SEC-1537: Remove use of reflection in AuthenticationDetailsSource implementations #1779

spring-issuemaster opened this Issue Aug 12, 2010 · 1 comment


None yet

1 participant


Luke Taylor (Migrated from SEC-1537) said:

Writing a custom AuthenticationDetailsSource is trivial if the use of a custom object is desired. The current approach of allowing the injection of a class type and then searching for a constructor which takes a single argument of the context type (e.g. HttpServletRequest in web applications) is unnecessarily complicated, offers no type safety and doesn't really offer any gains over implementing AuthenticationDetailsSource directly.


Luke Taylor said:

Removed in WebAuthenticationDetailsSource which now returns a plain WebAuthenticationDetails. Implement AuthenticationDetailsSource directly and inject that if an alternative is required.

@spring-issuemaster spring-issuemaster added this to the 3.1.0.M1 milestone Feb 5, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment