Spring Security 3.1.0.RC1: With multiple elements why can I only register one authentication manager?

Question

I have the following configuration with multiple <http.../> elements (in order to separately support REST authetication via basic auth, and user form login):

<security:http auto-config="false" pattern="/service/**" create-session="never" 
               entry-point-ref="basicAuthenticationEntryPoint" >
    <security:intercept-url pattern="/service/**" requires-channel="any" access="ROLE_REST_SERVICE" />
    <security:custom-filter position="BASIC_AUTH_FILTER" ref="basicAuthenticationFilter" />
</security:http>

<security:http auto-config="false" pattern="/**"
               entry-point-ref="loginUrlAuthenticationEntryPoint" >
    <security:logout logout-url="/logout" />
    <security:anonymous enabled="false"/>
    <security:custom-filter position="FORM_LOGIN_FILTER" ref="usernamePasswordAuthenticationFilter" />
    <security:custom-filter position="ANONYMOUS_FILTER" ref="anonymousAuthFilter" />
</security:http>

In each of my two filters requiring authentication (FORM_LOGIN_FILTER, and BASIC_AUTH_FILTER) I reference two different authentication managers.

But I get an error that I've already registered an authentication manager.

Why would I use one authentication manager when I know before hand which Authentication provider is going to be needed for each filter?

Should I not use the authentication manager and just start my AuthenticationProvider as a bean and pass it into the filter directly as the AuthenticationManager?

Answer 1

In spring security 3.1 you can have multiple http elements, each with their own authentication manager.

The only thing you need to do is add the following attribute authentication-manager-ref="your ref" to the http element.