Spring Security
  1. Spring Security
  2. SEC-1486 Generify AuthenticationDetailsSource
  3. SEC-1538

Reduce number of pre-authenticated AuthenticationDetails implementations

    Details

    • Type: Sub-task Sub-task
    • Status: Closed
    • Priority: Major Major
    • Resolution: Complete
    • Affects Version/s: None
    • Fix Version/s: 3.1.0.M1
    • Component/s: Core, Web
    • Labels:
      None

      Description

      I don't believe we need PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails and PreAuthenticatedGrantedAuthoritiesAuthenticationDetails. If they are used at all it is a minority of situations where a custom implementation should be used. Pre-authentication is part of the web module and assumes a dependency on the servlet API, so these extra implementations seem largely redundant.

        Issue Links

          Activity

          Hide
          Luke Taylor added a comment -

          Most of the non-web classes seem to be there only to prop-up the WebSphere2SpringSecurityPropagationInterceptor class (which has somehow slipped into the web module). Rather than remove this immediately, I've deprecated it, along with the supporting classes. Setting up a security context for use by a bean shouldn't be something that is only available for websphere and it has wider applicability (for example setting up the invocation of an external service with a particular set of credentials). There is also an overlap with the concept of a "run-as" user.

          Show
          Luke Taylor added a comment - Most of the non-web classes seem to be there only to prop-up the WebSphere2SpringSecurityPropagationInterceptor class (which has somehow slipped into the web module). Rather than remove this immediately, I've deprecated it, along with the supporting classes. Setting up a security context for use by a bean shouldn't be something that is only available for websphere and it has wider applicability (for example setting up the invocation of an external service with a particular set of credentials). There is also an overlap with the concept of a "run-as" user.
          Hide
          Luke Taylor added a comment -

          See SEC-1539 for planned replacement of WebSphere2SpringSecurityPropagationInterceptor.

          Show
          Luke Taylor added a comment - See SEC-1539 for planned replacement of WebSphere2SpringSecurityPropagationInterceptor.

            People

            • Assignee:
              Luke Taylor
              Reporter:
              Luke Taylor
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: