Authentication manager missing in custom security class
I have a security jar that I am implementing in my project. I am extending the BasicSecurityConfig which extends WebSecurityConfigurerAdapter and has all the filters. I was told that all I need is to extend the BasicSecurityConfig and call super().configure which will call the parent’s configure method. However, I am getting this error,
Field authenticationManager in com.custom.security.CustomSecurityFilter required a bean of type 'org.springframework.security.authentication.AuthenticationManager' that could not be found. The parent class already has an AuthenticationManager bean, I shouldn’t need to define it in the child class too.
My Security Class
public class SecurityConfiguration extends BasicSecurityConfig { private static final String PAYMONEYROLE = "(hasRole('EE'))"; @Override protected void configure(HttpSecurity http) throws Exception { // must call super first super.configure(http); http.authorizeRequests() .antMatchers(HttpMethod.POST, "/v1/cart/validate").authenticated() .antMatchers(HttpMethod.POST, "/v1/cart/validate").access(PAYMONEYROLE) .and().cors().and().csrf().disable(); } @Bean public FilterRegistrationBean invalidResourceFilterRegistration(InvalidResourceFilter invalidResourceFilter) { FilterRegistrationBean registration = new FilterRegistrationBean(invalidResourceFilter); registration.setEnabled(false); invalidResourceFilter.setDisabled(true); return registration; } @Bean public FilterRegistrationBean customSecurityFilterRegistration(CustomSecurityFilter customSecurityFilter) { FilterRegistrationBean registration = new FilterRegistrationBean(customSecurityFilter); registration.setEnabled(false); return registration; } } Custom Security Jar
public class BasicSecurityConfig extends WebSecurityConfigurerAdapter { @Autowired private ApplicationContext applicationContext; @Autowired private InvalidResourceFilter invalidResourceFilter; public BasicSecurityConfig() { } protected void configure(HttpSecurity http) throws Exception { ((HttpSecurity)((HttpSecurity)http.addFilterBefore(this.customSecurityFilter(), AbstractPreAuthenticatedProcessingFilter.class).addFilterAfter(this.invalidResourceFilter, FilterSecurityInterceptor.class).sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()).exceptionHandling().authenticationEntryPoint(this.authenticationEntryPoint()).accessDeniedHandler(this.customDeniedHandler()).and()).authorizeRequests().accessDecisionManager(this.accessDecisionManager()); } public void configure(WebSecurity web) throws Exception { web.ignoring().antMatchers(new String[]{"/docs**/**", "/swagger-ui.html**/**", "/webjars**/**", "/swagger-resources**/**", "/api-docs**/**", "/v2/api-docs**", "/version.json**"}); } @Autowired public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { auth.authenticationProvider(this.customAuthenticationProvider()); } @Bean public AuthenticationManager authenticationManagerBean() throws Exception { return super.authenticationManagerBean(); } @Bean public DefaultWebSecurityExpressionHandler defaultWebSecurityExpressionHandler() { return new CustomWebSecurityExpressionHandler(); } @Bean public CustomSecurityFilter customSecurityFilter() { return new CustomSecurityFilter(); } @Bean public AuthenticationProvider customAuthenticationProvider() { return new CustomAuthenticationProvider(); } @Bean public AuthenticationSuccessHandler customSuccessHandler() { return new CustomSuccessHandler(); } @Bean public AccessDeniedHandler customDeniedHandler() { return new CustomAccessDeniedHandler(); } @Bean public AuthenticationEntryPoint authenticationEntryPoint() { return new CustomAuthenticationEntryPoint(); } @Bean public CustomSystemUserAuthVoter customSystemUserAuthVoter() { return new CustomSystemUserAuthVoter(); } @Bean public WebExpressionVoter webExpressionVoter() { WebExpressionVoter wev = new WebExpressionVoter(); wev.setExpressionHandler(this.defaultWebSecurityExpressionHandler()); return wev; } @Bean public AccessDecisionManager accessDecisionManager() { return new ExplicitDecisionManager(Arrays.asList(this.customSystemUserAuthVoter(), this.webExpressionVoter())); } } 
- As per your error,
CustomSecurityFilteris supposed to haveauthenticationManagerinjected. But it is created withoutauthenticationManageras below.
@Bean public CustomSecurityFilter customSecurityFilter() { return new CustomSecurityFilter(); } - If you can modify
BasicSecurityConfig, then update the method as follows:
@Bean public CustomSecurityFilter customSecurityFilter() { //If it has a constructor which accept AuthenticationManager return new CustomSecurityFilter(authenticationManagerBean()); //If it has a setter for AuthenticationManager instead CustomSecurityFilter filter = new CustomSecurityFilter(); filter.setAuthenticationManager(authenticationManagerBean()) return filter; } - If you cannot modify
BasicSecurityConfig, then create it inSecurityConfigurationwithPrimary
@Bean @Primary public CustomSecurityFilter customSecurityFilter() { //If it has a constructor which accept AuthenticationManager return new CustomSecurityFilter(authenticationManagerBean()); //If it has a setter for AuthenticationManager instead CustomSecurityFilter filter = new CustomSecurityFilter(); filter.setAuthenticationManager(authenticationManagerBean()) return filter; } 
