SEC-1954: DaoAuthenticationProvider.retrieveUser should not be final #2180

Closed
spring-issuemaster opened this Issue Apr 26, 2012 · 2 comments

2 participants

@spring-issuemaster

Andy O'Neill (Migrated from SEC-1954) said:

Javadocs claim that this method is protected, but it is actually protected final. This is also in contradiction with the javadoc comment:
"Allows subclasses to actually retrieve the UserDetails from an implementation-specific location, with the option of throwing an AuthenticationException immediately if the presented credentials are incorrect (this is especially useful if it is necessary to bind to a resource as the user in order to obtain or generate a UserDetails)."

http://static.springsource.org/spring-security/site/docs/3.0.x/apidocs/

@spring-issuemaster

Luke Taylor said:

The Javadoc says:

"Description copied from class: AbstractUserDetailsAuthenticationProvider"

so it refers to the base class. You should extend that class if you want to provide a custom implementation.

@spring-issuemaster

Rob Winch said:

As Luke mentioned, this indicates the documentation is from the superclass

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment