Spring Security 3.1 upgrade issue

[bdangubic]

With Spring Security 3.0.5 the following definition worked:

Code:

<sec:authentication-manager alias="authenticationManager">
   <sec:authentication-provider ref="anonymousAuthenticationProvider" />
   <sec:authentication-provider ref="appUserAuthenticationProvider" >
    	<sec:password-encoder hash="md5">
    		<sec:salt-source system-wide="XX11XX45XX84XX75"/>
    	</sec:password-encoder>
    </sec:authentication-provider>
</sec:authentication-manager>

While upgrading to Spring 3.1 this same definition is not working and I am not sure what is the proper way to handle this?

Code:

2012-09-06 10:08:54,533 ERROR [main] (context.ContextLoader:307) - Context initialization failed
org.springframework.beans.factory.parsing.BeanDefinitionParsingException: Configuration problem: authentication-provider element cannot have child elements when used with 'ref' attribute
Offending resource: ServletContext resource [/WEB-INF/applicationContext-security.xml]
	at org.springframework.beans.factory.parsing.FailFastProblemReporter.error(FailFastProblemReporter.java:68)
	at org.springframework.beans.factory.parsing.ReaderContext.error(ReaderContext.java:85)
	at org.springframework.beans.factory.parsing.ReaderContext.error(ReaderContext.java:72)
	at org.springframework.security.config.authentication.AuthenticationManagerBeanDefinitionParser.parse(AuthenticationManagerBeanDefinitionParser.java:73)
	at org.springframework.security.config.SecurityNamespaceHandler.parse(SecurityNamespaceHandler.java:90)

Thanks!

[Rob Winch]

Since you are creating a custom authentication provider, you will need to specify the password encoder on the bean definition. See https://jira.springsource.org/browse/SEC-1466 which was fixed in 3.1