}
}
If I put the @Component on the MyDaoAuthenticationProvider class and I add the @Autowired annotation in the SecurityConfig class:
@Autowired
MyDaoAuthenticationProvider provider;
the application crash on the start with this error:
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'myDaoAuthenticationProvider' defined in file [...\MyDaoAuthenticationProvider.class]: Invocation of init method failed; nested exception is java.lang.IllegalArgumentException: A UserDetailsService must be set
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1578)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:545)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:482)
at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:306)
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:302)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:197)
at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:772)
at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:839)
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:538)
at org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext(ContextLoader.java:446)
at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:328)
at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:107)
at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4812)
at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5255)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1408)
at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1398)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.lang.IllegalArgumentException: A UserDetailsService must be set
at org.springframework.util.Assert.notNull(Assert.java:115)
at org.springframework.security.authentication.dao.DaoAuthenticationProvider.doAfterPropertiesSet(DaoAuthenticationProvider.java:105)
at org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider.afterPropertiesSet(AbstractUserDetailsAuthenticationProvider.java:122)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1637)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1574)
... 21 more
What I have to do to resolve this issue? Thanks.
EDIT
SOLUTION
Thanks to OrangeDog, I fixed the problem with this implementation:
@Bean
public MyDaoAuthenticationProvider myAuthProvider() throws Exception {
MyDaoAuthenticationProvider provider = new MyDaoAuthenticationProvider();
provider.setPasswordEncoder(passwordEncoder());
provider.setUserDetailsService(securityService);
return provider;
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(myAuthProvider());
}
With this configuration, the bean is correctly initialized and there's no more the error "java.lang.IllegalArgumentException: A UserDetailsService must be set".
Furthermore, the bean is loaded into the Spring Context, so all the injected components in the DaoAuthenticationProvider are correctly resolved.
Error creating bean with name 'myDaoAuthenticationProvider' [...] A UserDetailsService must be set
Your MyDaoAuthenticationProvider
doesn't have a UserDetailsService
.
You must implement, inject, and/or set one. For example, without using @Component
:
@Bean
public MyDaoAuthenticationProvider myAuthProvider() {
MyDaoAuthenticationProvider provider = new MyDaoAuthenticationProvider();
provider.setPasswordEncoder(passwordEncoder());
provider.setUserDetailsService(securityService);
return provider;
}
You then need to stop creating another one in your configure
method.
If you don't think that you need one, then you probably shouldn't be implementing a DaoAuthenticationProvider
. Perhaps you actually want to implement a generic AuthenticationProvider
, or use of its other implementing classes.