version of spring boot : 3.1.2
Currently i implement a simple spring boot based application which involve spring security, as shown below. However, upon when i try login using the form, i got "No AuthenticationProvider found for org.springframework.security.authentication.UsernamePasswordAuthenticationToken".
Question: Why do i get such error? I thought by default, DaoAuthenticationProvider will be instantiated by Spring Boot automatically, regardless of using BasicAuthenticationFilter or UserNamePasswordAuthenticationFilter?
Note: Pls do let me know also if i post in the wrong forum.
@Configuration
public class DemoSecurityConfig {
@Bean
public PasswordEncoder passwordEncoder() {
var encoders = new HashMap<String, PasswordEncoder>(
Map.of("bcrypt",new BCryptPasswordEncoder(),
"noop", NoOpPasswordEncoder.getInstance())
);
var e = new DelegatingPasswordEncoder("noop", encoders);
return e;
}
@Bean
public UserDetailsService userDetailsManager() {
UserDetails susan = User.builder()
.username("susan")
.password("{noop}test123")
.roles("EMPLOYEE", "MANAGER", "ADMIN")
.build();
return new InMemoryUserDetailsManager(susan);
}
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http.authorizeHttpRequests(configurer ->
configurer.requestMatchers("/css/**").permitAll()
.anyRequest().authenticated()
);
http.formLogin(Customizer.withDefaults());
http.csrf(csrf -> csrf.disable());
return http.build();
}
}
`
Comment From: snicoll
Thanks for getting in touch, but it feels like this is a question that would be better suited to Stack Overflow. As mentioned in the guidelines for contributing, we prefer to use GitHub issues only for bugs and enhancements. Feel free to update this issue with a link to the re-posted question (so that other people can find it) or add some more details if you feel this is a genuine bug.
Comment From: rajakumare1
I am finding teh same issue . Did you find the reason?
Comment From: hannah23280
I am finding teh same issue . Did you find the reason?
The solution is to define your own bean for authenticationProvider , such as shown below. However, I refused to simply accept this solution without understanding the reason why, for the purpose of learning.
@Bean
public DaoAuthenticationProvider authenticationProvider(UserDetailsService myUserService) {
DaoAuthenticationProvider auth = new DaoAuthenticationProvider();
auth.setUserDetailsService(myUserService);
auth.setPasswordEncoder(passwordEncoder());
return auth;
}
Comment From: hannah23280
I wish someone could point me out to the spring boot or spring security documentation (or source code) , which indicate if create our own UserDetailService bean, we need to also manually create our own DaoAuthenticationProvider bean.
Comment From: hannah23280
I found the root cause.
If you create your own UserDetailsService bean, there is no need to manually define a bean for AuthenticationProvider, cos by default a DaoAuthenticationProvider bean will be automatically created for us, which will automatically pick up your defined UserDetailsService bean.
But if you define 2 or more UserDetailsService beans, then u need to define your own Authenticationprovider. I made a mistake, as i don't realize I have another class that implements UserDetailsService interface and annotated with @Service , which create a second UserDetailsService bean.
Comment From: rajakumare1
Thanks @hannah23280 for the answer and explanation. But I dont have another clas that implements UserDetailsService. But I do have 2 other SecurityFilterChain one for Oauth and another with customAuthenticationProvider.
So can we assume that if we have a customeAuthenticationProvider then we need to provide a manual DaoAuthenticationProvider Bean?
Comment From: hannah23280
Thanks @hannah23280 for the answer and explanation. But I dont have another clas that implements UserDetailsService. But I do have 2 other SecurityFilterChain one for Oauth and another with customAuthenticationProvider.
So can we assume that if we have a customeAuthenticationProvider then we need to provide a manual DaoAuthenticationProvider Bean?
I am sorrie, i can't answer for this. Cos i never try multiple security filter chain before.