So I've been trying to implement oAuth2 in a simple Spring MVC app.

In the guide I was following, in their AuthorizationServerConfigurerAdapter they @Autowired an AuthenticationManager. They used Spring Boot version 1.5.2.

I wanted to use Spring Boot 2.0.0 as this is the latest version so I wanted to learn the latest practices. However, in my pom.xml when I change:

<parent>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-parent</artifactId>
    <version>1.5.2.RELEASE</version>
    <relativePath/> <!-- lookup parent from repository -->
</parent>

to:

<parent>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-parent</artifactId>
    <version>2.0.0.RELEASE</version>
    <relativePath/> <!-- lookup parent from repository -->
</parent>

All of a sudden, I can't autowire AuthenticationManager.

Could not autowire. No beans of 'AuthenticationManager' type found.

Could someone come up with a solution to this?

Thanks!

If you want to continue with boot starter packages, according to release notes you need to override authanticationManagerBean method inside the WebSecurityConfigurerAdapter . Here code sample :

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Bean
    @Override
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }

}

In latest version of Spring Boot 2.7.2 , class WebSecurityConfigurerAdapter is deprecated and you have to use new style to write security configurations ,

Spring Security without the WebSecurityConfigurerAdapter

With that being said , something like below works for me with Spring Boot 2.7.2 . I have a JWT token filter that required plugged in to verify incoming JWT Tokens. Trying to highlight the usage of - SecurityFilterChain & AuthenticationConfiguration

import java.util.List;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
import org.springframework.security.web.util.matcher.RequestMatcher;

//import my custom jwt class package;

import lombok.RequiredArgsConstructor;

@Configuration
@EnableWebSecurity
@RequiredArgsConstructor
public class WebSecurityConfig {

    private final AuthenticationConfiguration authConfiguration;

    @Bean
    public AuthenticationManager authenticationManager() throws Exception {
    return authConfiguration.getAuthenticationManager();
    }

    @Autowired
    public void configure(AuthenticationManagerBuilder builder, AuthenticationProvider jwtAuthenticationProvider) {
    builder.authenticationProvider(jwtAuthenticationProvider);
    }

    @Bean
    public SecurityFilterChain configure(HttpSecurity http, AuthenticationEntryPoint authenticationEntryPoint,
        RequestMatcher requestMatcher)
        throws Exception {
    http.cors().and().csrf().disable().exceptionHandling().authenticationEntryPoint(authenticationEntryPoint).and()
        .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and().authorizeRequests()
        .antMatchers(HttpMethod.OPTIONS, "/**").permitAll()
        .antMatchers(HttpMethod.GET, List.of("/favicon.ico", "/**/*.html").toArray(new String[0])).permitAll();

    AbstractAuthenticationProcessingFilter jwtFilter = new MyCustomClass(requestMatcher);
    jwtFilter.setAuthenticationManager(authenticationManager());
    http.addFilterBefore(jwtFilter, BasicAuthenticationFilter.class);
    return http.build();
    }
}