Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

SEC-1053: No way to give <authentication-provider>s bean ids #1304

spring-issuemaster opened this Issue Dec 9, 2008 · 5 comments


None yet
1 participant

Dan Diephouse(Migrated from SEC-1053) said:

In Mule we allow people to wire in different authentication providers into the mule security manager. It seems with the bean definition parser you cannot give it a name. Instead one is generated for you. So we have no way to control which authentication provider gets used, we can only look for one in the application context.

Luke Taylor said:

Can you give some more information on what you think is a bug here and what you’re trying to do? For example, what is the mule security manager – is it Spring Security based?

The element is quite limited in its scope. Users can easily add a conventional bean definition and link it into the Spring Security namespace with the tag.

Dan Diephouse said:

I wasn’t aware of that – I’ll look into it more. But, any reason I can’t do:


Seems like an unnecessary limitation.

Luke Taylor said:

The only (normal) use of an AuthenticationProvider with Spring Security is in configuring an instance of ProviderManager (the default AuthenticationManager).

When you are using the namespace, the ProviderManager instance is maintained internally, hence the only normal configuration issue arising is how you add custom AuthenticationProvider instances to it. You also can expose the internal ProviderManager using the element . So there would not normally be any reason for referring to a namespace-defined AuthenticationProvider by Id.

Dan Diephouse said:

OK, custom-authentication-provider isn’t really what I need. I stand by my assertion that should allow an ID. Take our configuration here for Acegi:


ross=ross,ROLE_ADMIN anon=anon,ROLE_ANONYMOUS


I was hoping I could shorten this to:



But I still need to have DaoAuthenticationProvider around even if I use it seems.

Luke Taylor said:

Ok, so it seems that you have your own namespace which configures a Spring Secuiryt AuthenticationManager? Is that the case (I tried to read the docs, but it seems you have to register to do so :-) ). If so, then my question would be why you don’t just use the namespace AuthenticationManager we provide directly (or integrate it into whatever code you have behind that namespace). That way the usage patterns are the same in both scenarios – using Spring Security with or without mule.

@spring-issuemaster spring-issuemaster added this to the 3.0.0 M1 milestone Feb 5, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment