Type Mismatch: Incompatible Reference for DaoAuthenticationProvider in Spring Security 6 and not able to use the setUserDetailsService() method on reference on the DaoAuthenticationProvider reference.

I am encountering a compilation error in Spring Security 6 while configuring DaoAuthenticationProvider. Despite documentation suggesting a no-args constructor exists, my IDE reports that new DaoAuthenticationProvider() expects 1 argument. Additionally, the method setUserDetailsService(UserDetailsService) is flagged as undefined for the DaoAuthenticationProvider type. Could someone provide a Root Cause Analysis (RCA) and the correct configuration steps for this version?

SecurityConfig.class :

package com.vivek.SpringSecurityDemo.config; import java.net.Authenticator.RequestorType; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.authentication.AuthenticationProvider; import org.springframework.security.authentication.dao.DaoAuthenticationProvider; import org.springframework.security.config.Customizer; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.http.SessionCreationPolicy; import org.springframework.security.core.userdetails.UserDetailsPasswordService; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.crypto.password.NoOpPasswordEncoder; import org.springframework.security.web.SecurityFilterChain; import jakarta.security.auth.message.callback.SecretKeyCallback.Request; @Configuration @EnableWebSecurity public class SecurityConfig { @Autowired private UserDetailsService userDetailsService; @Bean public SecurityFilterChain sfc(HttpSecurity hp) { // to disable csrf protection for testing purposes, but in production, you should enable it and handle CSRF tokens properly. hp.csrf(Customizer -> Customizer.disable()); // Allow all requests with authentication hp.authorizeHttpRequests(request -> request.anyRequest().authenticated()); // Form login configuration hp.formLogin(Customizer.withDefaults()); // Http Basic authentication configuration : To make the API accessible via tools like POSTMAN hp.httpBasic(Customizer.withDefaults()); // To make API stateless, which is common for REST APIs. This means that the server will not maintain any session information about the client. hp.sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS)); return hp.build(); } @Bean public AuthenticationProvider authenticationProvider() { DaoAuthenticationProvider authProvider = new DaoAuthenticationProvider(); authProvider.setUserDetailsService(userDetailsService); authProvider.setPasswordEncoder(NoOpPasswordEncoder.getInstance()); // For testing purposes only, use a proper password encoder in production return authProvider; } }

Vivek tiwari's user avatar

New contributor

Vivek tiwari is a new contributor to this site. Take care in asking for clarification, commenting, and answering. Check out our Code of Conduct.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.