Remove Duplicate Docs

docs/manual/src/docs/asciidoc/_includes/servlet/appendix/namespace.adoc

@@ -27,7 +27,7 @@ The positions of the standard filters are fixed (see
 You can, of course, still do this if you need full control of the configuration.
 
 
-All filters which require a reference to the `AuthenticationManager` will be automatically injected with the internal instance created by the namespace configuration (see the <<ns-auth-manager,introductory chapter>> for more on the `AuthenticationManager`).
+All filters which require a reference to the <<servlet-authentication-authenticationmanager,`AuthenticationManager`>> will be automatically injected with the internal instance created by the namespace configuration.
 
 Each `<http>` namespace block always creates an `SecurityContextPersistenceFilter`, an `ExceptionTranslationFilter` and a `FilterSecurityInterceptor`.
 These are fixed and cannot be replaced with alternatives.
@@ -2033,7 +2033,6 @@ All elements which create `AuthenticationProvider` instances should be children
 [[nsa-authentication-manager-alias]]
 * **alias**
 This attribute allows you to define an alias name for the internal instance for use in your own configuration.
-Its use is described in the <<ns-auth-manager,namespace introduction>>.
 
 
 [[nsa-authentication-manager-erase-credentials]]
@@ -2062,7 +2061,7 @@ It is the same as the alias element, but provides a more consistent experience w
 Unless used with a `ref` attribute, this element is shorthand for configuring a <<core-services-dao-provider,DaoAuthenticationProvider>>.
 `DaoAuthenticationProvider` loads user information from a `UserDetailsService` and compares the username/password combination with the values supplied at login.
 The `UserDetailsService` instance can be defined either by using an available namespace element (`jdbc-user-service` or by using the `user-service-ref` attribute to point to a bean defined elsewhere in the application context).
-You can find examples of these variations in the <<ns-auth-providers,namespace introduction>>.
+
 
 
 [[nsa-authentication-provider-parents]]

docs/manual/src/docs/asciidoc/_includes/servlet/authentication/architecture/authentication-provider.adoc

@@ -0,0 +1,6 @@
+[[servlet-authentication-authenticationprovider]]
+= AuthenticationProvider
+
+Multiple {security-api-url}org/springframework/security/authentication/AuthenticationProvider.html[``AuthenticationProvider``s] can be injected into <<servlet-authentication-providermanager,`ProviderManager`>>.
+Each `AuthenticationProvider` performs a specific type of authentication.
+For example, `DaoAuthenticationProvider` supports username/password based authentication while `JwtAuthenticationProvider` supports authenticating a JWT token.

docs/manual/src/docs/asciidoc/_includes/servlet/authentication/architecture/index.adoc

@@ -6,14 +6,17 @@ include::authentication.adoc[leveloffset=+1]
 
 include::granted-authority.adoc[leveloffset=+1]
 
-include::authentication-entry-point.adoc[leveloffset=+1]
-
-include::abstract-authentication-processing-filter.adoc[leveloffset=+1]
-
 include::authentication-manager.adoc[leveloffset=+1]
 
 include::provider-manager.adoc[leveloffset=+1]
 
-// authenticationprovider
+include::authentication-provider.adoc[leveloffset=+1]
+
+include::authentication-entry-point.adoc[leveloffset=+1]
+
+// FIXME: authenticationsuccesshandler
+// FIXME: authenticationfailurehandler
+
+include::abstract-authentication-processing-filter.adoc[leveloffset=+1]
 
 // daoauthenticationprovider (goes in username/password)

docs/manual/src/docs/asciidoc/_includes/servlet/authentication/architecture/provider-manager.adoc

@@ -3,7 +3,7 @@
 :figures: images/servlet/authentication/architecture
 
 {security-api-url}org/springframework/security/authentication/ProviderManager.html[`ProviderManager`] is the most commonly used implementation of <<servlet-authentication-authenticationmanager,`AuthenticationManager`>>.
-`ProviderManager` delegates to a `List` of ``AuthenticationProvider``s.
+`ProviderManager` delegates to a `List` of <<servlet-authentication-authenticationprovider,``AuthenticationProvider``s>>.
 // FIXME: link to AuthenticationProvider
 Each `AuthenticationProvider` has an opportunity to indicate that authentication should be successful, fail, or indicate it cannot make a decision and allow a downstream `AuthenticationProvider` to decide.
 If none of the configured ``AuthenticationProvider``s can authenticate, then authentication will fail with a `ProviderNotFoundException` which is a special `AuthenticationException` that indicates the `ProviderManager` was not configured support the type of `Authentication` that was passed into it.

docs/manual/src/docs/asciidoc/_includes/servlet/authentication/authentication-entry-point.adoc

@@ -1,7 +0,0 @@
-[[ns-entry-point-ref]]
-== Setting a Custom AuthenticationEntryPoint
-If you aren't using form login, OpenID or basic authentication through the namespace, you may want to define an authentication filter and entry point using a traditional bean syntax and link them into the namespace, as we've just seen.
-The corresponding `AuthenticationEntryPoint` can be set using the `entry-point-ref` attribute on the `<http>` element.
-
-The CAS sample application is a good example of the use of custom beans with the namespace, including this syntax.
-If you aren't familiar with authentication entry points, they are discussed in the <<tech-intro-auth-entry-point,technical overview>> chapter.

docs/manual/src/docs/asciidoc/_includes/servlet/authentication/authentication-manager.adoc

@@ -1,38 +0,0 @@
-[[ns-auth-manager]]
-== The Authentication Manager and the Namespace
-The main interface which provides authentication services in Spring Security is the `AuthenticationManager`.
-This is usually an instance of Spring Security's `ProviderManager` class, which you may already be familiar with if you've used the framework before.
-If not, it will be covered later, in the <<tech-intro-authentication,technical overview chapter>>.
-The bean instance is registered using the `authentication-manager` namespace element.
-You can't use a custom `AuthenticationManager` if you are using either HTTP or method security through the namespace, but this should not be a problem as you have full control over the `AuthenticationProvider` s that are used.
-
-You may want to register additional `AuthenticationProvider` beans with the `ProviderManager` and you can do this using the `<authentication-provider>` element with the `ref` attribute, where the value of the attribute is the name of the provider bean you want to add.
-For example:
-
-[source,xml]
-----
-<authentication-manager>
-<authentication-provider ref="casAuthenticationProvider"/>
-</authentication-manager>
-
-<bean id="casAuthenticationProvider"
-	class="org.springframework.security.cas.authentication.CasAuthenticationProvider">
-...
-</bean>
-----
-
-Another common requirement is that another bean in the context may require a reference to the `AuthenticationManager`.
-You can easily register an alias for the `AuthenticationManager` and use this name elsewhere in your application context.
-
-[source,xml]
-----
-<security:authentication-manager alias="authenticationManager">
-...
-</security:authentication-manager>
-
-<bean id="customizedFormLoginFilter"
-	class="com.somecompany.security.web.CustomFormLoginFilter">
-<property name="authenticationManager" ref="authenticationManager"/>
-...
-</bean>
-----

docs/manual/src/docs/asciidoc/_includes/servlet/authentication/authentication-provider.adoc

@@ -1,73 +0,0 @@
-[[jc-authentication-authenticationprovider]]
-== AuthenticationProvider
-
-=== AuthenticationProvider Java Configuration
-You can define custom authentication by exposing a custom `AuthenticationProvider` as a bean.
-For example, the following will customize authentication assuming that `SpringAuthenticationProvider` implements `AuthenticationProvider`:
-
-NOTE: This is only used if the `AuthenticationManagerBuilder` has not been populated
-
-[source,java]
-----
-@Bean
-public SpringAuthenticationProvider springAuthenticationProvider() {
-	return new SpringAuthenticationProvider();
-}
-----
-
-[[ns-auth-providers]]
-=== AuthenticationProvider XML Configuration
-In practice you will need a more scalable source of user information than a few names added to the application context file.
-Most likely you will want to store your user information in something like a database or an LDAP server.
-LDAP namespace configuration is dealt with in the <<servlet-authentication-ldap,LDAP chapter>>, so we won't cover it here.
-If you have a custom implementation of Spring Security's `UserDetailsService`, called "myUserDetailsService" in your application context, then you can authenticate against this using
-
-[source,xml]
-----
-
-<authentication-manager>
-	<authentication-provider user-service-ref='myUserDetailsService'/>
-</authentication-manager>
-
-----
-
-If you want to use a database, then you can use
-
-[source,xml]
-----
-<authentication-manager>
-<authentication-provider>
-	<jdbc-user-service data-source-ref="securityDataSource"/>
-</authentication-provider>
-</authentication-manager>
-----
-
-Where "securityDataSource" is the name of a `DataSource` bean in the application context, pointing at a database containing the standard Spring Security <<user-schema,user data tables>>.
-Alternatively, you could configure a Spring Security `JdbcDaoImpl` bean and point at that using the `user-service-ref` attribute:
-
-[source,xml]
-----
-<authentication-manager>
-<authentication-provider user-service-ref='myUserDetailsService'/>
-</authentication-manager>
-
-<beans:bean id="myUserDetailsService"
-	class="org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl">
-<beans:property name="dataSource" ref="dataSource"/>
-</beans:bean>
-----
-
-You can also use standard `AuthenticationProvider` beans as follows
-
-[source,xml]
-----
-
-<authentication-manager>
-	<authentication-provider ref='myAuthenticationProvider'/>
-</authentication-manager>
-
-----
-
-where `myAuthenticationProvider` is the name of a bean in your application context which implements `AuthenticationProvider`.
-You can use multiple `authentication-provider` elements, in which case the providers will be queried in the order they are declared.
-See <<ns-auth-manager>> for more information on how the Spring Security `AuthenticationManager` is configured using the namespace.

docs/manual/src/docs/asciidoc/_includes/servlet/authentication/cas.adoc

@@ -139,7 +139,7 @@ The following beans should be configured to commence the CAS authentication proc
 ----
 
 For CAS to operate, the `ExceptionTranslationFilter` must have its `authenticationEntryPoint` property set to the `CasAuthenticationEntryPoint` bean.
-This can easily be done using <<ns-entry-point-ref,entry-point-ref>> as is done in the example above.
+This can easily be done using <<nsa-http-entry-point-ref,entry-point-ref>> as is done in the example above.
 The `CasAuthenticationEntryPoint` must refer to the `ServiceProperties` bean (discussed above), which provides the URL to the enterprise's CAS login server.
 This is where the user's browser will be redirected.
 

docs/manual/src/docs/asciidoc/_includes/servlet/authentication/index.adoc

@@ -15,11 +15,12 @@ If you need concrete flows that explain how these pieces fit together, look in s
 * <<servlet-authentication-securitycontext>> - is obtained from the `SecurityContextHolder` and contains the `Authentication` of the currently authenticated user.
 * <<servlet-authentication-authentication>> - Can be the input to `AuthenticationManager` to provide the credentials a user has provided to authenticate or the current user from the `SecurityContext`.
 * <<servlet-authentication-granted-authority>> - An authority that is granted to the principal on the `Authentication` (i.e. roles, scopes, etc.)
+* <<servlet-authentication-authenticationmanager>> -  the API that defines how Spring Security's Filters perform  <<authentication,authentication>>.
+* <<servlet-authentication-providermanager>> -  the most common implementation of `AuthenticationManager`.
+* <<servlet-authentication-authenticationprovider>> - used by `ProviderManager` to perform a specific type of authentication.
 * <<servlet-authentication-authenticationentrypoint>> - used for requesting credentials from a client (i.e. redirecting to a log in page, sending a `WWW-Authenticate` response, etc.)
 * <<servlet-authentication-abstractprocessingfilter>> - a base `Filter` used for authentication.
 This also gives a good idea of the high level flow of authentication and how pieces work together.
-* <<servlet-authentication-authenticationmanager>> -  the API that defines how Spring Security's Filters perform  <<authentication,authentication>>.
-* <<servlet-authentication-providermanager>> -  the most common implementation of `AuthenticationManager`.
 
 [[servlet-authentication-mechanisms]]
 *Authentication Mechanisms*
@@ -34,10 +35,6 @@ include::architecture/index.adoc[]
 
 include::unpwd/index.adoc[leveloffset=+1]
 
-include::authentication-provider.adoc[]
-
-include::authentication-manager.adoc[]
-
 include::session-management.adoc[]
 
 include::rememberme.adoc[]
@@ -58,4 +55,3 @@ include::runas.adoc[]
 
 include::logout.adoc[]
 
-include::authentication-entry-point.adoc[]

docs/manual/src/docs/asciidoc/_includes/servlet/authentication/openid.adoc

@@ -19,7 +19,6 @@ You should then register yourself with an OpenID provider (such as myopenid.com)
 
 You should be able to login using the `myopenid.com` site to authenticate.
 It is also possible to select a specific `UserDetailsService` bean for use OpenID by setting the `user-service-ref` attribute on the `openid-login` element.
-See the previous section on <<ns-auth-providers,authentication providers>> for more information.
 Note that we have omitted the password attribute from the above user configuration, since this set of user data is only being used to load the authorities for the user.
 A random password will be generated internally, preventing you from accidentally using this user data as an authentication source elsewhere in your configuration.