Repository Version spring-boot 2.3.7.RELEASE spring-cloud-alibaba 2.2.2.RELEASE spring-security-config 5.3.6.RELEASE spring-security-web 5.3.6.RELEASE dubbo 2.7.8
To Reproduce 1、Create an interface implementation 2、Annotate the implementation with @DubboService 3、call authenticationManager() in configuration class which extend WebSecurityConfigurerAdapter
Actual behavior authenticationManager() return null
Expected Behavior Get AuthenticationManager by authenticationManager() successfully
Actual I can avoid this exception by configure the AuthenticationManager bean separately in configuration class
@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
But I wonder why authenticationManager() return null.
So I keep debugging,that I found org/springframework/security/config/annotation/authentication/configuration/InitializeUserDetailsBeanManagerConfigurer.java line 90
/**
* @return a bean of the requested class if there's just a single registered component, null otherwise.
*/
private <T> T getBeanOrNull(Class<T> type) {
String[] beanNames = InitializeUserDetailsBeanManagerConfigurer.this.context
.getBeanNamesForType(type);
if (beanNames.length != 1) {
return null;
}
return InitializeUserDetailsBeanManagerConfigurer.this.context
.getBean(beanNames[0], type);
}
Because it's hard coded beanNames.length != 1 here
But unfortunate dubbo inject micro service Bean seem like earlier than security.(I guess)
that InitializeUserDetailsBeanManagerConfigurer.this.context.getBeanNamesForType(type); an array greater than 1 will be returned.
And then judgement isConfigured() will return false in method:AuthenticationManagerBuilder.performBuild
cause performBuild fail and authenticationManager() will return null if I don`t configure the AuthenticationManager bean separately in configuration class.
I'm not sure if this is a bug but I want you to know this situation
Comment From: BunnyShing
During debugging,I found the reason why InitializeUserDetailsBeanManagerConfigurer.this.context.getBeanNamesForType(type) return an array greater than 1,because my custom micro service implemented org\springframework\security\spring-security-core\5.3.6.RELEASE\spring-security-core-5.3.6.RELEASE-sources.jar!\org\springframework\security\core\userdetails\UserDetailsService.java.
Comment From: BunnyShing
After test , I found the reason why authenticationManager() return null. because I implement UserDetailsService interface but I have no override configure(AuthenticationManagerBuilder auth) and set AuthenticationManagerBuilder.userDetailsService in configuration class.
So Spring Security can not initialize a default AuthenticationManager ,at the same time I have no configure the AuthenticationManager bean separately in configuration class.