Spring Security 3.0.5 Custom Filter

when I try to configure a new custom authentication filter using spring security 3.0.5, it calls the custom filter constructor (XMLAuthenticationFilter) at server startup and complains that the specified authenticationManager is not specified, see exception below. The goal is to use form-based and custom authentication ... how does XMLAuthenticationFilter.java connect to the AuthenticationManager, and should the constructor be called when the server starts?

security-context.xml

<?xml version="1.0" encoding="UTF-8"?> <beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:util="http://www.springframework.org/schema/util" xmlns:context="http://www.springframework.org/schema/context" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd"> <context:annotation-config /> <context:component-scan base-package="dc" /> <global-method-security /> <http access-denied-page="/auth/denied.html"> <intercept-url filters="none" pattern="/javax.faces.resource/**" /> <intercept-url filters="none" pattern="/services/rest-api/1.0/**" /> <intercept-url filters="none" pattern="/preregistered/*"/> <intercept-url pattern="/**/*.xhtml" access="ROLE_NONE_GETS_ACCESS" /> <intercept-url pattern="/auth/**" access="ROLE_ANONYMOUS,ROLE_USER" /> <intercept-url pattern="/auth/*" access="ROLE_ANONYMOUS" /> <intercept-url pattern="/registered/*" access="ROLE_USER" /> <intercept-url pattern="/*" access="ROLE_ANONYMOUS" /> <form-login login-processing-url="/j_spring_security_check.html" login-page="/auth/login.html" default-target-url="/registered/home.html" authentication-failure-url="/auth/login.html" /> <logout invalidate-session="true" logout-success-url="/" logout-url="/auth/logout.html"/> <anonymous username="guest" granted-authority="ROLE_ANONYMOUS"/> <remember-me user-service-ref="userManager" key="ddddd"/> <custom-filter after="FORM_LOGIN_FILTER" ref="xmlAuthenticationFilter"/> </http> <!-- Configure the authentication provider --> <authentication-manager alias="am"> <authentication-provider user-service-ref="userManager"> <password-encoder ref="passwordEncoder" /> </authentication-provider> <authentication-provider ref="xmlAuthenticationProvider" /> </authentication-manager> <bean id="xmlAuthenticationFilter" class="com.dc.api.service.impl.XMLAuthenticationFilter"/> <bean id="xmlAuthenticationProvider" class="com.dc.api.service.impl.XMLAuthenticationProvider"/> </beans:beans> 

custom AuthenticationProvider:

  import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider; import org.springframework.security.core.AuthenticationException; import org.springframework.security.core.userdetails.UserDetails; public class XMLAuthenticationProvider extends AbstractUserDetailsAuthenticationProvider{ @Override protected void additionalAuthenticationChecks(UserDetails arg0, UsernamePasswordAuthenticationToken arg1) throws AuthenticationException { // TODO Auto-generated method stub } @Override protected UserDetails retrieveUser(String arg0, UsernamePasswordAuthenticationToken arg1) throws AuthenticationException { // TODO Auto-generated method stub return null; } } 

custom filter (AbstractAuthenticationProcessingFilter):

 import java.io.IOException; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.springframework.security.core.Authentication; import org.springframework.security.core.AuthenticationException; import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter; public class XMLAuthenticationFilter extends AbstractAuthenticationProcessingFilter{ public XMLAuthenticationFilter() { super("/xml_security_check"); } @Override public Authentication attemptAuthentication(HttpServletRequest arg0, HttpServletResponse arg1) throws AuthenticationException, IOException, ServletException { // TODO Auto-generated method stub return null; } } 

Exception

 SEVERE: Exception sending context initialized event to listener instance of class org.jboss.resteasy.plugins.spring.SpringContextLoaderListener org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'xmlAuthenticationFilter' defined in ServletContext resource [/WEB-INF/dc-context-api.xml]: Invocation of init method failed; nested exception is java.lang.IllegalArgumentException: authenticationManager must be specified at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1420) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:519) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456) at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:291) at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222) at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:288) at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:190) at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:580) at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:895) at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:425) at org.springframework.web.context.ContextLoader.createWebApplicationContext(ContextLoader.java:276) at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:197) at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:47) at org.jboss.resteasy.plugins.spring.SpringContextLoaderListener.contextInitialized(SpringContextLoaderListener.java:44) at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4521) at org.apache.catalina.core.StandardContext$1.call(StandardContext.java:5004) at org.apache.catalina.core.StandardContext$1.call(StandardContext.java:4999) at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:303) at java.util.concurrent.FutureTask.run(FutureTask.java:138) at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) at java.lang.Thread.run(Thread.java:680) Caused by: java.lang.IllegalArgumentException: authenticationManager must be specified