From 579644fa95e853b2784893cd4fece1d99c58e30c Mon Sep 17 00:00:00 2001
From: Luke Taylor <luke.taylor@springsource.com>
Date: Sat, 22 Aug 2009 12:37:14 +0000
Subject: [PATCH] SEC-1225: Use bean references for authentication providers.
 Updated AuthenticationManagerBDP to regsiter the providers as top level
 beans.

---
 ...thenticationManagerBeanDefinitionParser.java |  4 +++-
 ...icationManagerBeanDefinitionParserTests.java | 17 +++++++++++++++++
 2 files changed, 20 insertions(+), 1 deletion(-)

diff --git a/config/src/main/java/org/springframework/security/config/authentication/AuthenticationManagerBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/authentication/AuthenticationManagerBeanDefinitionParser.java
index a3be870c86..9806fecbcb 100644
--- a/config/src/main/java/org/springframework/security/config/authentication/AuthenticationManagerBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/authentication/AuthenticationManagerBeanDefinitionParser.java
@@ -60,7 +60,9 @@ public class AuthenticationManagerBeanDefinitionParser implements BeanDefinition
                 } else {
                     BeanDefinition provider = resolver.resolve(providerElt.getNamespaceURI()).parse(providerElt, pc);
                     Assert.notNull(provider, "Parser for " + providerElt.getNodeName() + " returned a null bean definition");
-                    providers.add(provider);
+                    String id = pc.getReaderContext().registerWithGeneratedName(provider);
+                    pc.registerBeanComponent(new BeanComponentDefinition(provider, id));
+                    providers.add(new RuntimeBeanReference(id));
                 }
             }
         }
diff --git a/config/src/test/java/org/springframework/security/config/authentication/AuthenticationManagerBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/authentication/AuthenticationManagerBeanDefinitionParserTests.java
index 793a592642..619295c297 100644
--- a/config/src/test/java/org/springframework/security/config/authentication/AuthenticationManagerBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/authentication/AuthenticationManagerBeanDefinitionParserTests.java
@@ -1,8 +1,11 @@
 package org.springframework.security.config.authentication;
 
+import static org.junit.Assert.*;
+
 import org.junit.Test;
 import org.springframework.beans.factory.xml.XmlBeanDefinitionStoreException;
 import org.springframework.context.support.AbstractXmlApplicationContext;
+import org.springframework.security.authentication.AuthenticationProvider;
 import org.springframework.security.authentication.concurrent.ConcurrentSessionControllerImpl;
 import org.springframework.security.authentication.concurrent.SessionRegistryImpl;
 import org.springframework.security.config.BeanIds;
@@ -23,6 +26,20 @@ public class AuthenticationManagerBeanDefinitionParserTests {
         "  </b:property>" +
         "</b:bean>";
 
+    @Test
+    // SEC-1225
+    public void providersAreRegisteredAsTopLevelBeans() throws Exception {
+        setContext(
+          "<authentication-manager>" +
+          "    <authentication-provider>" +
+          "        <user-service>" +
+          "            <user name='bob' password='bobspassword' authorities='ROLE_A,ROLE_B' />" +
+          "        </user-service>" +
+          "    </authentication-provider>" +
+          "</authentication-manager>" + SESSION_CONTROLLER, "3.0");
+        assertEquals(1, appContext.getBeansOfType(AuthenticationProvider.class).size());
+    }
+
     @Test(expected=XmlBeanDefinitionStoreException.class)
     public void sessionControllerRefAttributeIsRejectedFor30Context() throws Exception {
         setContext(