An AuthenticationManager is required. Oauth2ResourceServer + anonymous disable

[shermende]

issue source

Hello, i caught strange behavior, when did disable anonymous() in WebSecurityConfigurerAdapter with oauth2ResourceServer().jwt() option.
This setting throws an exception on startup: An AuthenticationManager is required.
Used version: 2.2.4.RELEASE.
The same settings work on 2.1.x.RELEASE

Yes, i understand, if specify a bean, the error will disappear, but this behavior seems strange.

Sample here

    public class AnonymousDisableApplication extends WebSecurityConfigurerAdapter {
    
        @Override
        protected void configure(HttpSecurity http) throws Exception {
            http
                    .authorizeRequests()
                    .anyRequest()
                    .authenticated()
                    .and()
                    .anonymous()
                    .disable()
                    .oauth2ResourceServer()
                    .jwt()
            ;
        }
    
    }

[cccs-cat001]

What was the fix for this issue? I'm currently hitting it with this config:

public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

  @Autowired
  private AADAppRoleStatelessAuthenticationFilter aadAuthFilter;

  @Bean
  public AuthenticationEntryPoint entrypoint() {
    System.out.println("ENTRYPOINT");
    return new AuthenticationEntryPoint();
  }

  @Override
  protected void configure(HttpSecurity http) throws Exception {
    System.out.println("CONFIG");
    http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.NEVER);
    http.anonymous().disable();
    http.authorizeRequests().antMatchers("OPTIONS", "/**").permitAll()
        .antMatchers("/login", "/login/**").permitAll().anyRequest().authenticated().and()
        .exceptionHandling().authenticationEntryPoint(entrypoint());
    http.addFilterBefore(aadAuthFilter, UsernamePasswordAuthenticationFilter.class);

  }
}