Johannes Scharf (Migrated from SEC-1596) said:
We need to update SLF4J'S MDC with information from the current Authentication object.
For this we've developed a ThreadLocal based SecurityContextHolderStrategy which updates the MDC as required.
Unfortunately all implementations of SecurityContextHolderStrategy are final and package-private and therefore not open for extension. We had to copy and paste the code from ThreadLocalSecurityContextHolderStrategy.
I don't know if there's any good reason for that - if not it would be very handy for developers, who need to provide their own implementations, to make these classes extendable.
Johannes Scharf said:
This also applies to Spring Security 2.0.6.
Luke Taylor said:
The intended integration point here is the interface. The implementations are all very simple so I don't really think there's a lot to be gained by making them public and encouraging inheritance.