2

I have a class derived from AbstractPreAuthenticatedProcessingFilter in my Spring Security Filter Chain. The purpose of this filter is to massage role data left in a special Principal object by a corporate authentication service into a Collection so SpringSecurity can use them.

However, I cannot get past this exception:

Caused by: java.lang.IllegalArgumentException: An AuthenticationManager must be set
        at org.springframework.util.Assert.notNull(Assert.java:112) ~[spring-core-4.1.6.RELEASE.jar:4.1.6.RELEASE]
        at org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter.afterPropertiesSet(AbstractPreAuthenticatedProcessingFilter.java:97) ~[spring-security-web-4.0.1.RELEASE.jar:4.0.1.RELEASE]

I am using Java config, not XML config. My code following the example of How To Inject AuthenticationManager using Java Configuration in a Custom Filter is as follows:

  1. the security configurer adaptor

    @Configuration
@EnableWebSecurity
public class MyWebSecurityAdaptor extends WebSecurityConfigurerAdapter {

    ...
    @Bean(name = "myAuthenticationManager")
    @Override
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }
}

  2. The filter class itself:

    @Component
public class MyPreauthFilter extends AbstractPreAuthenticatedProcessingFilter {


        ...
    @Autowired
    @Override
    public void setAuthenticationManager(AuthenticationManager authenticationManager) {
        super.setAuthenticationManager(authenticationManager);
    }   
}

If instead of the code in Item 1 above, I try the following:

    @Autowired
    @Override
    protected AuthenticationManager authenticationManager() throws Exception   
{
        // TODO Auto-generated method stub
        return super.authenticationManager();
    }

Then the error changes.

It then becomes:

Caused by: org.springframework.beans.factory.NoSuchBeanDefinitionException: No qualifying bean of type [org.springframework.security.authentication.AuthenticationManager] found for dependency: expected at least 1 bean which qualifies as autowire candidate}

I guess that makes sense, this way does not define a bean. But then why didn't the original way, which DID define a bean, fail?

Community
  • 1
  • 1
Steve Cohen
  • 4,679
  • 9
  • 51
  • 89
  • 1
    You must have defined somehwere on your code the authenticationManager which manages the authentication activity and thats the ben you have to supply to your MyPreauthFilter class. – Avis Sep 30 '15 at 04:08

1 Answers1

2

Instead of adding 'myAuthernticationManager' to the WebSecurityConfigurerAdapter class. Add this directly to you filter class and autowire it.

@Autowired
@Override
public void setMyAuthenticationManager(MyAuthenticationManager myAuthenticationManager) {
    this.myAuthenticationManager  = myAuthenticationManager;
    super.setAuthenticationManager(this.myAuthenticationManager);
}

Remove all the code related to myAuthenticationManager from your WebSecurityConfigurerAdapter.

Pranav M
  • 21
  • 4