Filters and multiple authentication providers

[Taariq]

Having implemented the suggestion in this thread, I need to understand why one provider's success results in total success when I want both providers to be checked and if both are successful then only is the user authenticated.

I think it has to do with the redirect on success, so I configured a SavedRequestAwareAuthenticationSuccessHandler to always redirect back to /j_spring_security_check but this behaves as expected and redirects to /j_spring_security_check and does not allow the second provider to process the request.

How do I get both filters/providers to work together?

[Taariq]

Fixed with a quick hack extending the ldap provider and calling super manually when the fingerprints are valid.

If there's a more elegant solution I'd like to know about it, but it's no big deal anymore.

[Rob Winch]

ProviderManager, the default AuthenticationManager implementation, performs an OR on each AuthenticationProvider. If you want to override this behavior you could write your own implementation that performs an AND on the AuthenticationProvider's. Of course you will want to ensure that you wire the custom AuthenticationManager in your config as well.

[Taariq]

When someone suggested that I thought it was a more suspicious looking hack than the one I put in there.
I guess at the time it looked like 50 lines of code to moreorless copy/paste from doAuthentication.
Thanks for the tip no less, so I could reconsider it, may have to sort it in a future build.