关于多个authentication-manager的使用问题

首先是http的配置， authentication-manager-ref="authenticationManager"指定了默认的authentication-manager
<http auto-config="true" authentication-manager-ref="authenticationManager">
               ... ...
        <logout logout-url="/dynamic/j_spring_security_logout"
            logout-success-url="/login.html" invalidate-session="true" />

         <custom-filter before="REMEMBER_ME_FILTER" ref="tokenLoginFilter" />

</http>

下面是我的两个authentication-manager配置

    <authentication-manager id="authenticationManager">
        <authentication-provider user-service-ref="userDetailsServiceImpl">
            <!-- 用于密码的认证 -->
            <password-encoder ref="userPasswordEncoder" />
        </authentication-provider>
    </authentication-manager>
    
    <authentication-manager id="equalAuthenticationManager">
         <authentication-provider user-service-ref="userDetailsServiceImpl">
            <!--用于不需要密码的认证 -->
            <password-encoder ref="equalPasswordEncoder" />
        </authentication-provider>
    </authentication-manager>

好了，另一个equalAuthenticationManager在哪里被使用呢，就是tokenLoginFilter了。

下面是tokenLoginFilter的代码

package org.foggy.application.basic.impl.security;

import java.io.IOException;

import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.foggy.application.basic.impl.BasicRuntimeImpl;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.ApplicationEventPublisher;
import org.springframework.context.ApplicationEventPublisherAware;
import org.springframework.security.authentication.AuthenticationDetailsSource;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.authentication.event.InteractiveAuthenticationSuccessEvent;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
import org.springframework.stereotype.Component;
import org.springframework.web.filter.GenericFilterBean;

@Component
public class TokenLoginFilter extends GenericFilterBean implements
		ApplicationEventPublisherAware {

	@Autowired
	BasicRuntimeImpl runtime;

	@Autowired
	@Qualifier("equalAuthenticationManager")
	AuthenticationManager authenticationManager;

	@Autowired
	UserDetailsService userDetailsService;

	AuthenticationDetailsSource authenticationDetailsSource = new WebAuthenticationDetailsSource();

	private ApplicationEventPublisher eventPublisher;

	@Override
	public void doFilter(ServletRequest request, ServletResponse response,
			FilterChain chain) throws IOException, ServletException {

		if (SecurityContextHolder.getContext().getAuthentication() != null) {
			chain.doFilter(request, response);
			return;
		}
		String tokenId = request.getParameter("tokenId");
		if (tokenId == null) {
			/**
			 * 没有tokenId，交由下一个Filter处理
			 */
			chain.doFilter(request, response);
			return;
		}
		Authentication auth = null;
		try {
			UserDetails ud = userDetailsService.loadUserByUsername(tokenId);
			if (ud == null) {
				throw new UsernameNotFoundException("tokenId : [" + tokenId
						+ "] not found");
			}
			UsernamePasswordAuthenticationToken upToken = new UsernamePasswordAuthenticationToken(
					ud, ud.getPassword(), ud.getAuthorities());

			upToken.setDetails(authenticationDetailsSource
					.buildDetails(request));

			/**
			 * 调用 authenticationManager的认证方法
			 */
			auth = authenticationManager.authenticate(upToken);
			/**
			 * 成功，设置当前上下文的认证信息
			 */
			SecurityContextHolder.getContext().setAuthentication(auth);
			
			onSuccessfulAuthentication((HttpServletRequest) request,
					(HttpServletResponse) response, auth);

			/**
			 * 发出InteractiveAuthenticationSuccessEvent事件
			 */
			if (eventPublisher != null) {
				eventPublisher
						.publishEvent(new InteractiveAuthenticationSuccessEvent(
								SecurityContextHolder.getContext()
										.getAuthentication(), this.getClass()));
			}
		} catch (AuthenticationException authenticationException) {
			if (logger.isDebugEnabled()) {
				logger.debug(
						"SecurityContextHolder not populated with remember-me token, as "
								+ "AuthenticationManager rejected Authentication returned by RememberMeServices: '"
								+ auth + "'; invalidating remember-me token",
						authenticationException);
			}

			onUnsuccessfulAuthentication((HttpServletRequest) request,
					(HttpServletResponse) response, authenticationException);
		}
		chain.doFilter(request, response);
	}

	protected void onSuccessfulAuthentication(HttpServletRequest request,
			HttpServletResponse response, Authentication authResult) {
	}

	protected void onUnsuccessfulAuthentication(HttpServletRequest request,
			HttpServletResponse response, AuthenticationException failed) {
	}

	@Override
	public void setApplicationEventPublisher(
			ApplicationEventPublisher eventPublisher) {
		this.eventPublisher = eventPublisher;
	}
}