Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SEC-1537: Remove use of reflection in AuthenticationDetailsSource implementations #1779

spring-issuemaster opened this issue Aug 12, 2010 · 1 comment


Copy link

@spring-issuemaster spring-issuemaster commented Aug 12, 2010

Luke Taylor (Migrated from SEC-1537) said:

Writing a custom AuthenticationDetailsSource is trivial if the use of a custom object is desired. The current approach of allowing the injection of a class type and then searching for a constructor which takes a single argument of the context type (e.g. HttpServletRequest in web applications) is unnecessarily complicated, offers no type safety and doesn't really offer any gains over implementing AuthenticationDetailsSource directly.


This comment has been minimized.

Copy link

@spring-issuemaster spring-issuemaster commented Aug 13, 2010

Luke Taylor said:

Removed in WebAuthenticationDetailsSource which now returns a plain WebAuthenticationDetails. Implement AuthenticationDetailsSource directly and inject that if an alternative is required.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet
1 participant
You can’t perform that action at this time.