Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

SEC-1644: ProviderManager is copying wrong authentication #1885

spring-issuemaster opened this Issue Dec 23, 2010 · 1 comment


None yet
1 participant

Arnt Vegard (Migrated from SEC-1644) said:

In the org.springframework.security.providers.ProviderManager.doAuthentication(Authentication authentication) method has reversed the order of the input arguments of the copyDetails(). The doAuthentication is calling the copyDetails() with the args dest, source whilst the copyDetails() is declared having input args source, dest

Luke Taylor said:

Where are you seeing this? I can't see any problem with the existing code:

if (result != null) {
     copyDetails(authentication, result);


private void copyDetails(Authentication source, Authentication dest) {


As far as I can see, it's been that way since at least 2.0.4:


@spring-issuemaster spring-issuemaster added this to the 3.1.0.RC1 milestone Feb 5, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment