SEC-2361: Java Config Sampels use @Autowired AuthenticationManagerBuilder

config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurerAdapter.java

@@ -16,6 +16,9 @@
 package org.springframework.security.config.annotation.web.configuration;
 
 
+import java.util.Arrays;
+import java.util.List;
+
 import javax.servlet.Filter;
 
 import org.apache.commons.logging.Log;
@@ -269,7 +272,8 @@ public abstract class WebSecurityConfigurerAdapter implements SecurityConfigurer
      * @see {@link #userDetailsService()}
      */
     public UserDetailsService userDetailsServiceBean() throws Exception {
-        return new UserDetailsServiceDelegator(parentAuthenticationBuilder);
+        AuthenticationManagerBuilder globalAuthBuilder = context.getBean(AuthenticationManagerBuilder.class);
+        return new UserDetailsServiceDelegator(Arrays.asList(parentAuthenticationBuilder, globalAuthBuilder));
     }
 
     /**
@@ -281,7 +285,8 @@ public abstract class WebSecurityConfigurerAdapter implements SecurityConfigurer
      * @return
      */
     protected UserDetailsService userDetailsService() {
-        return parentAuthenticationBuilder.getDefaultUserDetailsService();
+        AuthenticationManagerBuilder globalAuthBuilder = context.getBean(AuthenticationManagerBuilder.class);
+        return new UserDetailsServiceDelegator(Arrays.asList(parentAuthenticationBuilder, globalAuthBuilder));
     }
 
     public void init(final WebSecurity web) throws Exception {
@@ -362,12 +367,12 @@ public abstract class WebSecurityConfigurerAdapter implements SecurityConfigurer
      * @since 3.2
      */
     static final class UserDetailsServiceDelegator implements UserDetailsService {
-        private AuthenticationManagerBuilder delegateBuilder;
+        private List<AuthenticationManagerBuilder> delegateBuilders;
         private UserDetailsService delegate;
         private final Object delegateMonitor = new Object();
 
-        UserDetailsServiceDelegator(AuthenticationManagerBuilder authentication) {
-            this.delegateBuilder = authentication;
+        UserDetailsServiceDelegator(List<AuthenticationManagerBuilder> delegateBuilders) {
+            this.delegateBuilders = delegateBuilders;
         }
 
         public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
@@ -377,8 +382,17 @@ public abstract class WebSecurityConfigurerAdapter implements SecurityConfigurer
 
             synchronized(delegateMonitor) {
                 if (delegate == null) {
-                    delegate = this.delegateBuilder.getDefaultUserDetailsService();
-                    this.delegateBuilder = null;
+                    for(AuthenticationManagerBuilder delegateBuilder : delegateBuilders) {
+                        delegate = delegateBuilder.getDefaultUserDetailsService();
+                        if(delegate != null) {
+                            break;
+                        }
+                    }
+
+                    if(delegate == null) {
+                        throw new IllegalStateException("UserDetailsService is required.");
+                    }
+                    this.delegateBuilders = null;
                 }
             }
 

config/src/test/groovy/org/springframework/security/config/annotation/BaseSpringSpec.groovy

@@ -69,10 +69,10 @@ abstract class BaseSpringSpec extends Specification {
         setupCsrf()
     }
 
-    def setupCsrf(csrfTokenValue="BaseSpringSpec_CSRFTOKEN") {
+    def setupCsrf(csrfTokenValue="BaseSpringSpec_CSRFTOKEN",req=request,resp=response) {
         csrfToken = new DefaultCsrfToken("X-CSRF-TOKEN","_csrf",csrfTokenValue)
-        new HttpSessionCsrfTokenRepository().saveToken(csrfToken, request,response)
-        request.setParameter(csrfToken.parameterName, csrfToken.token)
+        new HttpSessionCsrfTokenRepository().saveToken(csrfToken, req, resp)
+        req.setParameter(csrfToken.parameterName, csrfToken.token)
     }
 
     AuthenticationManagerBuilder authenticationBldr = new AuthenticationManagerBuilder(ObjectPostProcessor.QUIESCENT_POSTPROCESSOR).inMemoryAuthentication().and()

config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/NamespaceRememberMeTests.groovy

@@ -283,10 +283,12 @@ public class NamespaceRememberMeTests extends BaseSpringSpec {
     def "http/remember-me defaults UserDetailsService with custom UserDetailsService"() {
         setup:
             DefaultsUserDetailsServiceWithDaoConfig.USERDETAILS_SERVICE = Mock(UserDetailsService)
-        when: "use secure cookies not specified"
             loadConfig(DefaultsUserDetailsServiceWithDaoConfig)
+        when:
+            request.setCookies(createRememberMeCookie())
+            springSecurityFilterChain.doFilter(request, response, chain)
         then: "RememberMeServices defaults to the custom UserDetailsService"
-            ReflectionTestUtils.getField(findFilter(RememberMeAuthenticationFilter).rememberMeServices, "userDetailsService") == DefaultsUserDetailsServiceWithDaoConfig.USERDETAILS_SERVICE
+           1 * DefaultsUserDetailsServiceWithDaoConfig.USERDETAILS_SERVICE.loadUserByUsername("user")
     }
 
     @Configuration
@@ -329,6 +331,20 @@ public class NamespaceRememberMeTests extends BaseSpringSpec {
         }
     }
 
+    Cookie createRememberMeCookie() {
+        MockHttpServletRequest request = new MockHttpServletRequest()
+        MockHttpServletResponse response = new MockHttpServletResponse()
+        super.setupCsrf("CSRF_TOKEN", request, response)
+
+        MockFilterChain chain = new MockFilterChain()
+        request.servletPath = "/login"
+        request.method = "POST"
+        request.parameters.username = ["user"] as String[]
+        request.parameters.password = ["password"] as String[]
+        request.parameters.'remember-me' = ["true"] as String[]
+        springSecurityFilterChain.doFilter(request, response, chain)
+        response.getCookie("remember-me")
+    }
 
     Cookie getRememberMeCookie(String cookieName="remember-me") {
         response.getCookie(cookieName)

config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/RememberMeConfigurerTests.groovy

@@ -15,15 +15,31 @@
  */
 package org.springframework.security.config.annotation.web.configurers
 
+import javax.servlet.http.Cookie
+
+import org.springframework.beans.factory.annotation.Autowired
 import org.springframework.context.annotation.Configuration
+import org.springframework.mock.web.MockFilterChain
+import org.springframework.mock.web.MockHttpServletRequest
+import org.springframework.mock.web.MockHttpServletResponse
+import org.springframework.mock.web.MockHttpSession
+import org.springframework.security.authentication.RememberMeAuthenticationToken
+import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
 import org.springframework.security.config.annotation.AnyObjectPostProcessor
 import org.springframework.security.config.annotation.BaseSpringSpec
-import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
-import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder
+import org.springframework.security.config.annotation.authentication.configurers.provisioning.InMemoryUserDetailsManagerConfigurer;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
+import org.springframework.security.core.authority.AuthorityUtils;
+import org.springframework.security.core.context.SecurityContext
+import org.springframework.security.core.userdetails.User;
 import org.springframework.security.core.userdetails.UserDetailsService
+import org.springframework.security.provisioning.InMemoryUserDetailsManager;
 import org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter
+import org.springframework.security.web.context.HttpRequestResponseHolder
+import org.springframework.security.web.context.HttpSessionSecurityContextRepository
 
 /**
  * Tests for RememberMeConfigurer that flex edge cases. {@link NamespaceRememberMeTests} demonstrate mapping of the XML namespace to Java Config.
@@ -33,11 +49,14 @@ import org.springframework.security.web.authentication.rememberme.RememberMeAuth
 public class RememberMeConfigurerTests extends BaseSpringSpec {
 
     def "rememberMe() null UserDetailsService provides meaningful error"() {
-        when: "Load Config without UserDetailsService specified"
+        setup: "Load Config without UserDetailsService specified"
             loadConfig(NullUserDetailsConfig)
+        when:
+            request.setCookies(createRememberMeCookie())
+            springSecurityFilterChain.doFilter(request, response, chain)
         then: "A good error message is provided"
             Exception success = thrown()
-            success.message.contains "Invoke RememberMeConfigurer#userDetailsService(UserDetailsService) or see its javadoc for alternative approaches."
+            success.message.contains "UserDetailsService is required"
     }
 
     @EnableWebSecurity
@@ -52,6 +71,16 @@ public class RememberMeConfigurerTests extends BaseSpringSpec {
                     .and()
                 .rememberMe()
         }
+
+        @Override
+        protected void registerAuthentication(AuthenticationManagerBuilder auth)
+                throws Exception {
+            User user = new User("user", "password", AuthorityUtils.createAuthorityList("ROLE_USER"))
+            DaoAuthenticationProvider provider = new DaoAuthenticationProvider()
+            provider.userDetailsService = new InMemoryUserDetailsManager([user])
+            auth
+                .authenticationProvider(provider)
+        }
     }
 
     def "rememberMe ObjectPostProcessor"() {
@@ -84,4 +113,89 @@ public class RememberMeConfigurerTests extends BaseSpringSpec {
         then: "RememberMeAuthenticationFilter is registered with LifecycleManager"
             http.getConfigurer(RememberMeConfigurer).userDetailsService != null
     }
+
+
+    def "http/remember-me with Global AuthenticationManagerBuilder"() {
+        setup:
+            loadConfig(RememberMeConfig)
+        when: "login with remember me"
+            super.setup()
+            request.servletPath = "/login"
+            request.method = "POST"
+            request.parameters.username = ["user"] as String[]
+            request.parameters.password = ["password"] as String[]
+            request.parameters.'remember-me' = ["true"] as String[]
+            springSecurityFilterChain.doFilter(request,response,chain)
+            Cookie rememberMeCookie = getRememberMeCookie()
+        then: "response contains remember me cookie"
+            rememberMeCookie != null
+        when: "session expires"
+            super.setup()
+            request.setCookies(rememberMeCookie)
+            request.requestURI = "/abc"
+            springSecurityFilterChain.doFilter(request,response,chain)
+            MockHttpSession session = request.getSession()
+        then: "initialized to RememberMeAuthenticationToken"
+            SecurityContext context = new HttpSessionSecurityContextRepository().loadContext(new HttpRequestResponseHolder(request, response))
+            context.getAuthentication() instanceof RememberMeAuthenticationToken
+        when: "logout"
+            super.setup()
+            request.setSession(session)
+            super.setupCsrf()
+            request.setCookies(rememberMeCookie)
+            request.servletPath = "/logout"
+            request.method = "POST"
+            springSecurityFilterChain.doFilter(request,response,chain)
+            rememberMeCookie = getRememberMeCookie()
+        then: "logout cookie expired"
+            response.getRedirectedUrl() == "/login?logout"
+            rememberMeCookie.maxAge == 0
+        when: "use remember me after logout"
+            super.setup()
+            request.setCookies(rememberMeCookie)
+            request.requestURI = "/abc"
+            springSecurityFilterChain.doFilter(request,response,chain)
+        then: "sent to default login page"
+            response.getRedirectedUrl() == "http://localhost/login"
+    }
+
+    @Configuration
+    @EnableWebSecurity
+    static class RememberMeConfig extends WebSecurityConfigurerAdapter {
+        protected void configure(HttpSecurity http) throws Exception {
+            http
+                .authorizeRequests()
+                    .anyRequest().hasRole("USER")
+                    .and()
+                .formLogin()
+                    .and()
+                .rememberMe()
+        }
+
+        @Autowired
+        public void registerGlobalAuthentication(AuthenticationManagerBuilder auth) {
+            auth
+                .inMemoryAuthentication()
+                    .withUser("user").password("password").roles("USER");
+        }
+    }
+
+    Cookie createRememberMeCookie() {
+        MockHttpServletRequest request = new MockHttpServletRequest()
+        MockHttpServletResponse response = new MockHttpServletResponse()
+        super.setupCsrf("CSRF_TOKEN", request, response)
+
+        MockFilterChain chain = new MockFilterChain()
+        request.servletPath = "/login"
+        request.method = "POST"
+        request.parameters.username = ["user"] as String[]
+        request.parameters.password = ["password"] as String[]
+        request.parameters.'remember-me' = ["true"] as String[]
+        springSecurityFilterChain.doFilter(request, response, chain)
+        response.getCookie("remember-me")
+    }
+
+    Cookie getRememberMeCookie(String cookieName="remember-me") {
+        response.getCookie(cookieName)
+    }
 }

docs/guides/src/asciidoc/hello-includes/secure-the-application.asc

@@ -4,7 +4,7 @@ Before securing your application, it is important to ensure that the existing ap
 
 === Updating your dependencies
 
-You will need to ensure you have added the dependencies. Spring Security milestones and release canidates are available in the https://github.com/SpringSource/spring-framework/wiki/SpringSource-repository-FAQ[Spring Milestone Repository]. In short, if you are using Maven and using a milestone or release canidate ensure you have the following repository in your pom.xml:
+You will need to ensure you have added the dependencies. Spring Security milestones and release candidates are available in the https://github.com/SpringSource/spring-framework/wiki/SpringSource-repository-FAQ[Spring Milestone Repository]. In short, if you are using Maven and using a milestone or release candidates ensure you have the following repository in your pom.xml:
 
 .pom.xml
 [source,xml]
@@ -63,6 +63,8 @@ The next step is to create a Spring Security configuration.
 ----
 package org.springframework.security.samples.config;
 
+import org.springframework.beans.factory.annotation.Autowired;
+
 import org.springframework.context.annotation.*;
 import org.springframework.security.config.annotation.authentication.builders.*;
 import org.springframework.security.config.annotation.web.configuration.*;
@@ -71,8 +73,8 @@ import org.springframework.security.config.annotation.web.configuration.*;
 @EnableWebSecurity
 public class SecurityConfig extends WebSecurityConfigurerAdapter {
 
-    @Override
-    protected void registerAuthentication(AuthenticationManagerBuilder auth) throws Exception {
+    @Autowired
+    public void registerGlobalAuthentication(AuthenticationManagerBuilder auth) throws Exception {
         auth
             .inMemoryAuthentication()
                 .withUser("user").password("password").roles("USER");
@@ -80,14 +82,12 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
 }
 ----
 
-
 [[servlet-api-integration]]
 The <<security-config-java,`SecurityConfig`>> will:
 
 * Require authentication to every URL in your application
 * Generate a login form for you
 * Allow the user with the *Username* _user_ and the *Password* _password_ to authenticate with form based authentication
-* Allow the user with the *Username* _user_ and the *Password* _password_ to authenticate with HTTP basic authentication
 * Allow the user to logout
 * http://en.wikipedia.org/wiki/Cross-site_request_forgery[CSRF attack] prevention
 * http://en.wikipedia.org/wiki/Session_fixation[Session Fixation] protection

samples/concurrency-jc/src/main/java/org/springframework/security/samples/config/SecurityConfig.java

@@ -1,8 +1,7 @@
 package org.springframework.security.samples.config;
 
-import org.springframework.context.annotation.Bean;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
@@ -21,8 +20,8 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
                 .antMatchers("/resources/**");
     }
 
-    @Override
-    protected void registerAuthentication(
+    @Autowired
+    public void registerGlobalAuthentication(
             AuthenticationManagerBuilder auth) throws Exception {
         auth
             .inMemoryAuthentication()
@@ -30,13 +29,6 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
                 .withUser("admin").password("password").roles("USER", "ADMIN");
     }
 
-    @Bean
-    @Override
-    public AuthenticationManager authenticationManagerBean()
-            throws Exception {
-        return super.authenticationManagerBean();
-    }
-
     @Override
     protected void configure(
             HttpSecurity http) throws Exception {

samples/form-jc/src/main/java/org/springframework/security/samples/config/SecurityConfig.java

@@ -1,9 +1,11 @@
 package org.springframework.security.samples.config;
 
-import org.springframework.context.annotation.*;
-import org.springframework.security.config.annotation.authentication.builders.*;
-import org.springframework.security.config.annotation.web.builders.*;
-import org.springframework.security.config.annotation.web.configuration.*;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 
 @Configuration
 @EnableWebSecurity
@@ -24,8 +26,8 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
                 .permitAll();
     }
 
-    @Override
-    protected void registerAuthentication(
+    @Autowired
+    public void registerGlobalAuthentication(
             AuthenticationManagerBuilder auth) throws Exception {
         auth
             .inMemoryAuthentication()

samples/hellojs-jc/src/main/java/org/springframework/security/samples/config/SecurityConfig.java

@@ -1,5 +1,6 @@
 package org.springframework.security.samples.config;
 
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
@@ -9,8 +10,8 @@ import org.springframework.security.config.annotation.web.configuration.WebSecur
 @EnableWebSecurity
 public class SecurityConfig extends WebSecurityConfigurerAdapter {
 
-    @Override
-    protected void registerAuthentication(
+    @Autowired
+    public void registerGlobalAuthentication(
             AuthenticationManagerBuilder auth) throws Exception {
         auth
             .inMemoryAuthentication()

samples/hellomvc-jc/src/main/java/org/springframework/security/samples/config/SecurityConfig.java

@@ -1,5 +1,6 @@
 package org.springframework.security.samples.config;
 
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
@@ -9,8 +10,8 @@ import org.springframework.security.config.annotation.web.configuration.WebSecur
 @EnableWebSecurity
 public class SecurityConfig extends WebSecurityConfigurerAdapter {
 
-    @Override
-    protected void registerAuthentication(
+    @Autowired
+    public void registerGlobalAuthentication(
             AuthenticationManagerBuilder auth) throws Exception {
         auth
             .inMemoryAuthentication()

samples/helloworld-jc/src/main/java/org/springframework/security/samples/config/SecurityConfig.java

@@ -1,5 +1,6 @@
 package org.springframework.security.samples.config;
 
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.authentication.builders.*	;
 import org.springframework.security.config.annotation.web.configuration.*;
@@ -8,8 +9,8 @@ import org.springframework.security.config.annotation.web.configuration.*;
 @EnableWebSecurity
 public class SecurityConfig extends WebSecurityConfigurerAdapter {
 
-    @Override
-    protected void registerAuthentication(AuthenticationManagerBuilder auth) throws Exception {
+    @Autowired
+    public void registerGlobalAuthentication(AuthenticationManagerBuilder auth) throws Exception {
         auth
             .inMemoryAuthentication()
                 .withUser("user").password("password").roles("USER");

samples/inmemory-jc/src/main/java/org/springframework/security/samples/config/SecurityConfig.java

@@ -1,5 +1,6 @@
 package org.springframework.security.samples.config;
 
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
@@ -10,8 +11,8 @@ import org.springframework.security.config.annotation.web.configuration.WebSecur
 @EnableWebSecurity
 public class SecurityConfig extends WebSecurityConfigurerAdapter {
 
-    @Override
-    protected void registerAuthentication(
+    @Autowired
+    public void registerGlobalAuthentication(
             AuthenticationManagerBuilder auth) throws Exception {
         auth
             .inMemoryAuthentication()

samples/jdbc-jc/src/main/java/org/springframework/security/samples/config/SecurityConfig.java

@@ -16,8 +16,8 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
     @Autowired
     private DataSource dataSource;
 
-    @Override
-    protected void registerAuthentication(AuthenticationManagerBuilder auth) throws Exception {
+    @Autowired
+    public void registerGlobalAuthentication(AuthenticationManagerBuilder auth) throws Exception {
         auth
             .jdbcAuthentication()
                 .dataSource(dataSource)

samples/ldap-jc/src/main/java/org/springframework/security/samples/config/SecurityConfig.java

@@ -1,5 +1,6 @@
 package org.springframework.security.samples.config;
 
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
@@ -9,8 +10,8 @@ import org.springframework.security.config.annotation.web.configuration.WebSecur
 @Configuration
 @EnableWebSecurity
 public class SecurityConfig extends WebSecurityConfigurerAdapter {
-    @Override
-    protected void registerAuthentication(
+    @Autowired
+    public void registerGlobalAuthentication(
             AuthenticationManagerBuilder auth) throws Exception {
         auth
             .ldapAuthentication()

samples/rememberme-jc/src/main/java/org/springframework/security/samples/config/SecurityConfig.java

@@ -1,5 +1,6 @@
 package org.springframework.security.samples.config;
 
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
@@ -10,8 +11,8 @@ import org.springframework.security.config.annotation.web.configuration.WebSecur
 @EnableWebSecurity
 public class SecurityConfig extends WebSecurityConfigurerAdapter {
 
-    @Override
-    protected void registerAuthentication(
+    @Autowired
+    public void registerGlobalAuthentication(
             AuthenticationManagerBuilder auth) throws Exception {
         auth
             .inMemoryAuthentication()

samples/x509-jc/src/main/java/org/springframework/security/samples/config/SecurityConfig.java

@@ -1,5 +1,6 @@
 package org.springframework.security.samples.config;
 
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
@@ -10,8 +11,8 @@ import org.springframework.security.config.annotation.web.configuration.WebSecur
 @EnableWebSecurity
 public class SecurityConfig extends WebSecurityConfigurerAdapter {
 
-    @Override
-    protected void registerAuthentication(AuthenticationManagerBuilder auth)
+    @Autowired
+    public void registerGlobalAuthentication(AuthenticationManagerBuilder auth)
             throws Exception {
         auth.
             inMemoryAuthentication()