Authentication Services

If you are using the namespace, an AuthenticationManager is automatically registered and will be used by all the namespace-created beans which need to reference it. The bean is an instance of Spring Security's ProviderManager class, which needs to be configured with a list of one or more AuthenticationProvider instances. These can either be created using syntax elements provided by the namespace, or they can be standard bean definitions, marked for addition to the list using the custom-authentication-provider element.

The <authentication-provider> Element

This element is basically a shorthand syntax for configuring a DaoAuthenticationProvider. DaoAuthenticationProvider loads user information from a UserDetailsService and compares the username/password combination with the values supplied at login. The UserDetailsService instance can be defined either by using an available namespace element (jdbc-user-service or by using the user-service-ref attribute to point to a bean defined elsewhere in the application context). You can find examples of these variations in the namespace introduction.

Using <custom-authentication-provider> to register an AuthenticationProvider

If you have written your own AuthenticationProvider implementation (or want to configure one of Spring Security's own implementations as a traditional bean for some reason, then you can use the following syntax to add it to the internal ProviderManager's list:

  <bean id="myAuthenticationProvider" class="com.something.MyAuthenticationProvider">
    <security:custom-authentication-provider />
  </bean>
  

The <authentication-manager> Element

Since the AuthenticationManager will be automatically registered in the application context, this element is entirely optional. It allows you to define an alias name for the internal instance for use in your own configuration and also to supply a link to a ConcurrentSessionController if you are configuring concurrent session control yourself rather than through the namespace (a rare requirement). Its use is described in the namespace introduction.