Spring Security
  1. Spring Security
  2. SEC-1644

ProviderManager is copying wrong authentication

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Minor Minor
    • Resolution: Invalid
    • Affects Version/s: 2.0.5, 2.0.6
    • Fix Version/s: 3.1.0.RC1
    • Component/s: None
    • Labels:
      None

      Description

      In the org.springframework.security.providers.ProviderManager.doAuthentication(Authentication authentication) method has reversed the order of the input arguments of the copyDetails(). The doAuthentication is calling the copyDetails() with the args dest, source whilst the copyDetails() is declared having input args source, dest

        Activity

        Hide
        Luke Taylor added a comment - - edited

        Where are you seeing this? I can't see any problem with the existing code:

        if (result != null) {
        copyDetails(authentication, result);
        ...

        private void copyDetails(Authentication source, Authentication dest)

        { ... }

        As far as I can see, it's been that way since at least 2.0.4:

        http://static.springsource.org/spring-security/site/xref/org/springframework/security/providers/ProviderManager.html#191

        Show
        Luke Taylor added a comment - - edited Where are you seeing this? I can't see any problem with the existing code: if (result != null) { copyDetails(authentication, result); ... private void copyDetails(Authentication source, Authentication dest) { ... } As far as I can see, it's been that way since at least 2.0.4: http://static.springsource.org/spring-security/site/xref/org/springframework/security/providers/ProviderManager.html#191

          People

          • Assignee:
            Luke Taylor
            Reporter:
            Arnt Vegard
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: