diff --git a/config/src/main/java/org/springframework/security/config/annotation/authentication/builders/AuthenticationManagerBuilder.java b/config/src/main/java/org/springframework/security/config/annotation/authentication/builders/AuthenticationManagerBuilder.java index 3628720ac0..5ac8af4e86 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/authentication/builders/AuthenticationManagerBuilder.java +++ b/config/src/main/java/org/springframework/security/config/annotation/authentication/builders/AuthenticationManagerBuilder.java @@ -18,6 +18,8 @@ package org.springframework.security.config.annotation.authentication.builders; import java.util.ArrayList; import java.util.List; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; import org.springframework.security.authentication.AuthenticationEventPublisher; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.authentication.AuthenticationProvider; @@ -45,6 +47,7 @@ import org.springframework.util.Assert; * @since 3.2 */ public class AuthenticationManagerBuilder extends AbstractConfiguredSecurityBuilder implements ProviderManagerBuilder { + private final Log logger = LogFactory.getLog(getClass()); private AuthenticationManager parentAuthenticationManager; private List authenticationProviders = new ArrayList(); @@ -218,6 +221,10 @@ public class AuthenticationManagerBuilder extends AbstractConfiguredSecurityBuil @Override protected ProviderManager performBuild() throws Exception { + if(authenticationProviders.isEmpty() && parentAuthenticationManager == null) { + logger.debug("No authenticationProviders and no parentAuthenticationManager defined. Returning null."); + return null; + } ProviderManager providerManager = new ProviderManager(authenticationProviders, parentAuthenticationManager); if(eraseCredentials != null) { providerManager.setEraseCredentialsAfterAuthentication(eraseCredentials);