Consider defining a bean of type 'org.springframework.security.authentication.AuthenticationManager' in your configuration

Question

I followed few suggestions mentioned here, but it didn't work for me. Hence, putting the question here

1. How To Inject AuthenticationManager using Java Configuration in a Custom Filter
2. Spring required a bean of type 'AuthenticationManager'

Could anyone please guide me what's the issue and how to fixed that ?

Error:

*************************** APPLICATION FAILED TO START ***************************  Description:  Field authenticationManager in com.techprimers.security.springsecurityauthserver.config.AuthorizationServerConfig required a bean of type 'org.springframework.security.authentication.AuthenticationManager' that could not be found.   Action:  Consider defining a bean of type 'org.springframework.security.authentication.AuthenticationManager' in your configuration. 

AuthorizationServerConfig.java

@Configuration @EnableAuthorizationServer public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {      @Autowired     private AuthenticationManager authenticationManager;      @Override     public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {          security.tokenKeyAccess("permitAll()")                 .checkTokenAccess("isAuthenticated()");     }       @Override     public void configure(ClientDetailsServiceConfigurer clients) throws Exception {         clients                 .inMemory()                 .withClient("ClientId")                 .secret("secret")                 .authorizedGrantTypes("authorization_code")                 .scopes("user_info")                 .autoApprove(true);     }       @Override     public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {          endpoints.authenticationManager(authenticationManager);     } } 

ResourceServerConfig.java

@EnableResourceServer @Configuration public class ResourceServerConfig extends WebSecurityConfigurerAdapter {       @Autowired     @Qualifier("authenticationManagerBean")     private AuthenticationManager authenticationManager;     @Autowired     private UserDetailsService customUserDetailsService;      @Override     protected void configure(HttpSecurity http) throws Exception {          http.requestMatchers()                 .antMatchers("/login", "/oauth/authorize")                 .and()                 .authorizeRequests()                 .anyRequest()                 .authenticated()                 .and()                 .formLogin()                 .permitAll();     }       @Override     protected void configure(AuthenticationManagerBuilder auth) throws Exception {         auth.parentAuthenticationManager(authenticationManager)                 .userDetailsService(customUserDetailsService);     } } 

The code reference taken from https://github.com/TechPrimers/spring-security-oauth-mysql-example, only updated Spring Boot Parent Version to 2.0.4.RELEASE, things started breaking.

Answer 1

It seems like it's one of the "breaking changes" Spring Boot 2.0 introduced. I believe that your case is described in Spring Boot 2.0 Migration Guide.

In your WebSecurityConfigurerAdapter class you need to override authenticationManagerBean method and annotate it with @Bean, i.e.:

@Override @Bean public AuthenticationManager authenticationManagerBean() throws Exception {     return super.authenticationManagerBean(); } 

Moreover, in your WebSecurityConfigurerAdapter instead of injecting the AuthenticationManager instance with @Autowired you can just use the authenticationManagerBean() method, i.e.:

@Override protected void configure(AuthenticationManagerBuilder auth) throws Exception  {     auth.parentAuthenticationManager(authenticationManagerBean())         .userDetailsService(customUserDetailsService); }