Spring Security Consider merging AuthenticationManager and AuthenticationProvider

We should consider merging AuthenticationManager and AuthenticationProvider into a single interface, since both APIs are almost identical.

We should also consider introducing a more generalized API, for example, Authenticator, and discontinue usage of AuthenticationManager and AuthenticationProvider.

Related gh-13266, gh-11428

Comment From: asaikali

It would be nice to make sure that the javadocs for the AuthenticationManager and AuthenticationProvider are updated with commentary that explains the differences between these interfaces. For the simplification effort would be great to have docs that explain the why behind the decisions that are easy to find.

Comment From: jzheaux

Is this a duplicate of https://github.com/spring-projects/spring-security/issues/11428? If not, it should probably at least be referenced in the description, as you've done in the other Improve Usability tickets.

Comment From: jgrandja

@jzheaux It's not a duplicate. I referenced it in the description as it is related.

Comment From: abccbaandy

Agree, as an user, it's very unintuitive to have two different name but do the almost same thing class.

Also please consider AuthorizationManager when you design the new api, I think Authorization and Authentication should have the same naming and the same api, at least should looks almost the same.