Collectives™ on Stack Overflow

Find centralized, trusted content and collaborate around the technologies you use most.

Teams

Q&A for work

Connect and share knowledge within a single location that is structured and easy to search.

Error: Required a bean of type 'org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder' that could not be found

I want to use Spring Boot Security in my project by creating a simple login screen but i get these error while running y application

Description: Parameter 1 of constructor in com.panchmeru_studio.controller.UserController required a bean of type 'org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder' that could not be found.

Action:Consider defining a bean of type org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder' in your configuration. Here is my code.

UserController

package com.panchmeru_studio.controller;
import com.panchmeru_studio.entities.ApplicationUser;
import com.panchmeru_studio.repository.ApplicationUserRepository;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.web.bind.annotation.*;
@RestController
@RequestMapping("/users")
public class UserController {
    private ApplicationUserRepository applicationUserRepository;
    private BCryptPasswordEncoder bCryptPasswordEncoder;
    public UserController(ApplicationUserRepository applicationUserRepository,
                          BCryptPasswordEncoder bCryptPasswordEncoder) {
        this.applicationUserRepository = applicationUserRepository;
        this.bCryptPasswordEncoder = bCryptPasswordEncoder;
    @PostMapping("/record")
    public void signUp(@RequestBody ApplicationUser applicationUser) {
        applicationUser.setPassword(bCryptPasswordEncoder.encode(applicationUser.getPassword()));
        applicationUserRepository.save(applicationUser);
SecurityConfiguration.java
package com.panchmeru_studio.security;
import com.panchmeru_studio.filter.AuthenticationFilter;
import com.panchmeru_studio.filter.AuthorizationFilter;
import com.panchmeru_studio.service.ApplicationUserDetailsService;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.CorsConfigurationSource;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
import static com.panchmeru_studio.constants.SecurityConstants.SIGN_UP_URL;
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
    private ApplicationUserDetailsService userDetailsService;
    private BCryptPasswordEncoder bCryptPasswordEncoder;
    public SecurityConfiguration(ApplicationUserDetailsService userDetailsService, BCryptPasswordEncoder bCryptPasswordEncoder) {
        this.userDetailsService = userDetailsService;
        this.bCryptPasswordEncoder = bCryptPasswordEncoder;
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.cors().and().csrf().disable().authorizeRequests()
                .antMatchers(HttpMethod.POST, SIGN_UP_URL).permitAll()
                .anyRequest().authenticated()
                .and()
                .addFilter(new AuthenticationFilter(authenticationManager()))
                .addFilter(new AuthorizationFilter(authenticationManager()))
                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
    @Bean
    CorsConfigurationSource corsConfigurationSource() {
        final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
        source.registerCorsConfiguration("/**", new CorsConfiguration().applyPermitDefaultValues());
        return source;
    @Override
    public void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailsService).passwordEncoder(bCryptPasswordEncoder);
    @Override
    @Bean
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
In your Security Configuration class, you do not need this line:
private BCryptPasswordEncoder bCryptPasswordEncoder;
Replace it with this. The below method is providing the Password Encoder bean to spring container to enforce security.
@Bean
public PasswordEncoder passwordEncoder()
    return new BCryptPasswordEncoder();
In your controller, now you can autowire this as:
@Autowired    
private BCryptPasswordEncoder bCryptPasswordEncoder;
                What you missed is the basic of Spring and not specifically related to Spring Security. Maybe, referring the below can help you understanding that:  stackoverflow.com/questions/19414734/…  The second confusion is passwordencoder, as an overview just know that you need to provide two beans to the container- UserDetailsService and the PasswordEncoder while configuring security. For more info, please check spring security docs.
– KnockingHeads
                Apr 30, 2021 at 6:55
                But i am using the variable bCryptPasswordEncoder at several places, removing   private BCryptPasswordEncoder bCryptPasswordEncoder; can result in several errors
– VJain
                Apr 30, 2021 at 6:58
                No no, its not like that. See, once you provide your bean to the spring container, you do not need to declare variable and create an object anywhere. Spring brings in Dependency Injection there. It creates a singleton object and keeps it in the container. Now, whenever you need this object, just do @Autowired on object type you need. That instance will be available directly from the container. And, you dont need to use new() anywhere.
– KnockingHeads
                Apr 30, 2021 at 7:02
                Hey, @VJain, I have posted a question & answer related to spring security very basics here:  stackoverflow.com/questions/67329660/…  This might help you with your implementation and confusions.
– KnockingHeads
                Apr 30, 2021 at 9:59
The error says, you don't have any bean with password encoder.
In you confugiration class add that bean and remove BCryptPasswordEncoder from constructor in SecurityConfiguration :
@Bean
public PasswordEncoder encoder() {
    return new BCryptPasswordEncoder();
Replace it with this. The below method is providing the Password Encoder bean to spring container to enforce security.
@Bean
public PasswordEncoder passwordEncoder()
    return new BCryptPasswordEncoder();
In your controller, now you can autowire this as:
@Autowired    
private PasswordEncoder passwordEncoder;
and i inject this Bean in my ApplicationConfig, and it works

@Bean
private PasswordEncoder passwordEncoder() {
  return new BCryptPasswordEncoder();
        
Thanks for contributing an answer to Stack Overflow!
Please be sure to answer the question. Provide details and share your research!
But avoid …
Asking for help, clarification, or responding to other answers.
Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.