Home/ Questions/Q 635565
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-13T20:25:06+00:00

For an existing working app, I want to provide a secondary AuthenticationProvider, probably with

  • 0

For an existing working app, I want to provide a secondary AuthenticationProvider, probably with a DaoAuthenticationProvider. Let’s say it’s for authenticating a “back up” password, or a prior password that was changed due to strict password policies and the user forgot the new password. 😉

For proof of concept, what would the implementation look like for this secondaryAuthenticationProvider that will always authenticate the user regardless of the incoming credentials? (something that returns an authenticated Authentication object)

Which one of the MANY org.springframework.security.providers & subpackage classes and methods should I look at?

Example config:

<bean id="authenticationManager" class="org.springframework.security.providers.ProviderManager">
  <property name="providers">
    <list>
      <ref local="daoAuthenticationProvider"/>
      <ref local="secondaryAuthenticationProvider"/> <!-- new AuthProv -->
      <ref local="rememberMeAuthenticationProvider"/>
    </list>
  </property>
</bean>
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    If you have only one alternative password, you can declare a second DaoAuthenticationProvider backed by a special UserDetailsService, which will produce UserDetails with that alternative password.

    Otherwise, you can create a custom AuthenticationProvider. Credentials check in DaoAuthenticationProvider occurs in additionalAuthenticationChecks(), so if you want to change that logic you can create a subclass of DaoAuthenticationProvider and override this method with your implementation.

    For example, if you want to authenticate the user regardless of its credentials, you can override this method with an empty implementation.

    • 0