Spring Security How to make CustomAuthenticationProvider work without webSecurityConfigurerAdapter?

What` is the setting to make CustomAuthenticationProvider work in Spring Security 5.7 or later?

UserAuthenticationProvider class

@NoArgsConstructor
@Component
public class UserAuthenticationProvider implements AuthenticationProvider  {
    @Lazy @Autowired AuthenticationService authenticationService;

    @Override
    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        UserDto userDto = null;
        if(authentication instanceof UsernamePasswordAuthenticationToken) {
        userDto = authenticationService.authenticate(
                    LoginDto.builder()
                            .usernameOrEmail((String)authentication.getPrincipal())
                            .password((String)authentication.getCredentials())
                            .build()
                );
        } else if (authentication instanceof PreAuthenticatedAuthenticationToken) {
            userDto = authenticationService.findByToken((String)authentication.getPrincipal());
        }

        if(Objects.isNull(userDto)) {
            return null;
        }

        return new UsernamePasswordAuthenticationToken(userDto, null, Collections.emptyList());
    }

    @Override
    public boolean supports(Class<?> authentication) {
        // TODO Auto-generated method stub
        return false;
    } 

}

configuration Spring Security

@Configuration
public class ContextSecurityConfig {
    private static final Logger log = LoggerFactory.getLogger(ContextSecurityConfig.class);
    AuthenticationManager authenticationManager;

    private final CommunityUserDetailService userDetailService;
    private final CommunityAuthenticationEntryPoint communityAuthenticationEntryPoint;
    @Autowired UserAuthenticationProvider userAuthenticationProvider;

    public ContextSecurityConfig(
            CommunityAuthenticationEntryPoint communityAuthenticationEntryPoint
            , CommunityUserDetailService userDetailService
         ) {
        this.communityAuthenticationEntryPoint = communityAuthenticationEntryPoint;
        this.userDetailService = userDetailService;
    }

        @Bean
    @Order(1)
    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {

        // Enable CORS and disable CSRF
        http.cors().and().csrf().disable().formLogin().disable();
        http.httpBasic().authenticationEntryPoint(communityAuthenticationEntryPoint).and()
            .addFilterBefore(new UsernamePaswordAuthFilter(), BasicAuthenticationFilter.class)
            .addFilterBefore(new CookieAuthenticationFilter(), UsernamePaswordAuthFilter.class)
            .authenticationProvider(userAuthenticationProvider)
            ;
        http.logout().deleteCookies(CookieAuthenticationFilter.COOKIE_NAME);
        http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
        http.authorizeHttpRequests(authorize -> authorize  // Security 5.5이상부터 람다식표현 가능해짐
                .antMatchers(HttpMethod.POST, "/v1/auth/signIn" , "/v1/auth/signUp").permitAll()
                .anyRequest().authenticated()
        );

        return http.build();
    }
}

Comment From: rwinch

Exposing an AuthenticationProvider as a Bean is enough for it to be picked up. If you have more than one AuthenticationProvider then expose an AuthenticationManager that delegates to the AuthenticationProvider as a Bean

Comment From: rwinch

Thanks for getting in touch, but it feels like this is a question that would be better suited to Stack Overflow. As mentioned in Getting Support, questions should be submitted to StackOverflow. Feel free to update this issue with a link to the re-posted question (so that other people can find it) or add some more details if you feel this is a genuine bug.