Multiple providers with AuthenticationManager

[quetz]

Hi,

I'm a newbie to Spring Security but I've stuck one in trying to solve one problem.

I would like to use two Providers at the same time. In the reference I red I should use AuthenticationManager for this purpose. When I put the bean in my applicationContext, the Security System seems to not see any provider registered.

Moreover, I don't see any place to register my own AuthenticationManager. The only thing I can do is to receive alias of existent default AuthenticationManager by defining <authentication-manager alias=""/>.

I also havn't found any example on the web (including old Acegi), so I would be very very grateful for any help.

Best regards,
Jakub

[Luke Taylor]

These things are all covered in the namespace chapter in the reference manual:

http://static.springframework.org/sp...s-auth-manager

You cant register your own authenticaton manager with the namespace (nor should you need to).

[quetz]

Big thanx for the reply!

You cant register your own authenticaton manager with the namespace (nor should you need to).

Ok, so let's look on this page:http://static.springframework.org/sp...-services.html

There's a bean definition when we can set the order of providers to be tried:

Code:

<bean id="authenticationManager"
        class="org.springframework.security.providers.ProviderManager">
<property name="providers">
<list>
  <ref local="daoAuthenticationProvider"/>
  <ref local="anonymousAuthenticationProvider"/>
  <ref local="rememberMeAuthenticationProvider"/>
</list>
</property>
</bean>

Moreover in the Tutorial Sample that comes qith the distribution I find in applicationContext-acegi-security.xml:

Code:

<bean id="authenticationManager" class="org.springframework.security.providers.ProviderManager">
		<property name="providers">
			<list>
				<ref local="daoAuthenticationProvider"/>
				<bean class="org.springframework.security.providers.anonymous.AnonymousAuthenticationProvider">
					<property name="key" value="changeThis"/>
				</bean>
				<bean class="org.springframework.security.providers.rememberme.RememberMeAuthenticationProvider">
					<property name="key" value="changeThis"/>
				</bean>
			</list>
		</property>
	</bean>

and all the filters declared. So....I can declare my own also.

Maybe it's somehow configurable via <http > tag?


Best regards,
Jakub

[Luke Taylor]

The namespace configuration will register and use its own ProviderManager instance for authentication, regardless of whether you configure another one in the context or not. You can add your individual providers to it as described in the link I posted above.

[quetz]

Firstly, thanx for help and interest.

Unfortunately I don't find the solution in the link you passed me. Let's anaylize this:

First example:

Code:

<bean id="casAuthenticationProvider" 
      class="org.springframework.security.providers.cas.CasAuthenticationProvider">
    <security:custom-authentication-provider />
    ...
  </bean>

This relates to how to register additional provider in the existent Authentication manager.

Another one:

Code:

<security:authentication-manager alias="authenticationManager"/>
        
  <bean id="casProcessingFilter" class="org.springframework.security.ui.cas.CasProcessingFilter">
     <security:custom-filter position="CAS_PROCESSING_FILTER"/>
     <property name="authenticationManager" ref="authenticationManager"/>
     ...
  </bean>

describes hot to use existent authenticationManager created by namespace within a completely new filter.

What I would like is to use personalized authenticationManager within existent filter or , what would be better, to replace default namespace authenticationManager with my own.

One again, thanx for the reply and sorry for being so blunt. For sure it's written there but I just don't get it. I would be grateful for any explanation.

Best regards,
Jakub

[Luke Taylor]

Ok. In your first post you said "I would like to use two Providers at the same time," so I'm assuming that you want to know how to do that.

My answer is that you can do this by adding your providers into the default AuthenticationManager using the custom-authentication-provider element.

You can't replace the AuthenticationManager that's used in the namespace but there's nothing to stop you configuring one externally using traditional bean syntax and using it with your own beans. But you don't have to - using the default ProviderManager implementation should be adequate for at least 90% of use cases.

[quetz]

Once again: big thanx for the answering all my questions consequently :-)

I found the solution accidentaly by replacing "basicProcessingFilter" with my own bean of the same type with my authenticationManager wired.

You're right saying that in 90% the namespace configuration will be enough. What I don't see clear is that using custom-authentication-provider tag you have no idea about the order of trying providers.

For example, I would like to check credentials first against local db and than against openid. This is hypothetical situation, but let's say I would to do it this way. What would you propose?

Once again, thank you for all responses. I'm very new to spring security and I really appreciate what you do for me.

Best regards,
Jakub

[Luke Taylor]

The order they are added should be the document order - the order you have them listed in the XML file.

[quetz]

THANX! I'll try it!

[Paul Newport]

These things are all covered in the namespace chapter in the reference manual:

http://static.springframework.org/sp...s-auth-manager

You cant register your own authenticaton manager with the namespace (nor should you need to).

Exactly what I needed - after going through configuring CAS and ACEGI with application contexts from hell, Spring Security is a joy to use. Adding in OpenId authentication with one line of XML is brilliant - thanks for all the work.