Spring Security quick dive

To make authentication we need AuthenticationManager instance to call authenticate method on it passing Authentication object. There are couple classes that implement Authentication interface. AbstractAuthenticationToken - an abstract class AnonymousAuthenticationToken UsernamePasswordAuthenticationToken JaasAuthenticationToken RememberMeAuthenticationToken RunAsUserToken TestingAuthenticationToken PreAuthenticatedAuthenticationToken When we'd got authentication token we can validate it against registered AuthenticationProviders (eg. DaoAuthenticationProvider). What is interesting that when we'd got number of providers first one wins (only if returns null as a result authentication is fallbacked to the next provider).