Updating spring-boot to 3.2.0 breaks with "An AuthenticationManager is required"

[benallard]

I'm using the spring-boot-starter-oauth2-resource-server, and I thought that should be enough to setup the security processing.

Spring-boot 3.2.0 has spring-security 6.2

EDIT:
The AbstractSecurityInterceptor is actually deprecated:

Use org.springframework.security.web.access.intercept.AuthorizationFilter instead for filter security, org.springframework.security.messaging.access.intercept.AuthorizationChannelInterceptor for messaging security, or org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor and org.springframework.security.authorization.method.AuthorizationManagerAfterMethodInterceptor for method security.

[alicanhaman]

I am currently updating to Spring boot 3.2.0. And faced the exact same issue. Our standart rest api security ended up breaking grpc, we don't do grpc security. Did you find a way to fix this issue?

[alicanhaman]

Disabled grpc security in properties which did the trick.

grpc:
  security:
    auth:
      enabled: false

[jvmlet]

Right, @alicanhaman, this is the way till 3.2.0 is supported.

[mwong38]

So grpc security doesn't work with 3.2.0 at all? When will 3.2.0 be supported? Is there a workaround in the mean time?

[sheinbergon]

@jvmlet is there any plan to support Spring 3.2.0? what's the blocker here in terms of security? Anyway I can help?

[jvmlet]

Hi, yes, planned.
Basically, they removed the filter that drives authentication , I asked spring security team to resurrect this class, but no 😒
What needs to be done is to copy-paste the base class of grpc security interceptor (the essential part of it)

[sheinbergon]

@jvmlet will you accept PRs?

[jvmlet]

@sheinbergon, sure, בשמחה
FYI spring-projects/spring-security#13444

[debraj-spotnana]

https://grpc-ecosystem.github.io/grpc-spring/ started supporting spring boot 3.2.0