Spring-security: Extra DaoAuthenticationProvider is created, despite I created own implementation

Created on 20 May 2018  路  3Comments  路  Source: spring-projects/spring-security

Summary

Spring security creates extra AuthenticationProvider.

Actual Behavior

I have configured custom AccountAuthenticationProvider but spring creates also provider org.springframework.security.authentication.dao.DaoAuthenticationProvider. Here is stacktrace when it is created:

<init>:66, DaoAuthenticationProvider (org.springframework.security.authentication.dao)
<init>:38, AbstractDaoAuthenticationConfigurer (org.springframework.security.config.annotation.authentication.configurers.userdetails)
<init>:41, DaoAuthenticationConfigurer (org.springframework.security.config.annotation.authentication.configurers.userdetails)
userDetailsService:187, AuthenticationManagerBuilder (org.springframework.security.config.annotation.authentication.builders)
userDetailsService:572, WebSecurityConfigurerAdapter$DefaultPasswordEncoderAuthenticationManagerBuilder (org.springframework.security.config.annotation.web.configuration)
configure:38, WebSecurityConfiguration (com.datenzentrale.gaalkis.bv.security.config)
authenticationManager:265, WebSecurityConfigurerAdapter (org.springframework.security.config.annotation.web.configuration)
getHttp:201, WebSecurityConfigurerAdapter (org.springframework.security.config.annotation.web.configuration)
init:321, WebSecurityConfigurerAdapter (org.springframework.security.config.annotation.web.configuration)
init:92, WebSecurityConfigurerAdapter (org.springframework.security.config.annotation.web.configuration)
init:-1, WebSecurityConfiguration$$EnhancerBySpringCGLIB$$eaf3f78 (com.datenzentrale.gaalkis.bv.security.config)
init:371, AbstractConfiguredSecurityBuilder (org.springframework.security.config.annotation)
doBuild:325, AbstractConfiguredSecurityBuilder (org.springframework.security.config.annotation)
build:41, AbstractSecurityBuilder (org.springframework.security.config.annotation)
springSecurityFilterChain:104, WebSecurityConfiguration (org.springframework.security.config.annotation.web.configuration)
CGLIB$springSecurityFilterChain$1:-1, WebSecurityConfiguration$$EnhancerBySpringCGLIB$$99fe336c (org.springframework.security.config.annotation.web.configuration)
invoke:-1, WebSecurityConfiguration$$EnhancerBySpringCGLIB$$99fe336c$$FastClassBySpringCGLIB$$6ac381d7 (org.springframework.security.config.annotation.web.configuration)
invokeSuper:228, MethodProxy (org.springframework.cglib.proxy)
intercept:361, ConfigurationClassEnhancer$BeanMethodInterceptor (org.springframework.context.annotation)
springSecurityFilterChain:-1, WebSecurityConfiguration$$EnhancerBySpringCGLIB$$99fe336c (org.springframework.security.config.annotation.web.configuration)
invoke0:-1, NativeMethodAccessorImpl (sun.reflect)
invoke:62, NativeMethodAccessorImpl (sun.reflect)
invoke:43, DelegatingMethodAccessorImpl (sun.reflect)
invoke:498, Method (java.lang.reflect)
instantiate:154, SimpleInstantiationStrategy (org.springframework.beans.factory.support)
instantiateUsingFactoryMethod:579, ConstructorResolver (org.springframework.beans.factory.support)
instantiateUsingFactoryMethod:1254, AbstractAutowireCapableBeanFactory (org.springframework.beans.factory.support)
createBeanInstance:1103, AbstractAutowireCapableBeanFactory (org.springframework.beans.factory.support)
doCreateBean:541, AbstractAutowireCapableBeanFactory (org.springframework.beans.factory.support)
createBean:501, AbstractAutowireCapableBeanFactory (org.springframework.beans.factory.support)
lambda$doGetBean$0:317, AbstractBeanFactory (org.springframework.beans.factory.support)
getObject:-1, 148780085 (org.springframework.beans.factory.support.AbstractBeanFactory$$Lambda$144)
getSingleton:228, DefaultSingletonBeanRegistry (org.springframework.beans.factory.support)
doGetBean:315, AbstractBeanFactory (org.springframework.beans.factory.support)
getBean:199, AbstractBeanFactory (org.springframework.beans.factory.support)
doGetBean:304, AbstractBeanFactory (org.springframework.beans.factory.support)
getBean:199, AbstractBeanFactory (org.springframework.beans.factory.support)
preInstantiateSingletons:760, DefaultListableBeanFactory (org.springframework.beans.factory.support)
finishBeanFactoryInitialization:869, AbstractApplicationContext (org.springframework.context.support)
refresh:550, AbstractApplicationContext (org.springframework.context.support)
refresh:140, ServletWebServerApplicationContext (org.springframework.boot.web.servlet.context)
refresh:759, SpringApplication (org.springframework.boot)
refreshContext:395, SpringApplication (org.springframework.boot)
run:327, SpringApplication (org.springframework.boot)
run:1255, SpringApplication (org.springframework.boot)
run:1243, SpringApplication (org.springframework.boot)
main:37, Application (com.datenzentrale.gaalkis.bv)
invoke0:-1, NativeMethodAccessorImpl (sun.reflect)
invoke:62, NativeMethodAccessorImpl (sun.reflect)
invoke:43, DelegatingMethodAccessorImpl (sun.reflect)
invoke:498, Method (java.lang.reflect)
run:49, RestartLauncher (org.springframework.boot.devtools.restart)

Expected Behavior

Only one provider should exists.

Configuration

I have own provider:

@Component
public class AccountAuthenticationProvider extends AbstractUserDetailsAuthenticationProvider {
//implementation
}

Here is configuration

@Configuration
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {

    private final UserDetailsService userDetailsService;
    private final AccountAuthenticationProvider accountAuthenticationProvider;

    public WebSecurityConfiguration(final UserDetailsService userDetailsService,
            final AccountAuthenticationProvider accountAuthenticationProvider) {
        this.userDetailsService = userDetailsService;
        this.accountAuthenticationProvider = accountAuthenticationProvider;
    }

    @Override
    protected void configure(final AuthenticationManagerBuilder auth) throws Exception {
        auth.authenticationProvider(accountAuthenticationProvider);
        auth.userDetailsService(userDetailsService);
    }
}

Version

org.springframework.boot:spring-boot-starter-security:2.0.2.RELEASE:

org.springframework.security:spring-security-config:5.0.5.RELEASE
org.springframework.security:spring-security-web:5.0.5.RELEASE
stackoverflow
Source
picture muzuro
👍1

Most helpful comment

@muzuro Thanks for reaching out!

The configuration specifies a UserDetailsService and an AuthenticationProvider on the AuthenticationManagerBuilder. Both of these methods will create a DaoAuthenticationProvider. Choose one or the other and not both if you only want a single DaoAuthenticationProvider.

Note if you want to use the custom AuthenticationProvider only, you can safely, just delete the entire

    @Override    
    protected void configure(final AuthenticationManagerBuilder auth) throws Exception {
        auth.authenticationProvider(accountAuthenticationProvider);
        auth.userDetailsService(userDetailsService);
    }

as the AuthenticationProvider bean will be used by default.

picture rwinch on 21 May 2018
👍3

All 3 comments

@muzuro Thanks for reaching out!

The configuration specifies a UserDetailsService and an AuthenticationProvider on the AuthenticationManagerBuilder. Both of these methods will create a DaoAuthenticationProvider. Choose one or the other and not both if you only want a single DaoAuthenticationProvider.

Note if you want to use the custom AuthenticationProvider only, you can safely, just delete the entire

    @Override    
    protected void configure(final AuthenticationManagerBuilder auth) throws Exception {
        auth.authenticationProvider(accountAuthenticationProvider);
        auth.userDetailsService(userDetailsService);
    }

as the AuthenticationProvider bean will be used by default.

rwinch picture rwinch on 21 May 2018
👍3

I'm closing this since the behavior is expected, but feel free to reopen if you run into additional questions.

rwinch picture rwinch on 21 May 2018

@rwinch Thanks a lot for your answer.
I have removed this configuration, but DaoAuthenticationProvider still created. I believe it spring-oauth who creates it now. Here is stacktrace when it created:

<init>:66, DaoAuthenticationProvider (org.springframework.security.authentication.dao)
<init>:38, AbstractDaoAuthenticationConfigurer (org.springframework.security.config.annotation.authentication.configurers.userdetails)
<init>:41, DaoAuthenticationConfigurer (org.springframework.security.config.annotation.authentication.configurers.userdetails)
userDetailsService:187, AuthenticationManagerBuilder (org.springframework.security.config.annotation.authentication.builders)
userDetailsService:572, WebSecurityConfigurerAdapter$DefaultPasswordEncoderAuthenticationManagerBuilder (org.springframework.security.config.annotation.web.configuration)
userDetailsService:1105, HttpSecurity (org.springframework.security.config.annotation.web.builders)
init:141, AuthorizationServerSecurityConfigurer (org.springframework.security.oauth2.config.annotation.web.configurers)
init:55, AuthorizationServerSecurityConfigurer (org.springframework.security.oauth2.config.annotation.web.configurers)
init:371, AbstractConfiguredSecurityBuilder (org.springframework.security.config.annotation)
doBuild:325, AbstractConfiguredSecurityBuilder (org.springframework.security.config.annotation)
build:41, AbstractSecurityBuilder (org.springframework.security.config.annotation)
performBuild:292, WebSecurity (org.springframework.security.config.annotation.web.builders)
performBuild:79, WebSecurity (org.springframework.security.config.annotation.web.builders)
doBuild:334, AbstractConfiguredSecurityBuilder (org.springframework.security.config.annotation)
build:41, AbstractSecurityBuilder (org.springframework.security.config.annotation)
springSecurityFilterChain:104, WebSecurityConfiguration (org.springframework.security.config.annotation.web.configuration)
CGLIB$springSecurityFilterChain$2:-1, WebSecurityConfiguration$$EnhancerBySpringCGLIB$$d274ba49 (org.springframework.security.config.annotation.web.configuration)
invoke:-1, WebSecurityConfiguration$$EnhancerBySpringCGLIB$$d274ba49$$FastClassBySpringCGLIB$$187a315a (org.springframework.security.config.annotation.web.configuration)
invokeSuper:228, MethodProxy (org.springframework.cglib.proxy)
intercept:361, ConfigurationClassEnhancer$BeanMethodInterceptor (org.springframework.context.annotation)
springSecurityFilterChain:-1, WebSecurityConfiguration$$EnhancerBySpringCGLIB$$d274ba49 (org.springframework.security.config.annotation.web.configuration)
invoke0:-1, NativeMethodAccessorImpl (sun.reflect)
invoke:62, NativeMethodAccessorImpl (sun.reflect)
invoke:43, DelegatingMethodAccessorImpl (sun.reflect)
invoke:498, Method (java.lang.reflect)
instantiate:154, SimpleInstantiationStrategy (org.springframework.beans.factory.support)
instantiateUsingFactoryMethod:579, ConstructorResolver (org.springframework.beans.factory.support)
instantiateUsingFactoryMethod:1254, AbstractAutowireCapableBeanFactory (org.springframework.beans.factory.support)
createBeanInstance:1103, AbstractAutowireCapableBeanFactory (org.springframework.beans.factory.support)
doCreateBean:541, AbstractAutowireCapableBeanFactory (org.springframework.beans.factory.support)
createBean:501, AbstractAutowireCapableBeanFactory (org.springframework.beans.factory.support)
lambda$doGetBean$0:317, AbstractBeanFactory (org.springframework.beans.factory.support)
getObject:-1, 692076356 (org.springframework.beans.factory.support.AbstractBeanFactory$$Lambda$146)
getSingleton:228, DefaultSingletonBeanRegistry (org.springframework.beans.factory.support)
doGetBean:315, AbstractBeanFactory (org.springframework.beans.factory.support)
getBean:199, AbstractBeanFactory (org.springframework.beans.factory.support)
doGetBean:304, AbstractBeanFactory (org.springframework.beans.factory.support)
getBean:199, AbstractBeanFactory (org.springframework.beans.factory.support)
preInstantiateSingletons:760, DefaultListableBeanFactory (org.springframework.beans.factory.support)
finishBeanFactoryInitialization:869, AbstractApplicationContext (org.springframework.context.support)
refresh:550, AbstractApplicationContext (org.springframework.context.support)
refresh:140, ServletWebServerApplicationContext (org.springframework.boot.web.servlet.context)
refresh:759, SpringApplication (org.springframework.boot)
refreshContext:395, SpringApplication (org.springframework.boot)
run:327, SpringApplication (org.springframework.boot)
run:1255, SpringApplication (org.springframework.boot)
run:1243, SpringApplication (org.springframework.boot)
main:37, Application (com.datenzentrale.gaalkis.bv)
invoke0:-1, NativeMethodAccessorImpl (sun.reflect)
invoke:62, NativeMethodAccessorImpl (sun.reflect)
invoke:43, DelegatingMethodAccessorImpl (sun.reflect)
invoke:498, Method (java.lang.reflect)
run:49, RestartLauncher (org.springframework.boot.devtools.restart)
muzuro picture muzuro on 22 May 2018
Was this page helpful?
0 / 5 - 0 ratings

Related issues

kazuki43zoo picture kazuki43zoo  路  4Comments
jgrandja picture jgrandja  路  4Comments
lexburner picture lexburner  路  3Comments
aotrzonsek picture aotrzonsek  路  3Comments
berniegp picture berniegp  路  3Comments