Spring Security A 'fall-through' AuthenticationEntryPoint for supporting multiple authentication providers for single URL

Expected Behavior

Is it possible to make a 'fall-through' AuthenticationEntryPoint in case one AuthenticationManager returns an invalid code, so, for example, in case of missing OAuth2 token, we can let Basic Auth AuthenticationManager inspect the password, and if that also fails, we can support additional authentication method(s)?

Current Behavior

I am not sure if this is possible, I am asking for advice.

Context

I am following https://docs.spring.io/spring-security/reference/servlet/configuration/java.html#_multiple_httpsecurity_instances to expose different authentication methods for my API. I have to support at least 3 methods: Basic Auth, OAuth2 Resource Server (JWT/Bearer) and a custom one. However, the example I linked to only suggests how to support different authentication methods on different URLs which is the exact opposite of what I'm trying to achieve.

Comment From: marcusdacoregio

Hi, @krezovic, thanks for reaching out.

You can easily specify multiple authentication mechanisms in a filter chain, as you can see in this example in the documentation, it is using both HTTP Basic and Form Login.

It feels like this is a question that would be better suited to Stack Overflow. We prefer to use GitHub issues only for bugs and enhancements. Feel free to update this issue with a link to the re-posted question (so that other people can find it) or add more detail if you feel this is a genuine bug.