Retrieve password of current user from spring-security [duplicate]

Question

I'm using spring-security with HTTP Basic Auth to secure a java webapp. In my webapp I need to get the current user's username and password to further authenticate them against another service. I can get hold of the username, but not the password.

I've tried using SecurityContextHolder.getContext().getAuthentication() to access this information as suggested here How can I get plaintext password from spring-security? but the password is returned as null.

How can I get hold of the password?

Thanks.

This is my applicationContext-security.xml

<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:sec="http://www.springframework.org/schema/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
       http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
       http://www.springframework.org/schema/security
       http://www.springframework.org/schema/security/spring-security-3.1.xsd">

<sec:http authentication-manager-ref='authenticationManager'>
    <sec:intercept-url pattern="/spring/**" access="ROLE_USER" />
    <sec:http-basic />
</sec:http>

<bean id="basicAuthenticationFilter"
    class="org.springframework.security.web.authentication.www.BasicAuthenticationFilter">
    <property name="authenticationManager" ref="authenticationManager" />
    <property name="authenticationEntryPoint" ref="authenticationEntryPoint" />
</bean>

<bean id="authenticationEntryPoint"
    class="org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint">
    <property name="realmName" value="Announcements Rest Realm" />
</bean>

<bean id="authenticationManager"
    class="org.springframework.security.authentication.ProviderManager">
    <property name="providers">
        <list>
            <ref local="authProvider" />
        </list>
    </property>
</bean>

<bean id="authProvider"
    class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
    <property name="userDetailsService" ref="userDetailsService" />
</bean>

<bean id="filterChainProxy" class="org.springframework.security.web.FilterChainProxy">
    <constructor-arg>
        <list>
            <sec:filter-chain pattern="/spring/**" filters="basicAuthenticationFilter" />
        </list>
    </constructor-arg>
</bean>

<sec:user-service id="userDetailsService">
    <sec:user name="admin" password="**" authorities="ROLE_USER, ROLE_ADMIN" />
    <sec:user name="user" password="**" authorities="ROLE_USER" />
</sec:user-service>

Answer 1

I've figured it out.

I've changed my authentication manager config to use the authentication-manager element and added the attribute there:

<sec:authentication-manager alias="authenticationManager" erase-credentials="false">
    <sec:authentication-provider ref="authProvider" />      
</sec:authentication-manager>

I can then use SecurityContextHolder.getContext().getAuthentication().getCredentials() in my controller class to get the password.

Thanks for your help though Piotrek De