in security namespace :
1. is it possible to declare multiple <authentication-manager> in one web application?
2. if we have multiple authentication provider, how will spring security know which authentication-provider to use?
3. Everybody stores user data in database, does this mean the recommended best practice is to use jdbc-user-service instead of user-service-ref?