AuthenticationProvider or AbstractAuthenticationProcessingFilter for web app?
Is it enough to implement the attemptAuthentication of the AbstractAuthenticationProcessingFilter to support custom authentication? Or, do I have to delegate the actual authentication to an AuthenticationProvider through the authenticate method of the AuthenticationManager?
The system I am working on authenticates users using an API of a content management system by passing the username, password and repository to create a connection with the repository. I am not sure whether the authentication need to be done in an AbstractAuthenticationProcessingFilter or an AuthenticationProvider. Luke Taylor suggested using AuthenticationProcessingFilter for web authentication in the following thread http://forum.springsource.org/showth...792#post245792. However, most of the online resources that I have read used an AuthenticationProvider.
