Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

SEC-1812: Authentication Managers can not be overridden #2046

spring-issuemaster opened this Issue Sep 5, 2011 · 1 comment


None yet
1 participant

kunal dabir (Migrated from SEC-1812) said:

<security:user name="admin" password="admin" authorities="ROLE_USER, ROLE_ADMIN" />
<security:user name="user" password="user" authorities="ROLE_USER" />

<security:authentication-provider ref="activeDirectoryAuthenticationProvider"/>

gives :
org.springframework.beans.factory.BeanDefinitionStoreException: Unexpected exception parsing XML document from class path resource [application-security.xml]; nested
exception is java.lang.IllegalStateException: AuthenticationManager has already been registered!

As one would expect with Plain Old Spring Beans (POSB ;-0), namespaced elements can not be overridden. I don't know if that's intentional, but poor user (like me) is taken by surprise to see it not working.

Luke Taylor said:

I've replace the assertion with a warning when the global AuthenticationManager is overwritten. Note that the changes in SEC-1847 may also be of interest.

@spring-issuemaster spring-issuemaster added this to the 3.1.0 milestone Feb 5, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment