If you are using the namespace, an AuthenticationManager is
automatically registered and will be used by all the namespace-created beans which need to reference it.
The bean is an instance of Spring Security's ProviderManager class, which needs to be
configured with a list of one or more AuthenticationProvider instances.
These can either be created using syntax elements provided by the namespace, or they can be
standard bean definitions, marked for addition to the list using the
custom-authentication-provider element.
This element is basically a shorthand syntax for configuring a DaoAuthenticationProvider.
DaoAuthenticationProvider loads user information from a UserDetailsService and
compares the username/password combination with the values supplied at login. The UserDetailsService instance
can be defined either by using an available namespace element (jdbc-user-service or by using the user-service-ref
attribute to point to a bean defined elsewhere in the application context). You can find examples of these variations in the
namespace introduction.
If you have written your own AuthenticationProvider implementation (or want
to configure one of Spring Security's own implementations as a traditional bean for some reason, then
you can use the following syntax to add it to the internal ProviderManager's list:
<bean id="myAuthenticationProvider" class="com.something.MyAuthenticationProvider">
<security:custom-authentication-provider />
</bean>
Since the AuthenticationManager will be automatically registered in the application
context, this element is entirely optional. It allows you to define an alias name for the internal instance for use
in your own configuration and also to supply a link to a ConcurrentSessionController
if you are configuring concurrent session control yourself rather than through the namespace (a rare requirement).
Its use is described in the namespace introduction.