Menu
I’m encountering a warning when starting my Spring Boot application with Spring Security configuration. The warning message is:
WARN [ restartedMain] r$InitializeUserDetailsManagerConfigurer : Global AuthenticationManager configured with an AuthenticationProvider bean. UserDetailsService beans will not be used for username/password login. Consider removing the AuthenticationProvider bean. Alternatively, consider using the UserDetailsService in a manually instantiated DaoAuthenticationProvider.
I’ve configured JWT-based authentication in my Spring Boot application. Here are the relevant parts of my configuration:
SecurityFilterChain:
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http
.csrf(AbstractHttpConfigurer::disable)
.authorizeHttpRequests(authorize ->
authorize
.requestMatchers("/assets/**", "/css/**", "/images/**", "/js/**").permitAll()
.requestMatchers("/", "/about", "/contact").permitAll()
.requestMatchers("/auth/**").permitAll()
.anyRequest().authenticated()
)
.sessionManagement(session -> session.sessionCreationPolicy(STATELESS))
.authenticationProvider(authenticationProvider)
.addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
return http.build();
}
Relevant part of ApplicationBeanConfiguration:
@Configuration
public class ApplicationBeanConfiguration {
private final UserRepository userRepository;
public ApplicationBeanConfiguration(UserRepository userRepository) {
this.userRepository = userRepository;
}
@Bean
public UserDetailsService userDetailsService() {
return username -> userRepository.findByUsername(username)
.orElseThrow(() -> new UsernameNotFoundException("User not found"));
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Bean
public AuthenticationManager authenticationManager(AuthenticationConfiguration config) throws Exception {
return config.getAuthenticationManager();
}
@Bean
public AuthenticationProvider authenticationProvider() {
DaoAuthenticationProvider authProvider = new DaoAuthenticationProvider();
authProvider.setUserDetailsService(userDetailsService());
authProvider.setPasswordEncoder(passwordEncoder());
return authProvider;
}
}
The warning persists regardless of whether I include or exclude the AuthenticationProvider bean. The application starts with the warning, indicating that the AuthenticationProvider configuration might be conflicting with UserDetailsService.
The warning suggests that my setup might be incorrectly configured. Specifically, it indicates that the AuthenticationProvider bean is overriding the UserDetailsService, which could lead to issues with username/password authentication.
How should I correctly configure Spring Security to avoid this warning?
714
asked Oct 30 '25 10:10
In this snippet of your code Basically, you'll only need a bean of AuthenticationManager then return new Instance of ProviderManager which is one of the implementations of AuthenticationManager. It takes any implementation of AuthenticationProvider(in this case : DaoAuthenticationProvider) in it's constructor.
@Bean
public AuthenticationManager authenticationManager(AuthenticationConfiguration config) throws Exception {
return config.getAuthenticationManager();
}
@Bean
public AuthenticationProvider authenticationProvider() {
DaoAuthenticationProvider authProvider = new DaoAuthenticationProvider();
authProvider.setUserDetailsService(userDetailsService());
authProvider.setPasswordEncoder(passwordEncoder());
return authProvider;
}
Replace The above Snippet with this, it should remove the warning.
@Bean
public AuthenticationManager authenticationManager() throws Exception {
DaoAuthenticationProvider authProvider = new DaoAuthenticationProvider();
authProvider.setUserDetailsService(userDetailsService());
authProvider.setPasswordEncoder(passwordEncoder());
return new ProviderManager(authProvider);
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With