The Problem:
I need to migrate a project to spring boot version 3 from 2.8, but I can’t use the previous version of AuthenticationManagerBuilder due to the removal of the WebSecurityConfigurerAdapter class in spring security 6. I have created a new AuthenticationManager bean but got an exception. How do I configure the AuthenticationManager with the right settings?
The Solutions:
Solution 2: Inject AuthenticationConfiguration
Change the method signature of `authenticationManager` bean to inject `AuthenticationConfiguration` instead of `AuthenticationManagerBuilder`:
@Bean
public AuthenticationManager authenticationManager(AuthenticationConfiguration authenticationConfiguration) throws Exception {
return authenticationConfiguration.getAuthenticationManager();
}
This will automatically wire up your custom beans (such as `userDetailsService`, `passwordEncoder`, etc.) without explicitly configuring them.
Note: Using this approach is generally recommended as it simplifies the bean configuration and reduces the chances of misconfiguration.
Alternate Approach:
If, for some reason, you need to explicitly get the `AuthenticationManagerBuilder`, you can do so by retrieving it from the `HttpSecurity` object:
@Bean
public AuthenticationManager authenticationManager(HttpSecurity http) throws Exception {
// Retrieve builder from HttpSecurity
AuthenticationManagerBuilder authenticationManagerBuilder = http.getSharedObject(AuthenticationManagerBuilder.class);
authenticationManagerBuilder
.userDetailsService(userDetailsService())
.passwordEncoder(passwordEncoder());
return authenticationManagerBuilder.build();
}
Note: This approach is not recommended as it may introduce additional complexity and is more prone to misconfiguration.
Customizing UserDetailsService based on Active Profile:
To differentiate the implementation of `UserDetailsService` based on the active Spring profile (`spring.profiles.active`), you can use the `@Profile` annotation in conjunction with the `@Bean` or `@Configuration` annotations.
@Configuration
public class SecurityConfig {
@Bean
@Profile("dev")
public UserDetailsService userDetailsServiceDev() {
// See @EnableWebSecurity documentation
return new InMemoryUserDetailsManager(...);
}
@Bean
@Profile("!dev") // Matches any profile other than "dev"
public UserDetailsService userDetailsService() {
// Your custom implementation
}
}
In this example, the `userDetailsServiceDev()` method is active only when the `dev` profile is active, while the `userDetailsService()` method is active for all other profiles.
Q&A
How to configure AuthenticationManager as it cannot be configured via configure method as WebSecurityConfigurerAdapter is removed in spring security 6.0?
Create AuthenticationManager bean and configure it
What should be the parameter type of authenticationManager method in DmeappSecurityConfig?
AuthenticationConfiguration or HttpSecurity
Video Explanation:
The following video, titled "”Spring", provides additional insights and in-depth exploration related to the topics discussed in this post.
This video provides further insights and detailed explanations related to the content discussed in the article.