UserCache in DaoAuthenticationProvider Auto Configuration

[rastadrian]

Summary

When the AuthenticationConfiguration builds the AuthenticationManager along with a DaoAuthenticationProvider.

There's not a straightforward way to set a UserCache in that DaoAuthenticationProvider as it is not Spring managed, it is just instantiated by the InitializeUserDetailsBeanManagerConfigurer.

Actual Behavior

If a UserCache is registered to the application's context, the Authentication Provider Configurer won't set said UserCache into the Provider.

Expected Behavior

Given that an UserCache is registered in the ApplicationContext.
When the AuthenticationConfiguration configures the InitializeUserDetailsBeanManagerConfigurer .
Then the Configurer should set the registered UserCache in the DaoAuthenticationProvider that is created for the AuthenticationManagerBuilder.

Configuration

A project configured with these dependencies:

spring-boot-starter-web
spring-boot-starter-security

A SecurityConfiguration with @EnableWebSecurity.

A registered implementation of an UserDetailsService and of an UserCache.

Version

Spring Framework 5.2.0.RELEASE
Spring Boot 2.2.0.RELEASE

Also present in older versions.

Sample

https://github.com/rastadrian/spring-security-usercache-sample

[rwinch]

We try and focus on the the most frequently used beans for automatic detection. I don't view UserCache as such a type. If you need to configure a UserCache, expose a DaoAuthenticationProvider as a Bean with the UserCache.