"authentication-manager" syntax

[OhadR]

hi

I've looked at your example, and i did not understand why "authentication-manager" seems to appear twice: once

Code:

<authentication-manager id="clientAuthenticationManager" xmlns="http://www.springframework.org/schema/security">
		<authentication-provider user-service-ref="clientDetailsUserService" />
</authentication-manager>

and then again

Code:

	
<authentication-manager alias="authenticationManager" xmlns="http://www.springframework.org/schema/security">
		<authentication-provider>
			<user-service>
				<user name="marissa" password="koala" authorities="ROLE_USER" />
				<user name="paul" password="emu" authorities="ROLE_USER" />
			</user-service>
		</authentication-provider>
</authentication-manager>

I guess it is not because the resource server and the authentication server are united...
I try to understand the meaning of each statement, and the sample code is "a bit" different than what the documentations describe...
please advise

thanks!

Ohad

[Dave Syer]

Both authentication managers play a role in the auth server, actually. On is a for users (protecting the authorization endpoint) and the other is for client apps (protecting the token endpoint).

[OhadR]

Thanks Dave. makes sense now :-)
another question - (i posted it in the Spring Security main forum...) is there a reason why one of the auth-managers is declared with "id", and the other with "alias"?

[Dave Syer]

I think the "main" user authentication manager has a default id fixed by the framework, and some of the filters for user authentication rely on that, so that's why it has an alias. The other one has an explicit id so it doesn't clash with or override the first one.

[OhadR]

I think the "main" user authentication manager has a default id fixed by the framework, and some of the filters for user authentication rely on that, so that's why it has an alias. The other one has an explicit id so it doesn't clash with or override the first one.

thanks a lot, Dave!