Skip to content

SubjectDnX509PrincipalExtractor should update to getSubjectX500Principal #16980

New issue
New issue
Closed
#16984
Closed
SubjectDnX509PrincipalExtractor should update to getSubjectX500Principal#16980
#16984
Assignees
jzheauxfranticticktick
Labels
in: webAn issue in web modules (web, webmvc)status: duplicateA duplicate of another issuetype: enhancementA general enhancement
@jzheaux

Description

@jzheaux
jzheaux
opened on Apr 22, 2025

Recent versions of Java state that getSubjectDn should no longer be used:

/**
  * @deprecated Use {@link #getSubjectX500Principal} instead. This method
  * returns the {@code subject} as an implementation specific
  * {@code Principal} object, which should not be relied upon by portable
  * code.
  */

However, since getSubjectDn is abstract, applications may be relying on provider implementations. For example, Bouncycastle returns an org.bouncycastle.jce.X509Principal instance for getSubjectDn and a javax.security.auth.x500.X500Principal for getSubjectX500Principal.

For this reason, we should add a toggle for this value, something like:

boolean extractPrincipalNameFromX500Principal = false;

This default would change to true in Spring Security 8.

Metadata

Metadata

Assignees

Labels

in: webAn issue in web modules (web, webmvc)status: duplicateA duplicate of another issuetype: enhancementA general enhancement

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions