请参阅我对 Spring Security和外部申请Authen （Single-sign-on）和配置Spring Security 3.x以拥有多个入口点。您需要创建两个令牌（一个可以是默认的 UsernamePasswordAuthenticationToken ，第二个可以是您的自定义 MembershipPasswordAuthenticationToken UsernamePasswordAuthenticationToken 扩展 AbstractAuthenticationToken ）。由于一个身份验证提供程序可以支持多个标记，因此可以在您的提供程序中编写逻辑例如，如果传入令牌的类是 MembershipPasswordAuthenticationToken ，则调用webservice来获取电子邮件。

In my grails application I'm using spring security plugin to handle authentication using email and password of a user.

Now I need to integrate my application with an external system which works on membership number and password.

In 2nd scenario I want to authenticate user by asking them their membership number and password call an external web-service fetch their information like email and authenticate them in my current application.

So effectively user can either use directly their email address and password combination or membership number and password combination to authenticate them selves.

Any suggestion how I can achieve this ... thanks in advance :-)

Please see my answers to Spring Security and External Application for Authentication (Single-sign-on) and Configuring Spring Security 3.x to have multiple entry points. You need to create two tokens (one can be the default UsernamePasswordAuthenticationToken and second could be your custom MembershipPasswordAuthenticationToken (basically a duplicate of UsernamePasswordAuthenticationToken extending AbstractAuthenticationToken). Since one authentication provider can support more than one token, you can write logic in your provider to check class of token and do appropriate authentication. For example, if incoming token is of class MembershipPasswordAuthenticationToken then call webservice to get email.