Multiple Authentication Providers in Spring Security

Question

I have configured two authentication providers in my Spring Security config:

   <security:authentication-manager>
      <security:authentication-provider ref="XProvider" />
      <security:authentication-provider ref="YProvider" />
   </security:authentication-manager>

Does spring security evaluate both providers? Or does it stop to evaluate if one of them fails? If not, How to make it stop?

Thanks.

score 73 · Accepted Answer · edited Oct 26 '16 at 14:16

73

You can specify as many providers as you want. They will be checked in the same order you declared them inside the authentication-manager tag.

Once a successful authentication is made, it will stop polling the providers. If any provider throws an AccountStatusException it will also break the polling.

edited Oct 26 '16 at 14:16

David Newcomb

10,639
3
49
62

answered Apr 02 '12 at 21:17

José Lecaros Cisterna

1,023
12
15

5

This is the correct answer. It should be mentioned, that this is not a core feature of Spring-Security but of the default AuthenticationManager implementation which supports a list of AuthenticationProvider instances. – Robin Jun 25 '12 at 11:37
How to tell it move to next provider if Exception is not type of AccountStatusException ? – meobeo173 Apr 10 '19 at 10:05

Multiple Authentication Providers in Spring Security

1 Answers1

Linked