Spring Security
  1. Spring Security
  2. SEC-1954

DaoAuthenticationProvider.retrieveUser should not be final

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Minor Minor
    • Resolution: Invalid
    • Affects Version/s: 3.0.7
    • Fix Version/s: None
    • Component/s: Core
    • Labels:
      None

      Description

      Javadocs claim that this method is protected, but it is actually protected final. This is also in contradiction with the javadoc comment:
      "Allows subclasses to actually retrieve the UserDetails from an implementation-specific location, with the option of throwing an AuthenticationException immediately if the presented credentials are incorrect (this is especially useful if it is necessary to bind to a resource as the user in order to obtain or generate a UserDetails)."

      http://static.springsource.org/spring-security/site/docs/3.0.x/apidocs/

        Activity

        Hide
        Luke Taylor added a comment -

        The Javadoc says:

        "Description copied from class: AbstractUserDetailsAuthenticationProvider"

        so it refers to the base class. You should extend that class if you want to provide a custom implementation.

        Show
        Luke Taylor added a comment - The Javadoc says: "Description copied from class: AbstractUserDetailsAuthenticationProvider" so it refers to the base class. You should extend that class if you want to provide a custom implementation.
        Hide
        Rob Winch added a comment -

        As Luke mentioned, this indicates the documentation is from the superclass

        Show
        Rob Winch added a comment - As Luke mentioned, this indicates the documentation is from the superclass

          People

          • Assignee:
            Rob Winch
            Reporter:
            Andy O'Neill
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: