SEC-1812: Authentication Managers can not be overridden #2046

Closed
spring-issuemaster opened this Issue Sep 5, 2011 · 1 comment

Comments

Projects
None yet
1 participant

kunal dabir (Migrated from SEC-1812) said:

application-security.xml
security:authentication-manager
security:authentication-provider
security:user-service
<security:user name="admin" password="admin" authorities="ROLE_USER, ROLE_ADMIN" />
<security:user name="user" password="user" authorities="ROLE_USER" />
/security:user-service
/security:authentication-provider
/security:authentication-manager

application-security-override.xml
security:authentication-manager
<security:authentication-provider ref="activeDirectoryAuthenticationProvider"/>
/security:authentication-manager

gives :
org.springframework.beans.factory.BeanDefinitionStoreException: Unexpected exception parsing XML document from class path resource [application-security.xml]; nested
exception is java.lang.IllegalStateException: AuthenticationManager has already been registered!

As one would expect with Plain Old Spring Beans (POSB ;-0), namespaced elements can not be overridden. I don't know if that's intentional, but poor user (like me) is taken by surprise to see it not working.

Luke Taylor said:

I've replace the assertion with a warning when the global AuthenticationManager is overwritten. Note that the changes in SEC-1847 may also be of interest.

spring-issuemaster added this to the 3.1.0 milestone Feb 5, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment