Chaining Authentication Providers

[mraible]

From reading the documentation, it seems like it should be possible to chain authentication providers like the following:

Code:

    <bean id="authenticationManager" class="net.sf.acegisecurity.providers.ProviderManager">
        <property name="providers">
            <list>
                <ref local="daoAuthenticationProvider"/>
                <ref local="jaasAuthenticationProvider"/>
            </list>
        </property>
    </bean>

However, the only way to authenticate a user against the "jaasAuthenticationProvider" is to comment out the "daoAuthenticationProvider". Any ideas why?

Thanks,

Matt

[dhainlin]

Not sure if this is your issue but what I did is to extend the first provider in the list and rather than throw an exception if it failed to authenticate, it simply returns null which will cause the provider manager to keep trying. See topic http://forum.springframework.org/vie...099&highlight=

HTH

[Ben Alex]

Each AuthenticationProvider is designed to process a particular class of Authentication. To faciltiate the fact most AuthenticationProvider use UsernamePasswordAuthenticationToken, the "return null" option was added as mentioned earlier.

I've added to my TODO list a solution. I think modifying DaoAuthenticationProvider to return null if a property is set is the simplest solution. A more elegant solution would be to have the failover logic of each provider declaratively configured in ProviderManager. If anyone beats me to this, please feel free to submit a patch to this forum or the acegisecurity-developer list.