SEC-1008: UserDetailsChecker.check(UserDetails, Authentication) or UserDetailsChecker.check(UserDetails, Object authenticationDetails) (on your taste) #1260

Closed
spring-issuemaster opened this Issue Oct 14, 2008 · 1 comment

1 participant

@spring-issuemaster

Gerr Magnus Mes (Migrated from SEC-1008) said:

Please, add Authentication (or authenticationDetails ) parameter to UserDetailsChecker.check(..) method. I need remote address for some sort checks.

@spring-issuemaster

Luke Taylor said:

I think this would ultimately be a misplacement of authentication logic which should probably go in an extended AuthenticationProvider. This interface is intended for simple checking of persistent data (for locked flags etc). Changing it would break existing implementations and it is also used from situations where an Authentication object isn’t actually available.

@spring-issuemaster spring-issuemaster added this to the 3.0.0 M1 milestone Feb 5, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment