Spring Security 3.1.0.RC1: W/ multiple <http…/> elements only 1 AuthenticationManager

**davidparks21** · Mar 18th, 2011, 04:24 AM

Spring Security 3.1.0.RC1: With multiple <http…/> elements why can I only register one authentication manager?

I have the following configuration with multiple <http.../> elements (in order to separately support REST authetication via basic auth, and user form login):

Code:

<security:http auto-config="false" pattern="/service/**" create-session="never" 
               entry-point-ref="basicAuthenticationEntryPoint" >
    <security:intercept-url pattern="/service/**" requires-channel="any" access="ROLE_REST_SERVICE" />
    <security:custom-filter position="BASIC_AUTH_FILTER" ref="basicAuthenticationFilter" />
</security:http>

<security:http auto-config="false" pattern="/**"
               entry-point-ref="loginUrlAuthenticationEntryPoint" >
    <security:logout logout-url="/logout" />
    <security:anonymous enabled="false"/>
    <security:custom-filter position="FORM_LOGIN_FILTER" ref="usernamePasswordAuthenticationFilter" />
    <security:custom-filter position="ANONYMOUS_FILTER" ref="anonymousAuthFilter" />
</security:http>

In each of my two filters requiring authentication (FORM_LOGIN_FILTER, and BASIC_AUTH_FILTER) I reference two different authentication managers.

But I get an error that I've already registered an authentication manager.

Why would I use one authentication manager when I know before hand which Authentication provider is going to be needed for each filter?

Should I not use the authentication manager and just start my AuthenticationProvider as a bean and pass it into the filter directly as the AuthenticationManager?

**Rob Winch** · Mar 18th, 2011, 08:52 AM

Typically if you need multiple methods for authentication, you add multiple AuthenticationProviders each of them are able to perform a different type of authentication.

**davidparks21** · Mar 18th, 2011, 08:57 PM

Yes, I have 2 authentication providers. One for my ROLE_REST_SERVICE, and another for normal ROLE_USER/ROLE_ADMIN.

But the filter calls for an AuthenticationManager.

But the namespace won't allow me to declare 2 AuthenticationManager(s).

Seemed odd. So for now I just implemented AuthenticationManager on my AuthenticationProvider (which calls for the same authenticate(...) method as AuthenticationProvider), and I instantiate it as a stand-alone bean.

But it seemed, perhaps, this was an odd relec of only supporting one <http.../> element in the namespace?

Or am I still not thinking of this correctly?

**blicket** · Nov 2nd, 2011, 10:50 AM

Were you able to figure this out?

**davidparks21** · Nov 2nd, 2011, 12:58 PM

Oh gosh, it's been a while now. I think a newer version might have been the answer. I'm on RC3 right now. If that doesn't do it for you reply to this thread again and I'll look a little deeper, I'm a bit swamped right now for digging any more.

**blicket** · Nov 2nd, 2011, 02:54 PM

Since each new http element is tantamount to a new FilterChainProxy, why can't we have separate authemanager for each? What would then be the point. I know each AuthenticationManager can have multiple providers, but they're ordered, it's great for n-factor auth, but I want to be able to group one set of urls to one provider and another to a separate provider. I'd really appreciate any suggestions.

**Luke Taylor** · Nov 3rd, 2011, 12:47 PM

Check out https://jira.springsource.org/browse/SEC-1847

**blicket** · Nov 3rd, 2011, 12:55 PM

Thank you.

Thread: Spring Security 3.1.0.RC1: W/ multiple <http…/> elements only 1 AuthenticationManager

Thread Tools

Display

Spring Security 3.1.0.RC1: W/ multiple <http…/> elements only 1 AuthenticationManager

Posting Permissions