SEC-1596: Make SecurityContextHolderStrategy implementations extendable #1835

spring-issuemaster opened this Issue Oct 20, 2010 · 2 comments


None yet

1 participant


Johannes Scharf (Migrated from SEC-1596) said:

We need to update SLF4J'S MDC with information from the current Authentication object.
For this we've developed a ThreadLocal based SecurityContextHolderStrategy which updates the MDC as required.

Unfortunately all implementations of SecurityContextHolderStrategy are final and package-private and therefore not open for extension. We had to copy and paste the code from ThreadLocalSecurityContextHolderStrategy.

I don't know if there's any good reason for that - if not it would be very handy for developers, who need to provide their own implementations, to make these classes extendable.


Johannes Scharf said:

This also applies to Spring Security 2.0.6.


Luke Taylor said:

The intended integration point here is the interface. The implementations are all very simple so I don't really think there's a lot to be gained by making them public and encouraging inheritance.

@spring-issuemaster spring-issuemaster added this to the 3.1.0.M2 milestone Feb 5, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment