disabling default RememberMeAuthenticationProvider

By default RememberMeAuthenticationProvider of Spring is called for remember me authentication, how can i disable that.
I tried by inserting property List of AuthenticationProviders, it didn't work .

Code:

---

<security:http access-decision-manager-ref="accessDecisionManager" access-denied-page="/home.htm?failed=true">
          <security:session-management session-authentication-strategy-ref="sessionFixation" invalid-session-url="/home.htm" />
            <security:intercept-url pattern="/myaccount_landing_page.htm" access="ROLE_CUSTOMERGROUP,ROLE_EMPLOYEEGROUP" requires-channel="https" />
            <security:port-mappings>
                    <security:port-mapping http="9001" https="9002" />
                    <security:port-mapping http="80" https="443" />
            </security:port-mappings>
            <security:form-login login-page="/standardlogin.htm" authentication-success-handler-ref="authenticationSuccessHandler"  authentication-failure-handler-ref="authenticationFailureHandler" />
            <security:logout logout-url="/j_spring_security_logout" logout-success-url="/home.htm" invalidate-session="true" />
            <security:anonymous username="anonymous" />
            <security:remember-me services-ref="rememberMeServices" key="88336b5bb2a1cc21bac7cf33fd451270"/>
    </security:http>
   
    <bean id="sessionFixation" class="de.hybris.platform.servicelayer.security.spring.HybrisSessionFixationProtectionStrategy"/>
   
    <security:global-method-security secured-annotations="enabled" access-decision-manager-ref="accessDecisionManager"/>
         
          <security:authentication-manager alias="theAuthenticationManager">
                                <security:authentication-provider ref="authenticationProvider" />
                                <security:authentication-provider ref="ecomRememeberMeAuthenticationProvider"/>
        </security:authentication-manager>
       
        <bean id="authenticationSuccessHandler" class="com.entertainment.ecom.web.auth.EcomAuthenticationSuccessHandler">
        <constructor-arg value="/firstpage.htm"></constructor-arg>
        </bean>
       
        <bean id="authenticationFailureHandler" class="com.entertainment.ecom.web.auth.EcomAuthenticationFailureHandler">
        <constructor-arg value="/home.htm?failed=true"></constructor-arg>
        </bean>
       
    <bean id="authenticationProvider" parent="ecomAuthenticationProvider" scope="tenant"/>
   
        <bean id="ecomAuthenticationProvider" class="com.entertainment.ecom.web.auth.EcomAuthenticationProvider" scope="tenant" abstract="true" />
       
        <util:set id="authorizedGroups" value-type="java.lang.String">
                <value>customergroup</value>
        </util:set>
       
    <bean id="accessDecisionManager" class="org.springframework.security.access.vote.AffirmativeBased">
                <property name="decisionVoters">
                        <list>
                                <bean id="notInitializedVoter" class="de.hybris.platform.spring.security.voter.HybrisNotInitializedVoter" />
                                <bean id="roleVoter" class="org.springframework.security.access.vote.RoleVoter" />
                                <bean id="authenticatedVoter" class="org.springframework.security.access.vote.AuthenticatedVoter" />
                        </list>
                </property>
        </bean>
       
       
        <bean id="ecomUserDetailsService" class="com.entertainment.ecom.web.auth.EcomUserDetailsService"/>
       
       
        <bean id="authenticationFilter" class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
                  <property name="authenticationManager" ref="theAuthenticationManager"/>
                  <property name="filterProcessesUrl" value="/j_spring_security_check"/>
                  <property name="rememberMeServices" ref="rememberMeServices"/>
                <property name="authenticationFailureHandler" ref="authenticationFailureHandler"/>
                <property name="authenticationSuccessHandler" ref="authenticationSuccessHandler"/>
        </bean>
       
        <bean id="rememberMeFilter" class=
                "org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter">
                <property name="rememberMeServices" ref="rememberMeServices"/>
                <property name="authenticationManager" ref="theAuthenticationManager" />
        </bean>
       
        <bean id="rememberMeServices" class=
                "org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices">
                <property name="userDetailsService" ref="ecomUserDetailsService"/>
                <property name="key" value="88336b5bb2a1cc21bac7cf33fd451270"/>
                <property name="parameter" value="_spring_security_remember_me"/>
                  <property name="cookieName" value="ENTC"/>
              <property name="tokenValiditySeconds" value="80000"/>
        </bean>
       
        <bean id="ecomRememeberMeAuthenticationProvider" parent="rememberUserAuthenticationProvider" scope="tenant" />
       
        <bean id="rememberUserAuthenticationProvider" class=
                "com.entertainment.ecom.web.auth.EcomRememeberMeAuthenticationProvider" scope="tenant" abstract="true">
                <property name="key" value="88336b5bb2a1cc21bac7cf33fd451270"/>
        </bean>
       
        <bean id="myfilterChainProxy" class="org.springframework.security.web.FilterChainProxy">
    <security:filter-chain-map path-type="ant">
        <security:filter-chain pattern="/firstpage.htm" filters="authenticationFilter,rememberMeFilter"/>
    </security:filter-chain-map>
        </bean>

---

I'm not sure what you mean by disable RememberMeAuthenticationProvider. You can disable remember me by removing the <security:remember-me /> element. If this is not what you meant, can you please elaborate?

if we configure

Code:

---

<security:remember-me services-ref="rememberMeServices" key="88336b5bb2a1cc21bac7cf33fd451270"/>

---

Spring will try to authenticate the request with org.springframework.security.authentication.Rememb erMeAuthenticationProvider when Authentication object is of type RememberMeAuthenticationToken .

The authentication providers in the following configuration will be called only after the default authentication provider above.

Code:

---

<security:authentication-manager alias="theAuthenticationManager">
                                <security:authentication-provider ref="authenticationProvider" />
                                <security:authentication-provider ref="ecomRememeberMeAuthenticationProvider"/>
        </security:authentication-manager>

---

But i want to use custom authentication provider without changing RememberMeservices, RememberMeAuthenticationToken, RememberMeAuthenticationFilter

If you want to customize remember me authentication, I would provide a custom RememberMeServices (that perhaps just extends one of the current implementations). This is easier to hook in using the namespace configuration and since the RememberMeServices.autoLogin method is already doing authentication it logically makes sense to do.

If you really want a custom AuthenticationProvider instead of using a custom RememberMeServices, you can use standard bean configuration for remember me (See the source for AuthenticationConfigBuilder on what the namespace does) or a BeanPostProcessor as mentioned in the FAQ.