Kotlin @Value dosen't set variables spingboot security

Question

trying to set some parameters in the AuthenticationManager of SpringBootSecurity by getting values from application.properties, but the values are only the one set by default, and not the one in the application.properties file

Have used @Value in other places of my app without problem, but in this class somenthing is wrong... whatever I set in application.properties, the values are always the default ones. e.g refreshTokenExpiredDays should be 4 (see applicationproperties file below) but in fact it is 1

import org.springframework.beans.factory.annotation.Value
class ApplicationAuthenticationFilters(
          authenticationManager: AuthenticationManager
    ):UsernamePasswordAuthenticationFilter(authenticationManager) {
    
        @Value("\${security-json-token-secret}")
        private val jsonTokenSecret: String = "secret"
    
        @Value("\${security-access-token-expired-mns}")
        private val accessTokenExpiredMns: Int = 10
    
        @Value("\${security-refresh-token-expired-days}")
        private val refreshTokenExpiredDays: Int = 1
    
        @Value("\${security-tokens-in-header}")
        private val tokensInHeader: Boolean=false

    ...
    ...}

application.properties

cors-origin-patterns=http://localhost:3000,https://localhost,http://localhost:8080

security-json-token-secret=secret
security-access-token-expired-mns=20
security-refresh-token-expired-days=4
security-tokens-in-header=true

[EDIT] wondering why someone set -1 to my question... BTW, yes, this filter class is called when overriding the configure function in the WebSecurityConfigurerAdapter

override fun configure(http: HttpSecurity) {

        val applicationAuthenticationFilter:ApplicationAuthenticationFilters = ApplicationAuthenticationFilters(authenticationManagerBean())

    applicationAuthenticationFilter.setFilterProcessesUrl("/auth/login")

    http.csrf().disable();
    http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
    http.authorizeRequests().antMatchers("/auth/login/**", "/auth/token/refresh/**").permitAll();
    http.authorizeRequests().anyRequest().authenticated()
    // filtre ici pour gérer la JWT vai authentificationManager
    http.addFilter(applicationAuthenticationFilter)
}

[EDIT 2] My solution Finaly have created a data class that I inject in all constructors that require a variable from application.properties

@Component
data class EnvVariables(
    @Value("\${security-json-token-secret}")
    val jsonTokenSecret: String = "secret",

    @Value("\${security-access-token-expired-mns}")
    val accessTokenExpiredMns: Int = 10,

    @Value("\${security-refresh-token-expired-days}")
    val refreshTokenExpiredDays: Int = 1,


    @Value("\${security-tokens-in-header}")
    val tokensInHeader: Boolean = false
)

Answer 1

You can do the following:

        @Value("\${security-json-token-secret:secret}")
        lateinit var jsonTokenSecret: String
    
        @Value("\${security-access-token-expired-mns:10}")
        lateinit var accessTokenExpiredMns: Int
    
        @Value("\${security-refresh-token-expired-days:1}")
        lateinit var refreshTokenExpiredDays: Int
    
        @Value("\${security-tokens-in-header: false}")
        lateinit var tokensInHeader: Boolean

Note: Your class (filter or otherwise) will need to be an @Bean or @Component in order to have values injected into them. In your [EDIT] it appears you are constructing it manually, in which case your properties will not be handled by Spring.

Additionally, other techniques exist instead of @Value, such as using @ConfigurationProperties.