SEC-3200: Provide a securty:jee-simple element which wraps as little as possible #3359
Labels
in: web
An issue in web modules (web, webmvc)
status: declined
A suggestion or change that we don't feel we should currently apply
type: enhancement
A general enhancement
type: jira
An issue that was migrated from JIRA
Michael Osipov (Migrated from SEC-3200) said:
Currently the preauth chain wraps information in a
User
objects which defeats the use of the originalrequest#getUserPrincipal
. It would be helpful if asecurity:jee-simple
(mutually exclusive withsecurity:jee
) would wrap minimally and pass the original pricipal along with the createdPreAuthenticatedAuthenticationToken
result.As far as I can see, one would need to change the following spots:
Copy
J2eePreAuthenticatedProcessingFilter
toJeeSimplePreAuthenticatedProcessingFilter
and change:Copy
PreAuthenticatedAuthenticationProvider
toSimplePreAuthenticatedAuthenticationProvider
and change#authenticate()
:PreAuthenticatedGrantedAuthoritiesUserDetailsService
would not be used.This is related to SEC-3199 and would bring the behavior on par with it.
The text was updated successfully, but these errors were encountered: