Spring Security - multiple authentication-providers

Question

My web app has multiple authentication managers (one for API one for WEB access). The api should have a basic auth service only - configured via the spring security markup as seen below:

    <?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
    http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">

    <security:authentication-manager alias="apiAuthenticationManager">
        <security:authentication-provider ref="apiAuthenticationProvider" />
    </security:authentication-manager>

    <security:authentication-provider >
        <security:user-service>
            <security:user name="apiadmin" password="password" authorities="ROLE_API_ADMIN" />
            <security:user name="apiuser" password="otherpassword" authorities="ROLE_API_USER" />
        </security:user-service>
    </security:authentication-provider>
...

i can not inline the authentication-provider since i want it to be overrideable by child-bean configs.

my problem is that i can not define an alias/id on the security:authentication-provider element to reference it in the authentication-manager. Is there an easy workaround for this?

Solution:

i finally figured out how to do it using the namespace-way without diving into plain bean config :)

<security:user-service id="apiUserDetailsService"> 
    <security:user name="apiadmin" password="password" authorities="ROLE_API_ADMIN" />
    <security:user name="apiuser" password="otherpassword" authorities="ROLE_API_USER" />
    </security:user-service>

<security:authentication-manager alias="apiAuthenticationManager">
    <security:authentication-provider user-service-ref="apiUserDetailsService"/>
</security:authentication-manager>

Answer 1

Please keep in mind that this Spring Security XML namespace is just a neat way of organizing your XML. You could achieve exactly the same solution with plain <bean> config. That way you will be able to use ID, as usual. This blog post might be helpful for you.