I've configured spring security using the namespace. In particular, I have the following configs:
This results in a ProviderManager that has the AnonymousAuthenticationProvider and a parent ProviderManager which has MyAuthProvider. During a valid authentication attempt by a user, the AnonymousAuthenticationProvider is skipped and the parent ProviderManager is invoked (line 148 in ProviderManager). This one successfully authenticates the user and publishes an AuthenticationSuccessEvent. The problem is that when this parent ProviderManager returns, the first ProviderManager publishes the success event again (lines 157-165).