Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SEC-3200: Provide a securty:jee-simple element which wraps as little as possible #3359

Closed
spring-projects-issues opened this issue Jan 21, 2016 · 2 comments
Closed

SEC-3200: Provide a securty:jee-simple element which wraps as little as possible #3359

spring-projects-issues opened this issue Jan 21, 2016 · 2 comments
Assignees
@jgrandja
Labels
in: web An issue in web modules (web, webmvc) status: declined A suggestion or change that we don't feel we should currently apply type: enhancement A general enhancement type: jira An issue that was migrated from JIRA

Comments

@spring-projects-issues
Copy link

Michael Osipov (Migrated from SEC-3200) said:

Currently the preauth chain wraps information in a User objects which defeats the use of the original request#getUserPrincipal. It would be helpful if a security:jee-simple (mutually exclusive with security:jee) would wrap minimally and pass the original pricipal along with the created PreAuthenticatedAuthenticationToken result.

As far as I can see, one would need to change the following spots:

Copy J2eePreAuthenticatedProcessingFilter to JeeSimplePreAuthenticatedProcessingFilter and change:

protected Object getPreAuthenticatedPrincipal(HttpServletRequest httpRequest) {
    Object principal = httpRequest.getUserPrincipal();
    if (logger.isDebugEnabled()) {
        logger.debug("PreAuthenticated J2EE principal: " + principal);
    }
    return principal;
}

Copy PreAuthenticatedAuthenticationProvider to SimplePreAuthenticatedAuthenticationProvider and change #authenticate():

{
 // Copy authentication authentication to result, no user details service necessary
}

PreAuthenticatedGrantedAuthoritiesUserDetailsService would not be used.

This is related to SEC-3199 and would bring the behavior on par with it.
@spring-projects-issues spring-projects-issues added Samples in: web An issue in web modules (web, webmvc) type: enhancement A general enhancement type: jira An issue that was migrated from JIRA labels Feb 5, 2016
@rwinch rwinch added in: docs An issue in Documentation or samples and removed Open labels May 3, 2019
@michael-o
Copy link
Contributor

Is there any remedy to the issue after five years?

@jgrandja
Copy link
Contributor

jgrandja commented Jun 7, 2021

@michael-o This would be a new feature enhancement:

Copy J2eePreAuthenticatedProcessingFilter to JeeSimplePreAuthenticatedProcessingFilter ...

Given that this issue is quite old and there has been no activity on it, I'm going to close this since there is no demand for adding this new feature.

For further context, please see this comment.

@jgrandja jgrandja closed this as completed Jun 7, 2021
@jgrandja jgrandja self-assigned this Jun 7, 2021
@jgrandja jgrandja added status: declined A suggestion or change that we don't feel we should currently apply and removed in: docs An issue in Documentation or samples labels Jun 7, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jgrandja jgrandja

Labels
in: web An issue in web modules (web, webmvc) status: declined A suggestion or change that we don't feel we should currently apply type: enhancement A general enhancement type: jira An issue that was migrated from JIRA
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@rwinch @michael-o @jgrandja @spring-projects-issues