SEC-1537: Remove use of reflection in AuthenticationDetailsSource implementations #1779

Closed
spring-issuemaster opened this Issue Aug 12, 2010 · 1 comment

1 participant

@spring-issuemaster

Luke Taylor (Migrated from SEC-1537) said:

Writing a custom AuthenticationDetailsSource is trivial if the use of a custom object is desired. The current approach of allowing the injection of a class type and then searching for a constructor which takes a single argument of the context type (e.g. HttpServletRequest in web applications) is unnecessarily complicated, offers no type safety and doesn't really offer any gains over implementing AuthenticationDetailsSource directly.

@spring-issuemaster

Luke Taylor said:

Removed in WebAuthenticationDetailsSource which now returns a plain WebAuthenticationDetails. Implement AuthenticationDetailsSource directly and inject that if an alternative is required.

@spring-issuemaster spring-issuemaster added this to the 3.1.0.M1 milestone Feb 5, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment