Luke Taylor (Migrated from SEC-1537) said:
Writing a custom AuthenticationDetailsSource is trivial if the use of a custom object is desired. The current approach of allowing the injection of a class type and then searching for a constructor which takes a single argument of the context type (e.g. HttpServletRequest in web applications) is unnecessarily complicated, offers no type safety and doesn't really offer any gains over implementing AuthenticationDetailsSource directly.
Luke Taylor said:
Removed in WebAuthenticationDetailsSource which now returns a plain WebAuthenticationDetails. Implement AuthenticationDetailsSource directly and inject that if an alternative is required.