This week's book giveaway is in the OO, Patterns, UML and Refactoring forum. We're giving away four copies of Refactoring for Software Design Smells: Managing Technical Debt and have Girish Suryanarayana, Ganesh Samarthyam & Tushar Sharma on-line! See this thread for details.
I'm using Spring Security 2.0.5.RELEASE and was wonder if it was possible to have two authentication providers set-up and then have a runtime flag determining which one to use.
Maybe you could have your custom authentication provider, backed by a LDAP authentication provider and a DB authentication provide, which uses a flag to dynamically switch between the two.
By the way, I would have thought that authentication providers do not change at runtime. i.e. I haven't seen applications where at runtime it would switch to a different authentication backend. They are usually configured during deployment time.
The Use Case is for a Web Console Administrator to choose between two authentication providers. So for example I'd like to be able to:
1.) Start with the DB authentication provider (supported by web pages that will allow them to change passwords etc)
2.) Swap to an Active Directory provider (which means that the change password etc functionality would be greyed out)
Your flag idea might just work, I probably can't get it to work purely dynamically (what would happen to users already logged in for example?), but it wouldn't be unreasonable to restart the web app after the config change.