Multiple Authentication Provider with Spring Security

Nowadays, websites need to provide multiple login options such as a custom login, LDAP login, by facebook connect or openID. For this purpose, Spring Security allows to set up multiple authentication providers.

The basic setup is easy, just add additional authentication providers:

With a custom authentication provider such as the facebook authentication provider, it is sometimes required to setup a custom filter. Reason for this is, that the standard user service checks for the request parameters j_username and j_password. With facebook connect, those parameters are not sent, so some other parameters must be checked, such as an URL or similar.

The facebookAuthenticationFilter is a custom class, best to be extending AbstractAuthenticationProcessingFilter with the defaultFilterProcessUrl set to something like /j_spring_facebook_security_check.

Then change the on-login javascript code of the facebook connect button to redirect to the above specified URL:

Once the users clicks on the facebook connect button, the typical facebook connect user interface pops up. Upon successful login, the page is redirected to the facebook login URL, from there automatically to the standard target page.