Skip to content

ServerHttpSecurity can't set multiple authentication managers #5660

New issue
New issue
Closed
#7048
Closed
ServerHttpSecurity can't set multiple authentication managers#5660
#7048
Assignees
rwinch
Labels
in: configAn issue in spring-security-configstatus: backportedAn issue that has been backported to maintenance branchestype: bugA general bug
Milestone
 
5.2.0.M4
@kyle-c9000

Description

@kyle-c9000
kyle-c9000
opened on Aug 13, 2018

Summary

The documentation seems to support allowing different authentication managers for different authentication specs (HttpBasicSpec and FormLoginSpec). However, those seem to always be overwritten when the .build() method is called:

HttpBasicSpec overwritten
FormLoginSpec overwritten

Actual Behavior

HttpBasicSpec and FormLoginSpec can not use different AuthenticationManagers

Expected Behavior

HttpBasicSpec and FormLoginSpec should be able to use different AuthenticationManagers

Configuration

    public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
        http
            // ...
            .httpBasic()
                    .authenticationManager(authenticationManager1)
            .and()
            .formLogin()
                    .authenticationManager(authenticationManager2);
        return http.build();
    }

Version

spring-security 5.0.6.RELEASE

The problematic code referenced in the summary appears to still exist in the master branch.

Sample

N/A

Metadata

Metadata

Assignees

Labels

in: configAn issue in spring-security-configstatus: backportedAn issue that has been backported to maintenance branchestype: bugA general bug

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions