Spring Security 3.1.0.RC1: With multiple <http…/> elements why can I only register one authentication manager?
I have the following configuration with multiple <http.../> elements (in order to separately support REST authetication via basic auth, and user form login):
In each of my two filters requiring authentication (FORM_LOGIN_FILTER, and BASIC_AUTH_FILTER) I reference two different authentication managers.
<security:http auto-config="false" pattern="/service/**" create-session="never"
<security:intercept-url pattern="/service/**" requires-channel="any" access="ROLE_REST_SERVICE" />
<security:custom-filter position="BASIC_AUTH_FILTER" ref="basicAuthenticationFilter" />
<security:http auto-config="false" pattern="/**"
<security:logout logout-url="/logout" />
<security:custom-filter position="FORM_LOGIN_FILTER" ref="usernamePasswordAuthenticationFilter" />
<security:custom-filter position="ANONYMOUS_FILTER" ref="anonymousAuthFilter" />
But I get an error that I've already registered an authentication manager.
Why would I use one authentication manager when I know before hand which Authentication provider is going to be needed for each filter?
Should I not use the authentication manager and just start my AuthenticationProvider as a bean and pass it into the filter directly as the AuthenticationManager?