Nikita D (Migrated from SEC-1569) said:
I've configured spring security using the namespace. In particular, I have the following configs:
This results in a ProviderManager that has the AnonymousAuthenticationProvider and a parent ProviderManager which has MyAuthProvider. During a valid authentication attempt by a user, the AnonymousAuthenticationProvider is skipped and the parent ProviderManager is invoked (line 148 in ProviderManager). This one successfully authenticates the user and publishes an AuthenticationSuccessEvent. The problem is that when this parent ProviderManager returns, the first ProviderManager publishes the success event again (lines 157-165).
Luke Taylor said:
Are you sure you aren't seeing both the event from the filter and the one from the ProviderManager. Could you provide some log output or other information to illustrate the problem please?
Nikita D said:
DEBUG log output.
Hi Luke, you are right, the eventPublisher of the parent ProviderManager is actually a NullEventPublisher. The second success event is coming from UsernamePasswordAuthenticationFilter which publishes an InteractiveAuthenticationSuccessEvent (as opposed to the AuthenticationSuccessEvent published by the ProviderManager). I've attached the DEBUG log for reference. I'm guessing the two events are intentional and I can just ignore one in my listener based on the even class? Thank you for the help, sorry for logging this too hastily.