I am creating a complete user login and registration Backend system with Email Verification and usage of PostgreSQL to store the user’s credentials. I’ve come to a point where I am having problems at the security layer. To be more specific I am having the following code which since WebSecurityConfigurerAdapter deprecation, I want to change:
OLD VERSION BEFORE DEPRECATION
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(daoAuthenticationProvider());
}
@Bean
public DaoAuthenticationProvider daoAuthenticationProvider() {
DaoAuthenticationProvider provider =
new DaoAuthenticationProvider();
provider.setPasswordEncoder(bCryptPasswordEncoder);
provider.setUserDetailsService(applicationUserService);
return provider;
}
I’ve searched this question and found that AuthenticationManagerBuilder can now be accessed as follows:
NEWEST VERSION OF AUTHENTICATION MANAGER
@Bean
public AuthenticationManager authenticationManager(AuthenticationConfiguration authenticationConfiguration) throws Exception {
return authenticationConfiguration.getAuthenticationManager();
}
My problem is that I can’t find a way to inject my daoAuthenticationProvider to the newest method of AuthenticationManager. Any proposals???
2
Answers
Adding a custom authentication provider is configured in the SecurityFilterChain bean. Although looking at the given code, standard DAO authentication would automatically be added with
http.formLogin()without the need for an AuthenticationProvider.See also https://spring.io/blog/2022/02/21/spring-security-without-the-websecurityconfigureradapter
You should not need the
AuthenticationConfigurationfor that, you could just create your own bean, like so: