We should go through the Authentication documentation and ensure that we explain that UserDetailsService can be published as a Bean (optionally PasswordEncoder) and they will automatically create an AuthenticationManager.
The documentation should also state that if AuthenticationProvider is provided as a Bean it will be used rather than a UserDetailsService.
If the user wants the most power an AuthenticationManager can be published as a Bean.
If specific Authentication needs to be on specific HttpSecurity it can be provided on the DSL.