2FA enabled fallback authentication (using Spring Security)

From time to time, legacy systems (A.K.A. the stuff that successfully runs the enterprise business world :)) need a breath of fresh air. One such system, running healthcare processes for a big Croatian hospital was in need of a fresh new authentication module. Now, this is a story all about how the system’s life got flipped-turned upside downAnd I liked to take a minute just sit right thereI'll tell you how it got a new auth module right out of thin air :)The current user/password auth module worked but had serio.., erm, some downsides. Also, the IT department did not want to introduce a full-fledged central auth solution (such as the fabulous Red Hat Keycloak), so we had to be creative. The request was simple - the primary auth method had to be 2FA (X509 on smartcards), and a fallback auth method had to be implemented (for the staff that does not have smartcards) - also 2FA enabled. As it turns out, with a bit of digging and setting up Spring Security in a certain way, the new auth module came to be in less than a week.