Having the details set on an Authentication object is a standard process in spring-security. This is something that the class which creates the AUthentication Token is responsible for.
For example, in UsernamePasswordAuthenticationFilter:
85: UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(username, password);
95: setDetails(request, authRequest);
97: return this.getAuthenticationManager().authenticate(authRequest);
This is done in three lines.
But the current implementation of SpringSecurityLoginCommand simply creates the token and authenticates with it, it never sets the details:
Authentication authentication = this.authManager.authenticate(new UsernamePasswordAuthenticationToken(username, extractPassword(credentials)));
It would be nice if it could be enhanced like so to set a meaningful details object:
protected AuthenticationDetailsSource authenticationDetailsSource = new WebAuthenticationDetailsSource();
UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(username, extractPassword(credentials));
Authentication authentication = getAuthManager().authenticate(authRequest);