12.4.6 AuthenticationManager and AccessDecisionManager

Each realm needs a reference to an AuthenticationManager and an AccessDecisionManager. These are concepts from Spring Security.

Both of these should be defined as beans in a Spring container of a module, and are refered to using the moduleId and beanId attributes.

The AuthenticationManager is responsible for validating the authentication information returned by the authentication method (e.g. username-password) and returning fully populated authentication information (e.g. with the granted authorities, mostly the roles, of the user added).

The AccessDecisionManager is responsible for taking authorization decisions.

Both can be extensively customized through the Spring bean configuration. We refer to the Spring Security documentation for more information.