SEC-1644: ProviderManager is copying wrong authentication #1885

Closed
spring-issuemaster opened this Issue Dec 23, 2010 · 1 comment

1 participant

@spring-issuemaster

Arnt Vegard (Migrated from SEC-1644) said:

In the org.springframework.security.providers.ProviderManager.doAuthentication(Authentication authentication) method has reversed the order of the input arguments of the copyDetails(). The doAuthentication is calling the copyDetails() with the args dest, source whilst the copyDetails() is declared having input args source, dest

@spring-issuemaster

Luke Taylor said:

Where are you seeing this? I can't see any problem with the existing code:

if (result != null) {
     copyDetails(authentication, result);

...

private void copyDetails(Authentication source, Authentication dest) {

...
}

As far as I can see, it's been that way since at least 2.0.4:

http://static.springsource.org/spring-security/site/xref/org/springframework/security/providers/ProviderManager.html#191

@spring-issuemaster spring-issuemaster added this to the 3.1.0.RC1 milestone Feb 5, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment