The Default Authentication Manager

We've touched on the idea that the namespace configuration automatically registers an authentication manager bean for you. This is an instance of Spring Security's ProviderManager class, which you may already be familiar with if you've used the framework before. You can't use a custom AuthenticationProvider if you are using either HTTP or method security through the namespace, but this should not be a problem as you have full control over the AuthenticationProviders that are used.

You may want to register additional AuthenticationProvider beans with the ProviderManager and you can do this using the <custom-authentication-provider> element within the bean. For example:

  <bean id="casAuthenticationProvider" 
      class="org.springframework.security.providers.cas.CasAuthenticationProvider">
    <security:custom-authentication-provider />
    ...
  </bean>
  

Another common requirement is that another bean in the context may require a reference to the AuthenticationManager. There is a special element which lets you register an alias for the AuthenticationManager and you can then use this name elsewhere in your application context.

        
  <security:authentication-manager alias="authenticationManager"/>

  <bean id="customizedFormLoginFilter" class="org.springframework.security.ui.webapp.AuthenticationProcessingFilter">
     <security:custom-filter position="AUTHENTICATION_PROCESSING_FILTER "/>
     <property name="authenticationManager" ref="authenticationManager"/>
     ...
  </bean>