Spring Security X509 should detect UserDetailsService bean

Consider the following configuration:

@Configuration
public class SecurityConfiguration {

    @Bean
    SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
        http.x509(withDefaults());
        return http.build();
    }

    @Bean
    public InMemoryUserDetailsManager customUserDetailsService() {
        UserDetails user = User.withDefaultPasswordEncoder()
                .username("test")
                .password("password")
                .roles("USER")
                .build();
        return new InMemoryUserDetailsManager(user);
    }
}

When starting the application, an error is thrown because we have not specified the UserDetailsService that should be used in the X509 configuration.

Cannot invoke "org.springframework.security.core.userdetails.UserDetailsService.loadUserByUsername(String)" because "this.userDetailsService" is nulljava.lang.NullPointerException: Cannot invoke "org.springframework.security.core.userdetails.UserDetailsService.loadUserByUsername(String)" because "this.userDetailsService" is null
    at org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper.loadUserDetails(UserDetailsByNameServiceWrapper.java:71)

Note: This only applies to the case where a SecurityFilterChain bean is used. Adding the same changes to the WebSecurityConfigurerAdapter would break backwards compatibility.

Comment From: eleftherias

Closed via 5ac5edc