public class ProviderManager extends Object implements AuthenticationManager, MessageSourceAware, InitializingBean
Authentication request through a list of
 AuthenticationProviders.
 
 AuthenticationProviders are usually tried in order until one provides a
 non-null response. A non-null response indicates the provider had authority to decide
 on the authentication request and no further providers are tried. If a subsequent
 provider successfully authenticates the request, the earlier authentication exception
 is disregarded and the successful authentication will be used. If no subsequent
 provider provides a non-null response, or a new AuthenticationException,
 the last AuthenticationException received will be used. If no provider
 returns a non-null response, or indicates it can even process an
 Authentication, the ProviderManager will throw a
 ProviderNotFoundException. A parent AuthenticationManager can also
 be set, and this will also be tried if none of the configured providers can perform the
 authentication. This is intended to support namespace configuration options though and
 is not a feature that should normally be required.
 
 The exception to this process is when a provider throws an
 AccountStatusException, in which case no further providers in the list will be
 queried.
 Post-authentication, the credentials will be cleared from the returned
 Authentication object, if it implements the CredentialsContainer
 interface. This behaviour can be controlled by modifying the
 eraseCredentialsAfterAuthentication property.
 
 Authentication event publishing is delegated to the configured
 AuthenticationEventPublisher which defaults to a null implementation which
 doesn't publish events, so if you are configuring the bean yourself you must inject a
 publisher bean if you want to receive events. The standard implementation is
 DefaultAuthenticationEventPublisher which maps common exceptions to events (in
 the case of authentication failure) and publishes an
 AuthenticationSuccessEvent if authentication succeeds. If you are using the namespace
 then an instance of this bean will be used automatically by the <http>
 configuration, so you will receive events from the web part of your application
 automatically.
 
 Note that the implementation also publishes authentication failure events when it
 obtains an authentication result (or an exception) from the "parent"
 AuthenticationManager if one has been set. So in this situation, the parent
 should not generally be configured to publish events or there will be duplicates.
DefaultAuthenticationEventPublisher| Modifier and Type | Field and Description | 
|---|---|
| protected MessageSourceAccessor | messages | 
| Constructor and Description | 
|---|
| ProviderManager(List<AuthenticationProvider> providers) | 
| ProviderManager(List<AuthenticationProvider> providers,
               AuthenticationManager parent) | 
| Modifier and Type | Method and Description | 
|---|---|
| void | afterPropertiesSet() | 
| Authentication | authenticate(Authentication authentication)Attempts to authenticate the passed  Authenticationobject. | 
| List<AuthenticationProvider> | getProviders() | 
| boolean | isEraseCredentialsAfterAuthentication() | 
| void | setAuthenticationEventPublisher(AuthenticationEventPublisher eventPublisher) | 
| void | setEraseCredentialsAfterAuthentication(boolean eraseSecretData)If set to, a resulting  Authenticationwhich implements theCredentialsContainerinterface will have itseraseCredentialsmethod called
 before it is returned from theauthenticate()method. | 
| void | setMessageSource(MessageSource messageSource) | 
protected MessageSourceAccessor messages
public ProviderManager(List<AuthenticationProvider> providers)
public ProviderManager(List<AuthenticationProvider> providers, AuthenticationManager parent)
public void afterPropertiesSet()
                        throws Exception
afterPropertiesSet in interface InitializingBeanExceptionpublic Authentication authenticate(Authentication authentication) throws AuthenticationException
Authentication object.
 
 The list of AuthenticationProviders will be successively tried until an
 AuthenticationProvider indicates it is capable of authenticating the
 type of Authentication object passed. Authentication will then be
 attempted with that AuthenticationProvider.
 
 If more than one AuthenticationProvider supports the passed
 Authentication object, the first one able to successfully
 authenticate the Authentication object determines the
 result, overriding any possible AuthenticationException
 thrown by earlier supporting AuthenticationProviders.
 On successful authentication, no subsequent AuthenticationProviders
 will be tried.
 If authentication was not successful by any supporting
 AuthenticationProvider the last thrown
 AuthenticationException will be rethrown.
authenticate in interface AuthenticationManagerauthentication - the authentication request object.AuthenticationException - if authentication fails.public List<AuthenticationProvider> getProviders()
public void setMessageSource(MessageSource messageSource)
setMessageSource in interface MessageSourceAwarepublic void setAuthenticationEventPublisher(AuthenticationEventPublisher eventPublisher)
public void setEraseCredentialsAfterAuthentication(boolean eraseSecretData)
Authentication which implements the
 CredentialsContainer interface will have its
 eraseCredentials method called
 before it is returned from the authenticate() method.eraseSecretData - set to false to retain the credentials data in
 memory. Defaults to true.public boolean isEraseCredentialsAfterAuthentication()