[FIXED] How to make a UserDetailsManager available as a bean

Issue

I'm experimenting with spring-security for authentication and want to be able to add users at runtime. I figured using UserDetailsManager would be minimally intrusive. How do I make it available as a bean, so that I can access it in controllers and other objects?

The Code I was starting with is as follows:

@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth, DataSource dataSource, PasswordEncoder enc) throws Exception {
    auth.jdbcAuthentication().dataSource(dataSource).withDefaultSchema().passwordEncoder(enc)
            .withUser("user").password(enc.encode("password")).roles("USER").and()
            .withUser("admin").password(enc.encode("password")).roles("USER", "ADMIN");
}

jdbcAuthentication() creates a JdbcUserDetailsManager, everything works fine. But I don't know to how to access that after the web app's initialization. I tried two variants that didn't work:

@Bean
public UserDetailsManager userDetailsManager(DataSource dataSource,PasswordEncoder enc) throws Exception {
    return new JdbcUserDetailsManagerConfigurer<>().dataSource(dataSource).withDefaultSchema().passwordEncoder(enc)
            .withUser("user").password(enc.encode("password")).roles("USER").and()
            .withUser("admin").password(enc.encode("password")).roles("USER", "ADMIN").and()
            .getUserDetailsService();
}

@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth, UserDetailsManager userDetailsManager) throws Exception {
    auth.userDetailsService(userDetailsManager);
}

When filling out the login form, I get the following:

Table "USERS" not found; SQL statement:
select username,password,enabled from users where username = ? [42102-185]

So it seems that this does not initialize the bean properly. Second try:

@Bean
public UserDetailsManager userDetailsManager(AuthenticationManagerBuilder auth, DataSource dataSource, PasswordEncoder enc) throws Exception {
    return auth.jdbcAuthentication().dataSource(dataSource).withDefaultSchema().passwordEncoder(enc)
            .withUser("user").password(enc.encode("password")).roles("USER").and()
            .withUser("admin").password(enc.encode("password")).roles("USER", "ADMIN").and()
            .getUserDetailsService();
}

During initialization, I get:

java.lang.IllegalStateException: Cannot apply ...JdbcUserDetailsManagerConfigurer@3bd97b0d to already built object

So using the builder in an @Bean method does not work either.

Solution

jdbcAuthentication() does more than just creating a JdbcUserDetailsManagerConfigurer; most importantly, it registers the configurer using apply(), so that all configurations can later be executed in the right order.

Luckily, apply() is public, so we can call it ourselves. Knowing that, we can move the main configuration load back into configureGlobal, using the configurer's alternate constructor. What worked for me in the end is the following:

@Bean
public JdbcUserDetailsManager userDetailsManager(DataSource dataSource) {
    JdbcUserDetailsManager mgr = new JdbcUserDetailsManager();
    mgr.setDataSource(dataSource); // (1)
    return mgr;
}

@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth, JdbcUserDetailsManager userDetailsManager, DataSource dataSource, PasswordEncoder enc) throws Exception {
    //set user detail service manually
    auth.userDetailsService(userDetailsManager);
    JdbcUserDetailsManagerConfigurer<AuthenticationManagerBuilder> conf =
            new JdbcUserDetailsManagerConfigurer<>(userDetailsManager);
    //apply the configurer
    auth.apply(conf);
    conf.dataSource(dataSource) // (2)
            .withDefaultSchema().passwordEncoder(enc)
            .withUser("user").password(enc.encode("password")).roles("USER").and()
            .withUser("admin").password(enc.encode("password")).roles("USER", "ADMIN");
}

It seems that setting the data source in (1) and (2) is redundant, but leaving either one out results in an exception during initialization:

//without (1)
java.lang.IllegalArgumentException: 'dataSource' or 'jdbcTemplate' is required
//without (2)
java.lang.IllegalStateException: DataSource must be set

The first error is the validation of the bean returned by userDetailsManager(), the second that of the configurer before it is executed by the AuthenticationManagerBuilder.

Configured like this, I can write, e.g. in a controller:

@Autowired
private UserDetailsManager users;
@Autowired
private PasswordEncoder enc;

@RequestMapping(...)
public String handle(Model model) {
    users.createUser(new User(username, enc.encode(password), authorities);

    return "view";
}

Answered By - Silly Freak
Answer Checked By - Marilyn (JavaFixing Volunteer)