Reputation: 59634
How to set-up and configure a ProviderManager using Spring Security namespace?
Spring documentation says that ProviderManager is the default implementation of the AuthenticationManager, but is an instance of ProviderManager automatically created and wired by the security namespace?
In other words, will such configuration automatically create an instance of ProviderManager:
<authentication-manager>
<authentication-provider>
<password-encoder hash="md5"/>
<jdbc-user-service data-source-ref="dataSource"/>
</authentication-provider>
</authentication-manager>
Else, what do I need to do (or declare)?
Assuming I would want to plug my own implementation of AuthenticationManager, how would I configure this using the namespace?
I also want to specify which AuthenticationProvider should be registered in the ProviderManager. I have found the following piece of configuration code:
<bean id="authenticationManager"
class="org.springframework.security.authentication.ProviderManager">
<property name="providers">
<list>
<ref local="daoAuthenticationProvider"/>
<ref local="anonymousAuthenticationProvider"/>
</list>
</property>
</bean>
But is it enough? What is the right way to declare the list of AuthenticationProvider? Documentation is not very clear and complete regarding this issue.
Upvotes: 7
Views: 15628
Answers (3)
Reputation: 21
These answers are outdated. Sprinboot3 and Spring security 6 doesnot support these configuration any more
Upvotes: 2
Reputation: 59634
In other words, will such configuration automatically create an instance of ProviderManager:
According to section B2 of the appendix, the answer is yes.
Assuming I would want to plug my own implementation of AuthenticationManager, how would I configure this using the namespace?
According to section B.3.1:
<global-method-security authentication-manager-ref="..." >
What is the right way to declare the list of AuthenticationProvider?
From a blog post, instead of using <authentication-manager> ... </authentication-manager>, one should use something like similar to this:
<bean id="authenticationManager" class="org.springframework.security.authentication.ProviderManager">
<property name="providers">
<list>
<ref bean="authenticationProvider" />
<ref bean="anonymousProvider" />
</list>
</property>
</bean>
<bean id="authenticationProvider" class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
<property name="passwordEncoder">
<bean class="org.springframework.security.authentication.encoding.Md5PasswordEncoder" />
</property>
<property name="userDetailsService" ref="userService" />
</bean>
<bean id="anonymousProvider" class="org.springframework.security.authentication.AnonymousAuthenticationProvider">
<property name="key" value="SomeUniqueKeyForThisApplication" />
</bean>
Upvotes: 4
Reputation: 1348
I use the following config with a custom auth providerl;
<authentication-manager>
<authentication-provider user-service-ref="myUserDetailsService">
<password-encoder hash="md5">
<salt-source user-property="username" />
</password-encoder>
</authentication-provider>
</authentication-manager>
<beans:bean id="myUserDetailsService" autowire="byType" class="my.user.UserDetailsServiceImpl">
<beans:property name="userManagementService" ref="userManagementService"></beans:property>
</beans:bean>
Upvotes: 0
Related Questions
- Spring security authentication-manager has no providers
- How to inject my custom ProviderManager into AuthenticationManagerBuilder
- How to get the AuthenticationManager when using the AuthenticationManagerBuilder to add custom provider?
- Spring boot security using custom provider
- Custom Authentication provider with Spring Security and Java Config
- Not being able to provide custom authentication provider for the spring security
- How do i get a reference to an AuthenticationManager using a Spring java security configuration?
- Spring security authentication provider java config
- Spring Security - Custom authentication provider not called
- Spring security http and authentication-provider not declared