The default implementation of AuthenticationManager is ProviderManager:
public class ProviderManager implements AuthenticationManager
A ProviderManager typically depends on a number of list of authentication providers to check for authentication. It is sufficient if one of the authentication providers returns a successful authentication.
The following code shows an extract from ProviderManager:
for (AuthenticationProvider provider: getProviders()) {
result = provider.authenticate(authentication);
if (result != null) {
copyDetails(authentication, result);
break;
}
}