11

I have this issue with Spring Security.

I have a java-config implementation with a SecurityConfig class, that extends WebSecurityConfigurerAdapter.

In this class I want to override the method "configure()"

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true, proxyTargetClass = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter{

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        MyDaoAuthenticationProvider provider = new MyDaoAuthenticationProvider();
        provider.setPasswordEncoder(passwordEncoder());
        provider.setUserDetailsService(securityService);
        auth.authenticationProvider(provider);
    }

    //...

}

All is OK and it works.

The problem is that "MyDaoAuthenticationProvider" component is not loaded on the Spring Context. So I can't inject or Autowired any components in this class:

public class MyDaoAuthenticationProvider extends DaoAuthenticationProvider {

    @Autowired
    AuthenticationHandler authenticationHandler;    // <- authenticationHandler is null, is not resolved

    @Override
    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        authenticationHandler.authenticate(authentication);    // <- NullPointerException in this point
    }

}

This is the AuthenticationHandler class:

@Component
public class AuthenticationHandler {

    public void authenticate (Authentication authentication) {
        // do stuff
    }

}

If I put the @Component on the MyDaoAuthenticationProvider class and I add the @Autowired annotation in the SecurityConfig class:

@Autowired
MyDaoAuthenticationProvider provider;

the application crash on the start with this error:

org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'myDaoAuthenticationProvider' defined in file [...\MyDaoAuthenticationProvider.class]: Invocation of init method failed; nested exception is java.lang.IllegalArgumentException: A UserDetailsService must be set
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1578)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:545)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:482)
    at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:306)
    at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
    at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:302)
    at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:197)
    at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:772)
    at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:839)
    at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:538)
    at org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext(ContextLoader.java:446)
    at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:328)
    at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:107)
    at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4812)
    at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5255)
    at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
    at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1408)
    at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1398)
    at java.util.concurrent.FutureTask.run(FutureTask.java:266)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
    at java.lang.Thread.run(Thread.java:745)
Caused by: java.lang.IllegalArgumentException: A UserDetailsService must be set
    at org.springframework.util.Assert.notNull(Assert.java:115)
    at org.springframework.security.authentication.dao.DaoAuthenticationProvider.doAfterPropertiesSet(DaoAuthenticationProvider.java:105)
    at org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider.afterPropertiesSet(AbstractUserDetailsAuthenticationProvider.java:122)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1637)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1574)
    ... 21 more

What I have to do to resolve this issue? Thanks.

EDIT

SOLUTION

Thanks to OrangeDog, I fixed the problem with this implementation:

@Bean
public MyDaoAuthenticationProvider myAuthProvider() throws Exception {
    MyDaoAuthenticationProvider provider = new MyDaoAuthenticationProvider();
    provider.setPasswordEncoder(passwordEncoder());
    provider.setUserDetailsService(securityService);
    return provider;
}

@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
    auth.authenticationProvider(myAuthProvider());
}

With this configuration, the bean is correctly initialized and there's no more the error "java.lang.IllegalArgumentException: A UserDetailsService must be set".

Furthermore, the bean is loaded into the Spring Context, so all the injected components in the DaoAuthenticationProvider are correctly resolved.

Alessandro C
  • 3,310
  • 9
  • 46
  • 82

1 Answers1

8

Error creating bean with name 'myDaoAuthenticationProvider' [...] A UserDetailsService must be set

Your MyDaoAuthenticationProvider doesn't have a UserDetailsService. You must implement, inject, and/or set one. For example, without using @Component:

@Bean
public MyDaoAuthenticationProvider myAuthProvider() {
    MyDaoAuthenticationProvider provider = new MyDaoAuthenticationProvider();
    provider.setPasswordEncoder(passwordEncoder());
    provider.setUserDetailsService(securityService);
    return provider;
}

You then need to stop creating another one in your configure method.

If you don't think that you need one, then you probably shouldn't be implementing a DaoAuthenticationProvider. Perhaps you actually want to implement a generic AuthenticationProvider, or use of its other implementing classes.

OrangeDog
  • 36,653
  • 12
  • 122
  • 207
  • No, I have it! I set him with this: provider.setUserDetailsService(securityService); – Alessandro C Apr 21 '16 at 16:51
  • However it seems that Spring can't create a bean if the "configure" method isn't executed yet. – Alessandro C Apr 21 '16 at 16:52
  • You have it in the code that works, when you call `new MyDaoAuthenticationProvider()`. If you want it to be a `@Component` bean then you need to do it differently. – OrangeDog Apr 21 '16 at 16:54
  • WebConfiguration and bean creation are completely separate. At the moment you're still creating an instance in `configure` then trying to make another one (as a bean) via `@Component`. – OrangeDog Apr 21 '16 at 16:59
  • You are right! Your solution is correct, I have edited the post. Thank you very much. – Alessandro C Apr 22 '16 at 07:23