Announcement Announcement Module
Collapse
No announcement yet.
"authentication-manager" syntax Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • "authentication-manager" syntax

    hi

    I've looked at your example, and i did not understand why "authentication-manager" seems to appear twice: once
    Code:
    <authentication-manager id="clientAuthenticationManager" xmlns="http://www.springframework.org/schema/security">
    		<authentication-provider user-service-ref="clientDetailsUserService" />
    </authentication-manager>
    and then again

    Code:
    	
    <authentication-manager alias="authenticationManager" xmlns="http://www.springframework.org/schema/security">
    		<authentication-provider>
    			<user-service>
    				<user name="marissa" password="koala" authorities="ROLE_USER" />
    				<user name="paul" password="emu" authorities="ROLE_USER" />
    			</user-service>
    		</authentication-provider>
    </authentication-manager>
    I guess it is not because the resource server and the authentication server are united...
    I try to understand the meaning of each statement, and the sample code is "a bit" different than what the documentations describe...
    please advise

    thanks!

    Ohad

  • #2
    Both authentication managers play a role in the auth server, actually. On is a for users (protecting the authorization endpoint) and the other is for client apps (protecting the token endpoint).

    Comment


    • #3
      Thanks Dave. makes sense now :-)
      another question - (i posted it in the Spring Security main forum...) is there a reason why one of the auth-managers is declared with "id", and the other with "alias"?

      Comment


      • #4
        I think the "main" user authentication manager has a default id fixed by the framework, and some of the filters for user authentication rely on that, so that's why it has an alias. The other one has an explicit id so it doesn't clash with or override the first one.

        Comment


        • #5
          Originally posted by Dave Syer View Post
          I think the "main" user authentication manager has a default id fixed by the framework, and some of the filters for user authentication rely on that, so that's why it has an alias. The other one has an explicit id so it doesn't clash with or override the first one.
          thanks a lot, Dave!
          Last edited by OhadR; Aug 13th, 2012, 05:09 PM. Reason: No need in further question about this :-)

          Comment

          Working...
          X