In many scenarios where your application requirements fall outside the bounds of standard Spring Security functionality, you'll need to implement your own
AuthenticationProvider. Recollect from Chapter 2 that the role of the
AuthenticationProvider, in the overall authentication process, is to accept presented credentials (known as an
Authentication object or authentication token) from a principal's request and verify their correctness and validity.
Usually, an application will allow for one or more capabilities for users or agents to sign on. However, it's also quite common, especially in widely available applications, to allow for multiple ...