Fix "userDetailsPasswordService cannot be null" error

sephiroth-j · sephiroth-j · commit 57a266dd4f13 · 2025-12-08T21:22:06.000+01:00
when using `ReactiveUserDetailsService` without `ReactiveUserDetailsPasswordService` fixes gh-17986 Signed-off-by: Ronny Perinke <23166289+sephiroth-j@users.noreply.github.com>
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/reactive/ServerHttpSecurityConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/web/reactive/ServerHttpSecurityConfiguration.java
@@ -255,7 +255,9 @@ private ReactiveAuthenticationManager authenticationManager() {
 			if (this.passwordEncoder != null) {
 				manager.setPasswordEncoder(this.passwordEncoder);
 			}
-			manager.setUserDetailsPasswordService(this.userDetailsPasswordService);
+			if (this.userDetailsPasswordService != null) {
+				manager.setUserDetailsPasswordService(this.userDetailsPasswordService);
+			}
 			manager.setCompromisedPasswordChecker(this.compromisedPasswordChecker);
 			return this.postProcessor.postProcess(manager);
 		}
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/reactive/ServerHttpSecurityConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/reactive/ServerHttpSecurityConfigurationTests.java
@@ -107,7 +107,7 @@ void setup(ApplicationContext context) {
 	}
 
 	@Test
-	public void loadConfigWhenReactiveUserDetailsServiceConfiguredThenServerHttpSecurityExists() {
+	public void loadConfigWhenReactiveUserDetailsAndPasswordServiceConfiguredThenServerHttpSecurityExists() {
 		this.spring
 			.register(ServerHttpSecurityConfiguration.class, ReactiveAuthenticationTestConfiguration.class,
 					WebFluxSecurityConfiguration.class)
@@ -116,6 +116,16 @@ public void loadConfigWhenReactiveUserDetailsServiceConfiguredThenServerHttpSecu
 		assertThat(serverHttpSecurity).isNotNull();
 	}
 
+	@Test
+	public void loadConfigWhenOnlyReactiveUserDetailsServiceConfiguredThenServerHttpSecurityExists() {
+		this.spring
+			.register(ServerHttpSecurityConfiguration.class, ReactiveUserDetailsServiceOnlyTestConfiguration.class,
+					WebFluxSecurityConfiguration.class)
+			.autowire();
+		ServerHttpSecurity serverHttpSecurity = this.spring.getContext().getBean(ServerHttpSecurity.class);
+		assertThat(serverHttpSecurity).isNotNull();
+	}
+
 	@Test
 	public void loadConfigWhenProxyingEnabledAndSubclassThenServerHttpSecurityExists() {
 		this.spring
@@ -581,4 +591,14 @@ static Customizer<ServerHttpSecurity> httpSecurityCustomizer0() {
 
 	}
 
+	@Configuration
+	static class ReactiveUserDetailsServiceOnlyTestConfiguration {
+
+		@Bean
+		static ReactiveUserDetailsService userDetailsService() {
+			return (username) -> Mono.just(PasswordEncodedUser.user());
+		}
+
+	}
+
 }

Original file line number	Diff line number	Diff line change
`@@ -255,7 +255,9 @@ private ReactiveAuthenticationManager authenticationManager() {`
`255`	`255`	`if (this.passwordEncoder != null) {`
`256`	`256`	`manager.setPasswordEncoder(this.passwordEncoder);`
`257`	`257`	`}`
`258`		`- manager.setUserDetailsPasswordService(this.userDetailsPasswordService);`
	`258`	`+ if (this.userDetailsPasswordService != null) {`
	`259`	`+ manager.setUserDetailsPasswordService(this.userDetailsPasswordService);`
	`260`	`+ }`
`259`	`261`	`manager.setCompromisedPasswordChecker(this.compromisedPasswordChecker);`
`260`	`262`	`return this.postProcessor.postProcess(manager);`
`261`	`263`	`}`