Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

SEC-1857: ContextPropagatingRemoteInvocation does not correctly propagate the principal #2092

spring-issuemaster opened this Issue Nov 10, 2011 · 1 comment


None yet
1 participant

Wayne Robinson (Migrated from SEC-1857) said:

ContextPropagatingRemoteInvocation was changed so that the principal and credentials were propagated via the toString method (see https://jira.springsource.org/browse/SEC-1741), as follows:

principal = currentUser.getPrincipal().toString();
credentials = currentUser.getCredentials().toString();

However, this only works if the toString method actually returns the principals name and in the case of principal of type org.springframework.security.core.userdetails.User it returns a description of the User object, not the name.

I suggest the solution is as follows (it works for me at least):

principal = currentUser.getName();
credentials = currentUser.getCredentials().toString();

Any more info required just let me know.

Luke Taylor said:

This seems like a good idea. I've made the suggested change.

@spring-issuemaster spring-issuemaster added this to the 3.1.0 milestone Feb 5, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment