Search code examples

Spring security post v5 - how to get authentication manager for filter

I am using Spring security 6.1.3 and Spring boot 3.1.3. For learning purposes, I am trying to connect to the secured service via Basic Auth and receive a JWT token. I keep getting a null AuthenticationManager, any way I try to create it.


POST http://localhost:8081/login
Basic Auth in header
JSON Payload: {
    "username": "shopping_list_username",
    "password": "shopping_list_password"

public class ApplicationSecurityConfig {

    private String username;
    private String password;

    public SecurityFilterChain securityFilterChain(HttpSecurity httpSecurity) throws Exception {
                .addFilter(new JwtRestAPIAuthenticationFilter(httpSecurity.getSharedObject(AuthenticationManager.class)))
                .authorizeHttpRequests((authorize) -> authorize
                        .requestMatchers(HttpMethod.GET, "/**").hasAnyAuthority("ADMIN")
                        .requestMatchers(HttpMethod.GET, "/login").hasAnyAuthority("ADMIN")
                .sessionManagement(sess -> sess.sessionCreationPolicy(SessionCreationPolicy.STATELESS))


    public InMemoryUserDetailsManager userDetailsService() {
        UserDetails user = User
        return new InMemoryUserDetailsManager(user);

    public AuthenticationManager authenticationManager(AuthenticationConfiguration config) throws Exception {
        return config.getAuthenticationManager();


public class JwtRestAPIAuthenticationFilter extends UsernamePasswordAuthenticationFilter {

    private final AuthenticationManager authenticationManager;

    public JwtRestAPIAuthenticationFilter(AuthenticationManager authenticationManager) {
        this.authenticationManager = authenticationManager;

    public Authentication attemptAuthentication(HttpServletRequest request,
                                                HttpServletResponse response) throws AuthenticationException {

        try {
            UsernameAndPasswordRequest authenticationRequest =
                    new ObjectMapper().readValue(request.getInputStream(), UsernameAndPasswordRequest.class);
            Authentication authentication = new UsernamePasswordAuthenticationToken(

            return authenticationManager.authenticate(authentication);

        } catch(IOException e){
            throw new RuntimeException(e);

    protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response, FilterChain chain, Authentication authResult) throws IOException, ServletException {
        String token = Jwts.builder()
                .setIssuedAt(new Date())
        response.addHeader("Authorization", "Bearer " + token);


java.lang.NullPointerException: Cannot invoke "" because the return value of "" is null

I tried creating it in a bean

    public AuthenticationManager authenticationManager(AuthenticationConfiguration config)

I tried getting it form HttpSecurity object


I tried to adapt my code to the suggestions in Spring's official migration article but I couldn't make it work.


  • I found a solution for my problem, not sure if it's best practice, but it works.

    I injected AuthenticationConfiguration in the ApplicationSecurityConfig

        public class ApplicationSecurityConfig {
        private final AuthenticationConfiguration authenticationConfiguration;
        public ApplicationSecurityConfig(AuthenticationConfiguration configuration) {
            this.authenticationConfiguration = configuration;

    And retrieved the authenticationManager in the Bean:

        public AuthenticationManager authenticationManager() throws Exception {
            return authenticationConfiguration.getAuthenticationManager();

    Sent it to the filter by calling the method :

        .addFilter(new JwtRestAPIAuthenticationFilter(authenticationManager()))

    Now the jwt is sent back via the response header. After this, I will implement a different service that will call the /login and use the jwt for subsequent requests. Thanks.