We've touched on the idea that the namespace configuration automatically registers an authentication manager bean for
you. This is an instance of Spring Security's ProviderManager
class, which you may already
be familiar with if you've used the framework before. You can't use a custom AuthenticationProvider
if you are
using either HTTP or method security through the namespace, but this should not be a problem as you have full control over
the AuthenticationProvider
s that are used.
You may want to register additional AuthenticationProvider
beans with the ProviderManager
and you can do this using the <custom-authentication-provider>
element within the bean. For example:
<bean id="casAuthenticationProvider" class="org.springframework.security.providers.cas.CasAuthenticationProvider"> <security:custom-authentication-provider /> ... </bean>
Another common requirement is that another bean in the context may require a reference to the AuthenticationManager
.
There is a special element which lets you register an alias for the AuthenticationManager
and you can then
use this name elsewhere in your application context.
<security:authentication-manager alias="authenticationManager"/> <bean id="customizedFormLoginFilter" class="org.springframework.security.ui.webapp.AuthenticationProcessingFilter"> <security:custom-filter position="AUTHENTICATION_PROCESSING_FILTER "/> <property name="authenticationManager" ref="authenticationManager"/> ... </bean>